Is Hopper 3 ipaddress public ip?

[jsmit86]

In the last few weeks I have receved several messages from my ISP regarding blocking attempts from Bulgaria, Monaco, and other countries.
Is the ip address public? They are all blocked, but I am wondering if there is anything to do to stop this.

 

[TheKrell]

Is the ip address public?

The actual IP address that the Hopper gets from your router is not a routable address, so "no" that's not public. But the router itself has a WAN port that does have a routable address. It is likely that your WAN address is being probed from various dark corners of the world using the IP address itself and no domain name.

 

[jsmit86]

The actual IP address that the Hopper gets from your router is not a routable address, so "no" that's not public. But the router itself has a WAN port that does have a routable address. It is likely that your WAN address is being probed from various dark corners of the world using the IP address itself and no domain name.

So my router has a public IP address. Yes. But all of these attacks only are aimed at my Hopper. Seems odd. Every one of these blocks from my IP are aimed at my Hopper. Again... seems odd.

 

[Scott Greczkowski]

Unless you opened ports on your router for them to get to your Hopper, I don't think they are trying to attack it.

The attacks are going to your router and if the ports are not open then they are not getting in.

 

[jsmit86]

Unless you opened ports on your router for them to get to your Hopper, I don't think they are trying to attack it.

The attacks are going to your router and if the ports are not open then they are not getting in.

Scott - I appreciate the reply.
I have not opened any ports. The "attack" never gets to the Hopper, because my ISP blocks it. It just seems odd that these probes would be specifically targeting the Hopper.

Thanks again.

 

[b4pjoe]

In the last few weeks I have receved several messages from my ISP regarding blocking attempts from Bulgaria, Monaco, and other countries.

How do you know they are targeting the Hopper?

 

[jsmit86]

How do you know they are targeting the Hopper?

 

[meStevo]

Unless you are providing services or exposing something on your network (running a home server, doing a bunch of other stuff on your LAN w/ PCs, etc) - which would be both unusual and typically hard to do if you don't know what you're doing - this is nothing to worry about and has nothing to do with your Dish hardware.

It's routine for IPs to be probed / scanned from all sorts of countries - the traffic might not even be actually coming from there, and any vectors that have a history of being malicious are sometimes blocked at some level, which is what your ISP is telling you.

 

[b4pjoe]

View attachment 183745

From Google:

• General Concerns with Remote Access: Connecting your Hopper to the internet, while enabling features like Dish Anywhere, also introduces potential security risks if not properly secured.

Do you use Dish Anywhere?

 

[meStevo]

View attachment 183745

Does this notice have the IP that it was attempting to reach?

Without that, we'll never know. It could be an app reaching out to a cdn, it could be an IP that has misconfigured geolocation, lots of stuff. The important thing to know is that this is your Hopper reaching out to these not someone trying to reach into your network, and there are numerous benign reasons for this to happen.

 

[Scott Greczkowski]

View attachment 183745

That shows the Hopper 3 was trying to get to that address. Could be a CDN it was trying to get to.

I can tell you from experience the IP database is NOT correct all the time. If you look up the server we are on now which is in Virginia sometimes the IP lookup shows the server is in Germany.

But no one was trying to break into your hopper.

 

[jsmit86]

From Google:

• General Concerns with Remote Access: Connecting your Hopper to the internet, while enabling features like Dish Anywhere, also introduces potential security risks if not properly secured.

Do you use Dish Anywhere?

Yes I do. Hence the question about the potentially public ip address.

 

[jsmit86]

That shows the Hopper 3 was trying to get to that address. Could be a CDN it was trying to get to.

I can tell you from experience the IP database is NOT correct all the time. If you look up the server we are on now which is in Virginia sometimes the IP lookup shows the server is in Germany.

But no one was trying to break into your hopper.

Scott... the note from the isp identifies an incoming attempt to the Hopper.
Outgoing to malicous sites is on a separate blocked log.
So it's definitely incoming.

I had another thought... I do sometimes use Dish Anywhere, and I know that Dish had some breach a while ago. I don't know if passwords were exposed, but I may go ahead and chage it anyway.

 

[meStevo]

Yeah I misread that, that's a Monaco IP, thought it was 192.

This is a known malicious IP, which is why the software proactively blocked it for you. Scanning for accessible servers and services to exploit is common, and likely is the kind of traffic that was blocked here.

194.165.16.164 - IOC Radar

Find detailed information about 194.165.16.164 with SOCRadar's comprehensive threat database and AI-powered insights.

socradar.io

My firewall has blocked 3400 requests in the past week, and I'm sure that's nothing compared to something like these forums. That 2409 is my Phillips Hue bridge ... hmm ... lol.

There's no reason to be concerned about this. Just a product of being on the internet.

If you want confirmation like this in the future, google the IP it's notifying you about, you'll likely find numerous sites cataloging the risk of that particular IP (because sites like those all rely on similar data when it comes to classifying the IPs, just like the software that is alerting you).