My experience with Internet security so far has been
My dad “The **** are hacking my iphone”
Me “How do you know?”
My dad “Its always saying update available”
or
Computer user “I dont have any viruses, I have Kaspersky Antivirus”
Me " "
Computer user “could you still fix my computer it runs really slow”
Me " "
I am pretty sure I know how it works too, try to find my emlid. Its easy at the static ip of the caster, not so easy at the end of all of the ISP’s equipment. According to the publicly visible internet IP I am on, currently the ISP server handling my connection that I show up as is 1300km away. But the internet facing IP changes during the day, and sometimes changes cities as well. Also my local WAN ip changes daily.
Oh totally agree - end users are the worst for “knowing about computers”… I once had an argument with a guy who didn’t have anti-virus, “because he’s never had one”. Also, another fella reckoned windows 7 was fine even though it’s not supported, “because he’s never been hacked”.
As to the 1300km - that’s IP geolocation that’s actually at fault there. That’s never an exact science at best. According to https://www.iplocation.net/ip-lookup which polls multiple services, my IP right now is in Inverness (correct), Craig Dunain (other side of city), London (South Bank), Brockley and Birmingham. Just depends who you ask and when.
Doesn’t matter whether I can find your emlid or not - check your IP address on shodan.io and you’ll see what services might have been advertising on that the last time it was scanned (and on the off-chance you have the same IP as when it was scanned, you’ll see your 2101 at least).
In my case, it’s not correct as it was last scanned weeks ago and my IP changed since then. Point being tho, if you have a service open and you’re on the internet, then that’s a target. How much of a worry that is, especially in your case where a) little-known/used services (2101/RTCM) and b) IP changes a lot… .well I’d say not to worry about it personally. I don’t particularly for mine, rtkbase isn’t designed very securely but it’s little known and thus low-ish risk.
Odd your IP changes so much - I’m dynamic, but I’ll typically have the same one from my provider for weeks on end. But it will change eventually, hence dynu to the rescue etc.
So your ISP has no mechanism for your endpoint to engage in your own port-forwarding if you wanted to self-publish RTK then? Seems like quite a restriction!
if you ever want to get round the port-forwarding tho, check out the post on ngrok.io above - works great! No messing with firewalls or anything. Downside tho is you need a machine to run it on, and the endpoint can change if you don’t have the paid plan. For testing tho, it works great. Used to use it to develop/test web services without having to wake the firewall team up.
All of the ports are open, the ISP just has so many users tied to one address that its almost impossible to keep track of where they are any moment.
Also you cannot ping to user, but users can ping to internet. So for an IOT device to work it would have to contact the static IP of the outside server to initiate connection like the caster, then send identity data like a mount point number to that server. The server can only figure out what the device is from the incoming data, It would be way too much work to trace the actual path of each packet, or try to tie the connection to the IP address.
I’m behind carrier-grade NAT, so no possible way to forward a port from inside to outside. Tailscale works well, though. It’s really too bad that IPv6 never took off. It would have done away with all this NAT business. Maybe that’s why ISPs have never embraced it. IPv6 is very complex and requires competent firewalling since nearly all addresses are route-able, which is why no one has adopted it. but IPv4 cannot work forever, carrier-grade NAT not-withstanding!
The whole point of RTH2GO is to avoid having to deal with network dark arts. I’d be figuring out why RTK2GO is banning your IP.
If you download the demo version of SNIP and run it on your local network you get all the back end messaging and it will tell you why the host is banning your IP. Fix those issues and job done.
"
