Plex Server connections from a [blacklisted] Chinese cloud data company?

General Discussions
1

I am seeing some questionable traffic connecting to my plex server port. Fortunately, I run a pfsense router with netopng monitoring the traffic flows on my network and have since blocked this traffic. Of particular interest are some connections from an IP owned China Unicom Cloud Data Company Limited (according to Whois).

I don’t see any unfamiliar plex clients registered with my server, but this traffic was making it though my router (until I firewalled it).

Question: Has anyone else seen this sort of traffic probing/attacking your plex servers?

I have not contacted the admin of this ASN as they’re just cloud hosting and totally disclaim any power to investigate misuse. It is China after all…

here’s the whois detail for the IP involved:

IP Address 120.52.152.19

inetnum: 120.52.0.0 - 120.52.255.255
netname: CU-CDC
descr: CHINA UNICOM CLOUD DATA COMPANY LIMITED
descr: A133, Xidan North Avenue, Xicheng District, Beijing.
admin-c: ZM909-AP
tech-c: ZM909-AP
country: CN
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
status: ALLOCATED PORTABLE
last-modified: 2014-06-26T01:26:01Z
source: APNIC

irt: IRT-CNNIC-CN
address: Beijing, China
admin-c: IP50-AP
tech-c: IP50-AP
auth: # Filtered
remarks: Please note that CNNIC is not an ISP and is not
remarks: empowered to investigate complaints of network abuse.
remarks: Please contact the tech-c or admin-c of the network.
mnt-by: MAINT-CNNIC-AP
last-modified: 2017-11-01T08:57:39Z
source: APNIC

person: Xin Xing
address: A133,Xidan North Avenue, Xicheng District, Beijing
country: CN
phone: +86-18618215599
e-mail: xingxin2@chinaunicom.cn
nic-hdl: ZM909-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2013-10-12T09:06:01Z
source: APNIC

2
3

@OttoKerner
Thanks for contributing! That’s good to know…

Should I be at all worried about blocking a plex.tv server from China? What effect might that have on my and my family’s ability to connect to my plex server [from anywhere other than China]?

Is there a list of known plex.tv server IPs that can be added to a DNSBL whitelist?
I’ve already set a whitelist entry for all IPs resolving as “plex.tv”, but…

That IP (120.52.152.19) does not reverse-lookup to any known FQDN. It is also matched in several DNSBL blacklists that any well-configured [read: not you’re simple home wifi router from a big-box store] router would use to block traffic.

$ nslookup 120.52.152.19
;; Got SERVFAIL reply from 1.1.1.1, trying next server
;; Got SERVFAIL reply from 1.0.0.1, trying next server
Server: 192.168.4.1
Address: 192.168.4.1#53
** server can’t find 19.152.52.120.in-addr.arpa: SERVFAIL

Not that I’d expect all the Plex.tv servers world-wide to necessarily match the web front endpoint, I would expect that they wouldn’t be explicitly blocked in public DNS blacklists…

All I get, at least for the front-end plex.tv FQDN are:
$ nslookup plex.tv

Server: 192.168.4.1
Address: 192.168.4.1#53

Non-authoritative answer:
Name: plex.tv
Address: 63.32.153.75
Name: plex.tv
Address: 54.154.115.144
Name: plex.tv
Address: 54.76.102.118
Name: plex.tv
Address: 54.246.140.185
Name: plex.tv
Address: 63.32.24.1
Name: plex.tv
Address: 54.77.150.142
Name: plex.tv
Address: 52.16.193.193
Name: plex.tv
Address: 52.30.248.117

xiè xiè nín de bāng zhù, 谢 谢 您 的 帮 助,
-Frank (not in China)

4

  1. probably none, if you never travel to China

  2. there is no such thing. Those IP can and will change - sometimes rapidly because they all live in data centers where virtual machines are getting spun and shut down rather quickly.

  3. plex.tv is not “the whole story” of the Plex backbone.

5

Thank you again for explaining the current state of things.

6

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.