Odd network behaviour caught by firewall - Xperia 10 III

SS_11143×274 63.7 KB

Hello, my firewall caught some strange behaviour that is guaranteed to be related to my SailfishOS installed Xperia 10 III. Just thought I’d ask around to see if anyone here has seen similar behaviour or could explain it to me.

The IP addresses on the right side of the screenshot above are one of my telecom provider’s MMS servers, which I know from the port being used, having manually entered it into the settings on SailfishOS. However, the 2 IP addresses on the left are not anything I recognize. Some whois requests say the IP addresses belong to a range assigned to the UK Ministry of Defense. However, my firewall is listing this as a LAN initiated request, and I’m definitely nowhere near the UK, and my LAN has the standard 192.168.0.0/16 assignments. I know this request is somehow involving my Sailfish device, both from the timing (I was fooling around a lot with re-flashing and setting up my Xperia earlier that day), and because my Android devices never contact MMS servers through my WiFi network.

Again, just wondering if this can be explained by anyone here or if similar behaviour has been seen by others in the community…

Is it a fresh install without Android Apps?

It has the AppSupport option installed, but the service was not running (also disabled the auto-start on boot) by the time in the screenshot.

icann query gives 25.75.249.121 beein ripe database.

what is ripe database:

One of the activities of RIPE is to maintain a database of European IP networks, DNS domains and their contact persons and other infor- mation needed for the technical coordination of IP networks. This database is called the RIPE Network Management Database or sim- ply the "RIPE Database”

looks usefull, not harmfull.

Huh, I must have made a pretty big typo. Still confused as to why it’s showing up as a LAN originating IP, and why it would be contacting the MMS server. Perhaps a question partially better suited to pfSense’s forum.