Hello,
I discovered that the Home Assistant is communicating with third party servers like 125.64.94.197 which seems to be located in China.
What do you know about this? Why is it happening? Do you have any useful informations or links about this?
And, in the end, is there a known solution for this? I’m thinking about filtering the network communication.
Thank you!
Home Assistant does communicate with some outside servers to pull data. It is very dependent on what components you are running.
If you use Chinese switches for example and they don’t offer local control, Home Assistant needs to communicate with the server the switch communicates with to get the state.
I don’t use any Chinese switch, I freshly installed hass and I ran tcptrack. I’m concerned about the data privacy, I’m not sure what data is transmitted or if it’s just pulling or also sending.
I have a dev instance of Hassio that doesn’t have anything loaded right now. I ran packet capture on my router and restarted it to see what its communicating with. Everything looks normal. Nothing for the IP your referenced.
What components do you have loaded?
Two outside calls were made:
alphyn.canonical.com.ntp
151.101.192.223 (Pypi)
Im going to run another now that startup is done and see what else is transmitted.
Edit: Do you have a port open on your router? If so, this is likely a port scanner, its going to happen constantly.
Ok ran two more packet captures in Pfsense.
First came up blank - i.e. 0 traffic.
Second had one packet which was just internal broadcast traffic NetBIOS Name Service
Im guessing this is a component you have loaded or an external scanner. You should be able to understand the difference in your logs.
When I first started in HA I recorded all of my traffic to/from HA for awhile (days) and there was nothing out of the ordinary. Haven’t done it recently but It appears nothing has changed.
The output from tcptrack :
125.64.94.201:51462 192.168.100.14:8123 ESTABLISHED 75m 0 B/s
89.248.174.3:51423 192.168.100.14:8123 ESTABLISHED 97m 0 B/s
202.107.227.42:34063 192.168.100.14:8123 ESTABLISHED 53m 0 B/s
125.64.94.197:58412 192.168.100.14:8123 ESTABLISHED 40m 0 B/s
219.135.194.73:51254 192.168.100.14:8123 ESTABLISHED 3s 0 B/s
104.131.144.240:59484 192.168.100.14:8123 ESTABLISHED 44m 0 B/s
192.168.100.37:57646 192.168.100.14:22 ESTABLISHED 53s 0 B/s
103.207.39.173:22 192.168.100.14:8123 ESTABLISHED 64m 0 B/s
2.154.38.235:49371 192.168.100.14:8123 ESTABLISHED 92m 0 B/s
185.253.157.104:32767 192.168.100.14:8123 ESTABLISHED 84m 0 B/s
107.170.230.222:44769 192.168.100.14:8123 ESTABLISHED 68m 0 B/s
149.28.62.36:34873 192.168.100.14:8123 ESTABLISHED 36m 0 B/s
104.131.144.218:35217 192.168.100.14:8123 ESTABLISHED 88m 0 B/s
104.131.146.22:33289 192.168.100.14:8123 ESTABLISHED 23m 0 B/s
201.26.13.136:19056 192.168.100.14:8123 ESTABLISHED 67m 0 B/s
220.134.69.4:58310 192.168.100.14:8123 ESTABLISHED 27m 0 B/s
192.168.100.37:57967 192.168.100.14:22 ESTABLISHED 0s 4 KB/s
2.154.38.235:28649 192.168.100.14:8123 ESTABLISHED 92m 0 B/s
218.156.38.233:20922 192.168.100.14:8123 ESTABLISHED 87m 0 B/s
That’s the list from my side, the ones with 192.168.100.x are from my router, but the others are strange
Is this incoming or outgoing traffic?
Also, do you have port 8123 open? This looks alot like ‘normal’ port scan traffic.
Yes it is open. It depends what ‘normal’ traffic means concerning data privacy and security.
You have a port open which means its accessible to anyone on the internet.
There are various types of scans that happen that look for open ports and the services running on them. This is ‘normal’ traffic and is incoming, there is no way to stop it. If you close the port, the scan will still happen, except your router drops the traffic so you likely don’t see it.
The data privacy and security comes in when you secure your HA instance. A strong password and maybe two factor authentication.
There are ways to restrict the incoming traffic on an open port but they are very router specific and generally aren’t available on consumer level gear.
You have a point here, thank you, I will further investigate.