Solved: Am I being hacked (mqtt)?

I got a strange phaenomen that i can’t track down.
I have hassio running, with HA exposed to the internet through nginx on another machine. This one also host the certificates etc …
I have mosquitto setup without ssl, but with user/pwd. For some days now i can see the mqtt sensors disappearing in the webfront for a second (all sensors turn to unavailable)

Then, after a second they are back again. But still some of my routers stay unconnected, and the whole network is very unstable. So i checked the logs, and see this:

1575622533: New connection from 172.30.33.5 on port 1883.
[INFO] found mqtt on Home Assistant
1575622535: New client connected from 172.30.33.5 as mqttjs_abb6f773 (p2, c1, k60, u'mqtt').
1575622564: New connection from 192.168.1.75 on port 1883.
1575622564: New client connected from 192.168.1.75 as 2385758 (p2, c1, k15, u'mqtt').
1575622564: Client 2385758 disconnected.
1575622592: Socket error on client mqttjs_abb6f773, disconnecting.
1575622593: New connection from 172.30.33.5 on port 1883.
1575622593: New client connected from 172.30.33.5 as mqttjs_abb6f773 (p2, c1, k60, u'mqtt').
1575622652: Socket error on client mqttjs_abb6f773, disconnecting.
1575622653: New connection from 172.30.33.5 on port 1883.
1575622653: New client connected from 172.30.33.5 as mqttjs_abb6f773 (p2, c1, k60, u'mqtt').
1575622712: Socket error on client mqttjs_abb6f773, disconnecting.
1575622713: New connection from 172.30.33.5 on port 1883.

I checked 172.30.33.5 but only got the info that it’s an IP address from Los Angeles. I’m not sure if this is some of my devices that causes that, and it’s not bad at all, but i find no way to debug this.

Can anyone help?? Thanks

This IP is probably the one from the docker that runs Hass.io, check the ip. However I see that it always has a socket error and then disconnects so there must be some other issue in your system.

1 Like

Haha. Stupid me. 172.30.x.x is in the 172.16.0.0/12 range. :slight_smile: My mistake.
And you’re right something goes wrong here, and it seems to be my configuration, but still i find no way to debug it. Hassio doesn’t let me do very much in that aspect.

If you have more than one device connecting with the same clientID to MQTT, it will cause erratic behavior too.

1 Like

I suspect something like that. But how do i find out which device this is?

What clientID is your HA using to connect to the broker? What add-ons are you running in hassio? The connection that keeps erroring out appears to be coming FROM inside the docker network, aka a hassio addon.

I wish i could answer those questions, because this is what I try to find out :wink:
If you could tell me where to look at, or how to find out, the problem would be solved I guess.

Those are the installed plugins:

The only thing I see that would be talking to the broker is the zigbee2mqtt-edge add-on. have you verified that the username/password are set correctly for that add-on?

There’s a way to finding out which addon is having the 172.30.33.5 IP address, by accessing the OS (HassOS or whichever) and runnig some docker commands to find the culprit.

If you running HassOS as a virtual machine (Oracle VB or VMWare) then you need to use the virtual machine console to access docker. Below is a link for a different topic but has steps 1 to 4 which you need to do to get access to the HassOS console in the virtual machine.

Then we can do some docker debugging to find the culprit. Type the below:

for i in $(docker ps --format {{.Names}})
do
echo $i
docker inspect $i | grep IPAddress
done

Sample output, it doesn’t matter that the IP address is listed twice but if you found the add-on with the IP 172.30.33.5 then that’s what we’re looking for:

add-on-container-name
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",

From add-on-container-name it should give you an idea which plugin is messing up. Post a screenshot of the output if you found it difficult to understand.

deleted some stupid stuff …

1 Like

So here’s the solution: I installed zigbee2mqttassistant-dev plugin which makes renaming of zigbee devices easy. And I renamed my router something like “cc2530 router #1”. Unfortunately the new name may not be syntax checked and it seems the HASH was the problem. I removed that entry from the friendly name tag and all is up and running again.
Thanks everyone!!

3 Likes

How’d you get to that conclusion? Trial and error?

Glad to hear you worked it out… I’ve struggled with weird MQTT errors in the past and not got to the bottom of them. For various other reasons I did a fresh HA installation and haven’t seen them since.

Let’s say I went back in time and looked for changes that I did before the problem occured. It was not obvious from the beginning. But knowing that special characters in names make problems in different areas it was easy to nail down once I noticed it.

isn’t the 172.0.0.0 address passed out when you install Samba as a non native ip to communicate to other machines on the same network??

No the 172.16.0.0/12 IP range is a private network non-routable IP range reserved for LAN use.

Reference: