That is interesting, yesterday I tried all of them and got no route, but doing as you did gave me what you got. I have got to fire up Wireshark and get the sniffer going on my router again and capture those packets to see what is going on, I know that what I saw was that the system was saying that there was no route available. Let me get the port that was associated with this connection attempts.
On Wed, Jan 5, 2022 at 3:53 PM Ben Koenig <techkoe...@protonmail.com> wrote: > FWIW those are actually up and have ports 80/443 open for web access > according to a zenmap no-ping scan. > > Although accessing them via a browser is a pain. They are using > self-signed certs and appear to be part of their API infrastructure since > simple requests via curl result in redirect http response codes so the > servers are up but it appears they want to limit traffic from most sources. > > It would be kind of odd if they are using HTTP calls to sync the time. > Either way since you mentioned that you don't want to use their cloud > system they are probably safe to block. If you bypass SSL cert checks then > 3.214.34.120 actually brings up a real website. > > -Ben > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Wednesday, January 5th, 2022 at 11:02 AM, Chuck Hast <wch...@gmail.com> > wrote: > > > Going to tear into it. Sorry state of affairs when you cannot > > > > trust the devices in your own home... > > > > On Wed, Jan 5, 2022 at 12:59 PM Russell Senior russ...@personaltelco.net > > > > wrote: > > > > > The FCC internal photos (if I have the right device) suggest it is a > > > > > > marvell SoC. The photos have a sticker over the chip, so I can't > identify > > > > > > it precisely. There is a largish 8-pin SOIC chip in one corner that > looks > > > > > > like serial NOR flash. If you can get the part numbers of the SoC and > the > > > > > > flash, that would help. I don't see an obvious serial console in the > > > > > > photos, but the photos are a bit blurry. > > > > > > On Wed, Jan 5, 2022, 10:46 Chuck Hast wch...@gmail.com wrote: > > > > > > > The radio is a separate module you can plug two of them > > > > > > > > in, a zigbee module and a WiFi module, there are some > > > > > > > > other ones also. I have the Wifi module. I will see which > > > > > > > > one of those it is. I will see how to remove the case from > > > > > > > > the thermostat board and see what is in there beside the > > > > > > > > screen. > > > > > > > > I am going to start a capture again and see what the port > > > > > > > > is, I thought I had saved the previous capture file but when > > > > > > > > I went to open it, could not find it. > > > > > > > > It is either checking different addresses until it finds some > > > > > > > > thing alive or one of those addresses is being activated. > > > > > > > > If I block the address in the router the time stays what I > > > > > > > > have set it to. > > > > > > > > On Tue, Jan 4, 2022 at 9:34 PM Russell Senior < > russ...@personaltelco.net > > > > > > > > wrote: > > > > > > > > > Maybe this? FCC ID: QO8-WIFI-M-0210 > > > > > > > > > > https://fccid.io/QO8-WIFI-M-0210 > > > > > > > > > > On Tue, Jan 4, 2022 at 7:16 PM Russell Senior < > > > > > > > > > > russ...@personaltelco.net > > > > > > > > > wrote: > > > > > > > > > > > Those addresses are all in AWS address space, according to > whois. As > > > > > > > > > > > > a > > > > > > > > > > previous commenter suggested, it might just be NTP. Did you > notice > > > > > > > > > > > > what port the communication was happening over? > > > > > > > > > > > > Have you considered popping the case and seeing if there is a > serial > > > > > > > > > > > > console port on their wifi module? It's reasonably likely it is > > > > > > > > > > > > running some ancient version of linux. Is there an FCC-ID on the > > > > > > > > > > > > case? > > > > > > > > > > On Tue, Jan 4, 2022 at 6:49 PM Chuck Hast wch...@gmail.com > wrote: > > > > > > > > > > > > > Well folks, I was able to get wireshark on the thermostat. I > found > > > > > > > > > > > > > > that it is trying to contact these addresses: > > > > > > > > > > > > > > 54.209.187.172 > > > > > > > > > > > > > > 107.21.255.187 > > > > > > > > > > > > > > 3.214.34.120 > > > > > > > > > > > > > > Right now none are reachable. I am trying to figure out why > this > > > > > > > > > > > > > > thermostat is trying to reach those addresses. > > > > > > > > > > > > > > When I do a whois, they come up as being hosted on Amazon... > > > > > > > > > > > > > > I wonder if one of them comes awake every so often and the > > > > > > > > > > > > > > thermostat gets the connection and receives a TZ change... So > > > > > > > > > > > > > > far I have not been able to catch it doing so. > > > > > > > > > > > > > > When I bought the unit I intentionally did NOT try to use the > > > > > > > > > > > > > > cloud service, I have tried to get proper communications with > > > > > > > > > > > > > > Radio Thermostat but so far only idiots... And they do not have > > > > > > > > > > > > > > a published telephone number. > > > > > > > > > > > > > > On Tue, Jan 4, 2022 at 4:53 PM Chuck Hast wch...