Anyone ever seen fe80 src address trying to access internet port 443?

chrcoluk

Its a phone trying to access what I think is facebook, fe80 link local as src ip, internet IPv6 port 443 as destination.

I thought link local is only supposed to be for local stuff?

JKnott

@chrcoluk

That is unusual. Does that phone have a global IPv6 address?

chrcoluk

@JKnott Unlikely as I deliberately disabled access on my guest network. My own phones on same network, just have link local.

The source address is definitely link local.

I guess android is being android and not honouring normal network practices?

johnpoz

@chrcoluk while they could have something coded wrong - what I can tell you is that would never in a million years work anyway, unless that 2a03 address was local. Which clearly it isn't because if it was - you would of been able to get a mac via NDP.

Clients do dumb shit all the time.. What is the point of a client asking for www.something.com and not getting an answer so try multiple times a second forever going to do? I can see checking if you have internet, but if you don't get an answer from dns the first few times - do you have to keep hammering an hammering.. How about do a backoff, ok no answer - check again in a minute, no answer check again in 5 minutes, still no answer 10, etc.. To maybe where you are checking once an hour..

I had my my internet go down for a while from an outage - and my alexas hammered my local dns millions of times each in a 24 hour period.. I have 5 alexas in my house - It was painful trying to access my pihole, because it millions and millions of log entries to try and parse.

My avr checks to see if it has internet and phones home every freaking minute.. Why? Your not even doing anything with the internet, wouldn't a check once an hour be enough.. Hey you know what if you want your iot device to check home every minute - great fine.. Would it kill you to cache the records your looking for, so your not having to do a dns query every minute because you have no local dns cache. You don't have to cache 10k records, cache 10 or so that you might be using to phone home - clearly you know what those are, your asking for them via dns.

Another thing that bugs me - you have no GUA, you don't even have a ULA - just your link-local, does it make sense to do a AAAA query for every single thing trying to go to in my browser.. What are the odds that www.google.com is going to resolve to a link-local Ipv6 address ;)

JKnott

@johnpoz said in Anyone ever seen fe80 src address trying to access internet port 443?:

Another thing that bugs me - you have no GUA, you don't even have a ULA - just your link-local, does it make sense to do a AAAA query for every single thing trying to go to in my browser.. What are the odds that www.google.com is going to resolve to a link-local Ipv6 address ;)

Also, DNS is not normally used for link local addresses as the addresses are determined from the various ICMP6 traffic.

johnpoz

@JKnott said in Anyone ever seen fe80 src address trying to access internet port 443?:

Also, DNS is not normally used for link local addresses as the addresses are determined from the various ICMP6 traffic.

exactly.. So if there is no gua or ula on a device - then there is zero point to doubling the amount of dns traffic by asking for AAAA when there is no way you could ever go there in the first place without atleast a gua or ula. Lazy coding to be honest..Vs having the dns client validate it could even use an answer if it got one before asking for it.

My AVR asks for these 3 fqdn every minute.. It has no IPv6 - what is the point of it asking for AAAA when it has zero way to get there via the IPv6.

So it out of the box is doing double the amount of dns queries it needs too.. It wouldn't be all that horrible if it would actually cache the response so it only needs to ask say once an hour or so.. But it doesn't so it asks every single minute..

Gertjan

@johnpoz said in Anyone ever seen fe80 src address trying to access internet port 443?:

I have 5 alexas in my house - It was painful trying to access my pihole, because it millions and millions of log entries to try and parse.

My avr checks to see if it has internet and phones home every freaking minute.

So, when your Internet connection goes away, for example when you house is about the be visited by not wanted stranger (equipped with scissors and an all band radio scrambler), in your absence, your own local network has nothing better to do as dossing itself internally, so the very needed camera images won't make it anymore to de DVR (avr) ?

I never met Alexa, but I would put here in here place : the dog house, and if she's not ok with that, a land fill

johnpoz

@Gertjan the alexas can dos my pihole all they want ;) that has zero to do with the cameras talking to the nvr, which is on an isolated network behind the nvr.

And they could cut the power to the house as well. The nvr is on a ups and the cameras are poe - so while it won't last days should be able to get good 30 minutes or so of run time.

Alexas in the landfill, what you have me do touch a light switch like a savage? ;)