Roon network connections

Hello @support

Is the Roon Core intentionally connecting to, or it may be a hacking attack using the Roon?


Hey @Lonek,

Thanks for getting in touch with Roon support - we’d love to help.

Could you please share a bit more context about this and how it is affecting your Roon setup? Some information on your Core, Audio devices and Network would be very helpful.

Thanks in advance :pray:

when Roon Core is starting I turn on the preview of network communication (remote hosts and ports) and I check which servers Roon connects to. Most remote hosts looks familliar (Amazon, Google etc.) but these two are suspicious. Do you know them?

Those are owned by cloudflare.
NetRange: -
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)

No clue who on their network though. Direct access to the IP is forbidden.

You don’t state if they are inbound or outbound.
I’d check your firewall logs for more details. destination ports etc.

It looks scary - as if someone unauthorised gained access to Roon…
I’m waiting for @support explanations

Cloudflare runs thousands of sites.
Without knowing what protocol(port) or reading logs, you’ll never know what that request did. It could easily be a simple dns request. again no port, no logs, no trail, no clue what traffic passed.

What application are you using to track ip’s with? netstat? snort? lsof?

If it was outbound, your system did the dialing, which would mean the core OS has been exploited for nefarious reasons. I’m not very convinced that happened.

I’ve seen some weird things, so not ruling it out, but won’t be betting for it.

Hopefully you can gather logs and a trail for roon support to follow, otherwise, they will have no clue what to tell you.

I understand your point of view, but I have been profesionally dealing with the security of information systems for too long to ignore the establishment of a connection by Roon (exactly by Roon) especially with these IPs …
So I’m still waiting for @support - whether they knows these addresses or not.
The whole incident is strictly documented (of course I will not publish it here!)

My apologies, I eagerly await seeing the resolution.

Hi @Lonek

Can you share the full log of what you’re seeing with us so we can take a closer look? This is likely nothing to worry about, but we can verify with some more information. If you don’t want to share this publicly, feel free to send it in a PM.

1 Like

Hi @dylan
I’m sorry but no, because this could be evidence in case against the operator of these IPs, so I cannot disclose it to third parties.
I omit the fact that the full log also contains sensitive information for the security of my system.

So all I ask Roon support is to confirm or deny that any of Roon app component intentionally connects to these IPs.

If Roon can’t do it, for technical or legal reasons - of course I understand it.
When my case is closed, I will notify Roon if there is any essential information concerning to the eventual hacker interference to Roon app.