@gmail.com > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > More info, this was the reply I got from the manufacturer > > > > > > > > -----------------------SoF------------------------------------------ > > > > > > > > > > > > Radio Thermostat radiothermos...@tstatsupport.com > > > > > > > > > > > > > > > > 1:10 PM (3 hours ago) > > > > > > > > > > > > > > > > to Info, me > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > If you are sure you have a WiFi module in the thermostat > Model - > > > > > > > > > > > > > > > > RTMV-01 > > > > > > > > > > > > > > Then check out the following to see and correct the time > zone so > > > > > > > > > > > > > > > > the > > > > > > > > > > > > > thermostat will have the correct time: > > > > > > > > > > > > > > > > How to change time zone > > > > > > > > > > > > > > > > First go to the web portal via a browser * > > > > > > > > > > > > > > > > https://my.radiothermostat.com/rtcoa/login.html > > > > > > > > > > > > > > https://my.radiothermostat.com/rtcoa/login.html* > > > > > > > > > > > > > > > > (Note you will need to use the desktop version of the web > site) > > > > > > > > > > > > > > > > Then log in and go to the person (then select location) > > > > > > > > > > > > > > > > select the location you want and click edit > > > > > > > > > > > > > > > > Go to the pull down for time zone and select your time zone > > > > > > > > > > > > > > > > Then click save > > > > > > > > > > > -----------------------------------EoF--------------------------------- > > > > > > > > > > > > > This is exactly what I have tried to avoid, I never > registered > > > > > > > > > > > > > > > > the thermostat with their cloud. I have my personal reasons > > > > > > > > > > > > > > > > for not wanting my devices on someone's cloud if I can avoid > > > > > > > > > > > > > > > > it. in this case that is exactly what I have tried to do. > > > > > > > > > > > > > > > > Now meantime, since the thermostat IP is static, I went into > > > > > > > > > > > > > > > > the firewall and set up a rule to drop any packets to/from > > > > > > > > > > > > > > > > the thermostat. No more time change, and I did that well over > > > > > > > > > > > > > > > > and hour ago. I can still control the device on my LAN just > > > > > > > > > > > > > > > > dropping whatever is trying to reach the thermostat. > > > > > > > > > > > > > > > > This brings up the question, of who/what is it? I never > > > > > > > > > > > > > > > > registered the device with their cloud, indeed I bought > > > > > > > > > > > > > > > > it because it was one of the thermostats that did not > > > > > > > > > > > > > > > > require you to use an outside network to access it, (I am > > > > > > > > > > > > > > > > looking at you Honeywell, Nest and all of the rest of the > > > > > > > > > > > > > > > > cloud only based devices). Now to see if I can get Wire > > > > > > > > > > > > > > > > shark on a part of the network that can see that device. > > > > > > > > > > > > > > > > Suspend the rule and try to catch the packet session. > > > > > > > > > > > > > > > > On Tue, Jan 4, 2022 at 9:41 AM Chuck Hast wch...@gmail.com > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > Sorry, should have, not there is not. But the interesting > thing > > > > > > > > > > > > > > > > > > is that as long as it cannot contact the network there is > no > > > > > > > > > > > > > > > > > > time change. I think I am going to go into the firewall and > > > > > > > > > > > > > > > > > > make it drop all packets to/from the device and see what > > > > > > > > > > > > > > > > > > happens. If that takes care of it then maybe allow it to > talk > > > > > > > > > > > > > > > > > > on the LAN but drop anything going to/from it on the WAN > > > > > > > > > > > > > > > > > > side. I would like to see what it is talking to. So far I > have > > > > > > > > > > > > > > > > > > not been able to catch it. > > > > > > > > > > > > > > > > > > On Mon, Jan 3, 2022 at 11:00 PM Erik Lane > erikl...@gmail.com > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > You don't mention this, but since it's always 2 hours, is > > > > > > > > > > > > > > > > > > > > there a > > > > > > > > > time > > > > > > > > > > > > > > > zone > > > > > > > > > > > > > > > > > > > > setting in there that has gotten off? Maybe it's talking > to a > > > > > > > > > > > > > > > > > > > > NTP > > > > > > > > > server? > > > > > > > > > > > > > > > On Mon, Jan 3, 2022 at 8:49 PM Chuck Hast > wch...