Tutor
•
5 Messages
Link Local IP in a NATd home network
I have 3 H24 receivers in my home network wired to my router, none of them have Whole-Home authorized. Each of them has a Link-Local IP address in the (example) 169.254.x.x address range, and they try to chat on the network as noted in logs of one of my computer's software firewall. Since Whole-Home is not authorized I wonder why Link-Local is set and why they still try to chat with each other and attempt authentication to 239.255.255.250:1900 - given that they are not in a NATd address range then it seems they are exposed to general internet traffic beyond my router's firewall and thus a potential security risk. I need to know what the risk is and how to manage Link-Local settings. Without clear understanding I may need to place severe restrictions on the H24s network activity. My internet provider modem and router are IPV6 with my LAN configured for NAT.
Accepted Solution
Official Solution
goldw1800
ACE - Professor
•
2K Messages
5 years ago
FYI-The Guide information is Pushed (downloaded) from the SAT Signal --the "pictures" related to the guide (information) comes the internet connection.
169.xxx.xxx.xxx is a machine connection in your case your Receivers have no Hard drive and can not share information between them. The reason they have the ability to use the machine connection is because When a DVR is added it will allow the HD Receiver to set recordings from that location to the DVR.
It's setup in the D* software that way because sending units into the field allows it to function in every ones setup -with out any additional steps by the installer or ADMIN for activation.
(edited)
0
0
Accepted Solution
goldw1800
ACE - Professor
•
2K Messages
5 years ago
Because the D* software allows 169.xxx.xxx.xxx. subnet so should any account have WH allowed that's how they connect to view each others play list.
The receivers report Chanel viewed and viewing habits as they have done before the internet was connected. your receivers are not subject to attack you could block all the receivers from the internet thru your firewall if you wish.
0
0
KrasuB00
Tutor
•
5 Messages
5 years ago
Assumed correct... but if WH isn't authorized seems software would know not to connect. Thanks
0
0
shannon02
ACE - Expert
•
21.3K Messages
5 years ago
There is no reason to connect H24 receivers to the internet as they can't use On Demand or start from the beginning as there is no hard drive to buffer the programs or use Whole Home.
0
0
KrasuB00
Tutor
•
5 Messages
5 years ago
I believe a connection to telco or internet is a requirement stated in documentation. Oddly the software on my H24s shows start from beginning and WH options... one size doesn't fit all I guess. The units ability to download the guide seems to work better when connected to the internet although I still see issues with downloading the guide when on an HD channel, switch to SD for 5 minutes and good for another hour. I still consider having a internet routable address within my NAT'd network doesn't seem a good idea, we'll see what happens when I disconnect from network. Thanks
0
0
KrasuB00
Tutor
•
5 Messages
5 years ago
So appears internet connection has benefits to the receiver's operation. Since my firewall has SPI I should be safe from intrusion to the 169.x.x.x addresses - Thanks
0
shannon02
ACE - Expert
•
21.3K Messages
5 years ago
Guide data comes down from the sats always has, DTV started before there was an internet. DTV uses Linux.
The software is made for HDDVRs so of course it has Whole Home and Start from the Beginning but if you try to use it you will get error codes.
0
0
KrasuB00
Tutor
•
5 Messages
5 years ago
Thanks - I've been with DirecTV since before it was DirecTV - Was USSB originally - in those days there was a requirement for a telephone pots line in the installation documentation, the phone line requirement seems to have gone away, previously used for ordering pay-per-view and caller-id and if I recall it was also used to authenticate the access card where the unit would make frequent phone calls home to do that authentication. Does that authentication still take place and is it via the ethernet connection or is the downlink the only authentication path these days?
0
0
goldw1800
ACE - Professor
•
2K Messages
5 years ago
It all takes place over those still connected to a "POTS" line as well as Internet connect --the "POTS" line is no longer enforced as many homes have gone to VOIP or Smart Phones only
0
0
KrasuB00
Tutor
•
5 Messages
5 years ago
All great info that seems to indicate a connection to the outside world via POTS or IP/UDP is needed/required. I guess what triggered my identifying the 169.xxx.xxx.xxx traffic was that my Windows computers' firewalls were trapping queries from the DTV H24 boxes for media exchange via DLNA protocols where the DTV boxes seemed to be probing components on my network. Given the one size fits all programming for the H24 without a hard drive this serves no purpose but reduces the software development for DTV boxes in general, but for myself it is concerning from a network traffic analysis aspect since the DTV boxes are documented as tracking the consumer's (viewing) habits, and this behavior seems to demonstrate that my network is being mapped.
0
0
KrasuB00
Tutor
•
5 Messages
5 years ago
Been away from the desk for a while, sorry to post back slowly.
0
0
goldw1800
ACE - Professor
•
2K Messages
5 years ago
Kinda like using a Smart Phone isn't
0
0