Why is Vera trying to surf to my laptop?

Strange entries in the log. The ip address is my laptop; it’s not running a webserver. Why is Vera trying to load files from it? (V3, 1.5.254)

08 01/19/12 23:15:06.939 JobHandler_LuaUPnP::HandleActionRequest device: 0 service: urn:micasaverde-com:serviceId:HomeAutomationGateway1 action: LogIpRequest <0x2cac5680> 08 01/19/12 23:15:06.939 JobHandler_LuaUPnP::HandleActionRequest argument serviceId=urn:micasaverde-com:serviceId:HomeAutomationGateway1 <0x2cac5680> 08 01/19/12 23:15:06.940 JobHandler_LuaUPnP::HandleActionRequest argument action=LogIpRequest <0x2cac5680> 08 01/19/12 23:15:06.940 JobHandler_LuaUPnP::HandleActionRequest argument IpAddress=192.168.2.14 <0x2cac5680> 08 01/19/12 23:15:06.940 JobHandler_LuaUPnP::HandleActionRequest argument MacAddress=e4:ce:8f:22:78:ba <0x2cac5680> 01 01/19/12 23:15:16.107 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/CgiTagMenu?page=Top&Language=0 <0x2b6c5680> 01 01/19/12 23:15:16.113 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/CgiTagMenu?page=Top&Language=0 <0x2b6c5680> 01 01/19/12 23:15:16.120 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/CgiTagMenu?page=Top&Language=0 <0x2b6c5680> 01 01/19/12 23:15:16.126 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/get_log.cgi <0x2b6c5680> 01 01/19/12 23:15:16.133 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/get_log.cgi <0x2b6c5680> 01 01/19/12 23:15:16.139 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/get_log.cgi <0x2b6c5680> 01 01/19/12 23:15:16.146 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/top.htm <0x2b6c5680> 01 01/19/12 23:15:16.153 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/top.htm <0x2b6c5680> 01 01/19/12 23:15:16.159 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/top.htm <0x2b6c5680> 01 01/19/12 23:15:16.166 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/index.html <0x2b6c5680> 01 01/19/12 23:15:16.172 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/index.html <0x2b6c5680> 01 01/19/12 23:15:16.177 FileUtils::ReadURL 7/resp:0 size 0 http://192.168.2.14/index.html <0x2b6c5680>

And then shortly after load the same pages from another private address (one that doesn’t exist and hasn’t ever existed on my network):

08 01/19/12 23:16:20.437 JobHandler_LuaUPnP::HandleActionRequest device: 0 service: urn:micasaverde-com:serviceId:HomeAutomationGateway1 action: LogIpRequest <0x2cac5680> 08 01/19/12 23:16:20.437 JobHandler_LuaUPnP::HandleActionRequest argument serviceId=urn:micasaverde-com:serviceId:HomeAutomationGateway1 <0x2cac5680> 08 01/19/12 23:16:20.438 JobHandler_LuaUPnP::HandleActionRequest argument action=LogIpRequest <0x2cac5680> 08 01/19/12 23:16:20.438 JobHandler_LuaUPnP::HandleActionRequest argument IpAddress=172.20.83.6 <0x2cac5680> 08 01/19/12 23:16:20.438 JobHandler_LuaUPnP::HandleActionRequest argument MacAddress=60:c5:47:59:b6:f2 <0x2cac5680> 01 01/19/12 23:16:35.107 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/CgiTagMenu?page=Top&Language=0 <0x2b6c5680> 01 01/19/12 23:16:40.123 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/CgiTagMenu?page=Top&Language=0 <0x2b6c5680> 01 01/19/12 23:16:45.129 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/CgiTagMenu?page=Top&Language=0 <0x2b6c5680> 01 01/19/12 23:16:50.135 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/get_log.cgi <0x2b6c5680> 01 01/19/12 23:16:55.141 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/get_log.cgi <0x2b6c5680> 01 01/19/12 23:17:00.148 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/get_log.cgi <0x2b6c5680> 01 01/19/12 23:17:05.154 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/top.htm <0x2b6c5680> 01 01/19/12 23:17:10.160 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/top.htm <0x2b6c5680> 01 01/19/12 23:17:15.168 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/top.htm <0x2b6c5680> 01 01/19/12 23:17:20.173 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/index.html <0x2b6c5680> 01 01/19/12 23:17:25.180 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/index.html <0x2b6c5680> 01 01/19/12 23:17:30.186 FileUtils::ReadURL 28/resp:0 size 0 http://172.20.83.6/index.html <0x2b6c5680>

Very strange. Any ideas, anyone?

Hackers from China trying to control your lighting? ;D

Vera listens for DHCP info and, when it sees this, it attempts to identify the device on the other end.

Eg. Cameras, GC100 etc.

It does this using various URL and response patterns… It also (unforunately) keeps some of this data (like MAC addresses of your gear) inside its config … In the JSON. Just a heads up on the latter as that’s usually the next shocker for people…

That’s obviously not the whole story, as no DHCP from 172.16/20 has been configured on this network.

that's usually the next shocker for people...
Sheesh. Ya think?

Say, does Vera have a play-nicely mode? One where it doesn’t log every time my front door opens and when my bedroom light comes on? One where it doesn’t open encrypted tunnels to a server in Khazakstan? One where it doesn’t perform penetration attacks against every computer on my network (and against some that aren’t, apparently)?

Ah - yes it does! Safe mode is the mode activated every time you pull the power cord out of the back! Got it!

172.16/12 is the lesser-known cousin of 192.168/16 and 10/8. See RFC 1918.

Vera uses 172.16 on its LAN interface if it is configured to offer DHCP leases. Since the scanning that @guessed mentioned is built into a modified dnsmasq (the DHCP server) the address escapes sometimes.

Edit: or something like that. I made sure to block DHCP at the router from getting to my Vera, so I don’t see them now. It was messing with an Arduino doing DHCP elsewhere on my network, sending it unsolicited HTTP requests.

This vera uses 192.168.81/24 on its LAN interface. Definitely no 172.16/12 (per RFC1918, obviously, not withstanding my typo). So if it’s handing out leases in other private address spaces, that’s another bug. Quite some net vandal, isn’t it?

In case anyone is still subscribed here, is there a way to stop these occasional interrogations of devices on my private LAN, and if so, what side effects would be caused by turning them off? They are worrisome and seemingly pointless. Thanks.

It’s being talked about here.

Thanks, futzle. Much appreciated. Now to figure out why I’m not getting forum notify emails any more.