@gmail.com > > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > Folks, > > > > > > > > > > > > > > > > > > > > > > Not sure where to take this but figured that I would > get more > > > > > > > > > > > > > > > > > > > > > > info here. > > > > > > > > > > > > > > > > > > > > > > I have a RadioThermostat CT80. I have had it now for > several > > > > > > > > > > > > > > > > > > > > > > years. As the summer wound down. I shut down the A/C > and > > > > > > > > > > > > > > > > > > > > > > opened the windows in the house. Then in Nov I needed > to fire > > > > > > > > > > > > > > > > > > > > > > up the heating, all appeared to be well, but I noticed > that > > > > > > > > > > > > > > > > > > > > > > the > > > > > > > > > > > > > > > thermostat clock was 2 hours slow. I set it and a while > > > > > > > > > > > > > > > > > > > > > > later see that it has lost 2 hours again. > > > > > > > > > > > > > > > > > > > > > > I have a home automation system. I checked the logs, > and > > > > > > > > > > > > > > > > > > > > > > contacted the author. He has a CT50 which has fewer > bells > > > > > > > > > > > > > > > > > > > > > > and whistles than mine but same unit. Anyhow he gave me > > > > > > > > > > > > > > > > > > > > > > some guidance, in the end I shut down the HA system > and it > > > > > > > > > > > > > > > > > > > > > > still would drop the 2 hours, I powered the thermostat > down > > > > > > > > > > > > > > > > > > > > > > and removed the WiFi radio, powered it back up, it ran > about > > > > > > > > > > > > > > > > > > > > > > 4 hours (about 3 hours longer) and never dropped the 2 > hours. > > > > > > > > > > > > > > > > > > > > > > Normally it will go between 20 minutes and an hour > after I > > > > > > > > > > > > > > > > > > > > > > have set it to the correct time, then drop back to the > > > > > > > > > > > > > > > > > > > > > > incorrect > > > > > > > > > > > > > > > > time. So this appears to indicated that it is either > > > > > > > > > > > > > > > > > > > > > > something > > > > > > > > > > > > > > > on the network that is doing the time change or > something in > > > > > > > > > > > > > > > > > > > > > > the WiFi radio. > > > > > > > > > > > > > > > > > > > > > > I am trying to sniff the network and see if I can > catch any > > > > > > > > > > > > > > > > > > > > > > weird packets. But this is one I have not done before. > > > > > > > > > > > > > > > > > > > > > > My router is a Mikrotik 2011, and I have been trying > to use > > > > > > > > > > > > > > > > > > > > > > the tools on it to try to monitor the IP address of the > > > > > > > > > > > > > > > > > > > > > > thermo- > > > > > > > > > > > > > > > stat and try to see if it is talking to something > else. So > > > > > > > > > > > > > > > > > > > > > > far > > > > > > > > > > > > > > > no joy. > > > > > > > > > > > > > > > > > > > > > > I am wondering about getting wire shark in there and > trying > > > > > > > > > > > > > > > > > > > > > > to filter those packets that way as I am not having > much luck > > > > > > > > > > > > > > > > > > > > > > with the Mikrotik tools > > > > > > > > > > > > > > > > > > > > > > Any recommendations? > > > > > > > > > > > -------------------- > > > > > > > > > > > > > > > > > > > > > > Chuck Hast -- KP4DJT -- > > > > > > > > > > > > > > > > > > > > > > I can do all things through Christ which strengtheneth > me. > > > > > > > > > > > > > > > > > > > > > > Ph 4:13 KJV > > > > > > > > > > > > > > > > > > > > > > Todo lo puedo en Cristo que me fortalece. > > > > > > > > > > > > > > > > > > > > > > Fil 4:13 RVR1960 > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > > > Chuck Hast -- KP4DJT -- > > > > > > > > > > > > > > > > > > I can do all things through Christ which strengtheneth me. > > > > > > > > > > > > > > > > > > Ph 4:13 KJV > > > > > > > > > > > > > > > > > > Todo lo puedo en Cristo que me fortalece. > > > > > > > > > > > > > > > > > > Fil 4:13 RVR1960 > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > Chuck Hast -- KP4DJT -- > > > > > > > > > > > > > > > > I can do all things through Christ which strengtheneth me. > > > > > > > > > > > > > > > > Ph 4:13 KJV > > > > > > > > > > > > > > > > Todo lo puedo en Cristo que me fortalece. > > > > > > > > > > > > > > > > Fil 4:13 RVR1960 > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > Chuck Hast -- KP4DJT -- > > > > > > > > > > > > > > I can do all things through Christ which strengtheneth me. > > > > > > > > > > > > > > Ph 4:13 KJV > > > > > > > > > > > > > > Todo lo puedo en Cristo que me fortalece. > > > > > > > > > > > > > > Fil 4:13 RVR1960 > > > > > > > > -- > > > > > > > > Chuck Hast -- KP4DJT -- > > > > > > > > I can do all things through Christ which strengtheneth me. > > > > > > > > Ph 4:13 KJV > > > > > > > > Todo lo puedo en Cristo que me fortalece. > > > > > > > > Fil 4:13 RVR1960 > > > > -- > > > > Chuck Hast -- KP4DJT -- > > > > I can do all things through Christ which strengtheneth me. > > > > Ph 4:13 KJV > > > > Todo lo puedo en Cristo que me fortalece. > > > > Fil 4:13 RVR1960 > -- Chuck Hast -- KP4DJT -- I can do all things through Christ which strengtheneth me. Ph 4:13 KJV Todo lo puedo en Cristo que me fortalece. Fil 4:13 RVR1960
