Log Entry for Attempted Connection to Sever NOT on my list..

Feedback about snapshots

Log Entry for Attempted Connection to Sever NOT on my list..

Postby adcprod » Thu Apr 14, 2016 8:36 pm

We have some very restrictive firewall policies where I work. We block the default Mumble port in except to approved IPs. Anyway, we've observed attempted connections to:

tylerr.noip.me: 64738

Address lookup
canonical name tylerr.noip.me.

This appears to resolve to some guy's cable modem.


It also appears to be a valid Murmur/Mumble server:
:~$ openssl s_client -showcerts -connect tylerr.noip.me:64738
depth=0 CN = Murmur Autogenerated Certificate v2
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = Murmur Autogenerated Certificate v2
verify return:1
Certificate chain
0 s:/CN=Murmur Autogenerated Certificate v2
i:/CN=Murmur Autogenerated Certificate v2
Server certificate
subject=/CN=Murmur Autogenerated Certificate v2
issuer=/CN=Murmur Autogenerated Certificate v2
No client certificate CA names sent
SSL handshake has read 1178 bytes and written 633 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: D99E7D0D1010F01835F927BC72CDA9144C1235A0929A9F9D9BA935B8D199AF48
Master-Key: BF57F8696A3D0A05E65B8623B5461C2D78FC9B4323F71DCE8253608DEBE18B1BA49D59FD2601ABB23C85E68AA7CB16AC
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 09 52 f9 a3 54 f5 34 9f-20 d6 ee 19 50 d3 90 2f .R..T.4. ...P../
0010 - 7a 1e 85 ee b0 5c 23 91-0b d5 1e d2 8a b0 87 48 z....\#........H
0020 - 09 d6 b0 4f 88 5b 34 bc-d6 4e bc 7b fd d4 73 5c ...O.[4..N.{..s\
0030 - 64 d7 90 1f b5 0e d6 44-ad f5 f3 b1 37 35 3a ec d......D....75:.
0040 - 31 0b 91 88 5c 68 03 bc-f0 60 9e 9a 26 4a 2b 86 1...\h...`..&J+.
0050 - cd 05 2a 10 e1 52 1c bd-99 7f 6a f9 52 a1 c2 bc ..*..R....j.R...
0060 - ce d4 b1 85 d7 41 6a 69-84 48 61 00 bb fd 20 49 .....Aji.Ha... I
0070 - 1d be c0 8f e6 ab 3c 87-a8 51 ac 91 dc d4 5b 70 ......<..Q....[p
0080 - 2e 25 cf 95 cb ba f3 9c-39 22 01 d4 3c 2d 70 99 .%......9"..<-p.
0090 - 44 83 3b 78 9e ed f5 bb-a8 3c cd 53 c5 47 74 cf D.;x.....<.S.Gt.

Start Time: 1460664467
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
This seems to be the only automatic connection attempt from the Windows client software (outside of our own servers). Is this by design? If so, why? (BTW, I searched source code from github and did not find reference to this server. I did use pre-compiled binaries though and wonder if something else is stuffed in there.)

This was observed with the most stable Win client code. (I realize this is the snapshots thread, but I'm not sure where else to post this.)


P.S. By the way, I'm new here and this is hands-down the best audio VOIP software I've ever used. Thanks so much for your hard work! :D
Posts: 1
Joined: Thu Apr 14, 2016 8:24 pm

Re: Log Entry for Attempted Connection to Sever NOT on my li

Postby hacst » Thu Jun 02, 2016 7:11 pm

That's none of ours. I am not quite sure I understand under what conditions this was seen but the public server list or a custom favourite would seem like obvious culprits that could trigger such an alert.

The name lookup could be a favourite or public server. Though for the public servers you should see much more than those depending on the locale you are in.

If you open Mumble for the first time or don't have any custom servers added the default setting for it is to retrieve the public server list from one of our hosts (*.mumble.hive.no or *.mumble.info). It then uses your locale to decide which country to display to you and expands the list in the connection dialog. To be able to display ping and populations on the servers the dialog displays we perform a name-lookup and send UDP ping (not an ICMP ping) packets to the mumble port (mostly 64738) of the hosts.

If you have one or more favorite servers the public list won't be retrieved. Unless you expand it all you should see is Mumble resolving and pinging your favourites.

In cooperate settings where you don't want to display the publist in the first place you can completely hide the point from the connection dialog by setting "disablepubliclist" to "true" in HKEY_CURRENT_USER\Software\Mumble\Mumble\ui .

Hope that helps
Team member
Team member
Posts: 338
Joined: Wed Sep 23, 2009 4:28 pm

Return to Snapshots

Who is online

Users browsing this forum: No registered users and 0 guests