Why is my Tablo beaconing to Ukraine?

#1

I was noticing on my firewall logs today that my Tablo is reaching out to a Ukrainian IP address every ~18 minutes on port 123 (NTP). I understand that periodic NTP syncs are necessary…but with NTP servers being ubiquitous, why is it reaching out to a Ukrainian server? As a cyber security guy, it gives me the creeps…

#2

also, isn’t ~18 excessive? What Real Time Clock can’t hold out longer that!?

#3

I would think it’s excessive, yes…but my firewall is blocking those requests, so it maybe the “retry” clock is shorter than if it updates successfully. I need to dig more into my logs when I get a chance, but it’s curious to put it mildly.

#4

Товарищ, мы просто проверяем вас. .:smirk:

1 Like
#5

Каждые 18 минут!

#6

What country is the Tablo in?

Also…
В Україні ви не перевіряєте інтернет, інтернет перевіряє вас.

1 Like
#7

первое контрольное время - следующие выборы 2020

#8

The Tablo is in the US

#9

I had been a bit surprised a feature request to set a NTP server has never been requested… now it seems like a good idea. It’s often used as a way to check devices in use, so it’s kind of a (minor) privacy thing.

#10

https://www.tablotv.com/blog/tablo-faqs-do-i-need-internet-use-tablo-ota-dvr/

Each time your Tablo OTA DVR turns on, it will check for something called the Network Time Protocol (NTP) which tells the system what year, date, and time it is in your location. Your home router will pass this info on from your ISP, which identifies your location based on your IP address.

#11

What’s the actual IP address it’s trying to reach?

#12

The IP is 194(.)54(.)80(.)27

#13

Try rebooting your Tablo. I suspect that system is a participant in the pool.ntp.org project (https://www.ntppool.org/en/use.html) and your Tablo cached the IP address. Which it shouldn’t do since they rotate hourly.

#14

I’ll give that a try, thanks @FlyingDiver

#15

LOL!