What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AC5300 & AC87U are phoning home?

W

West

New Around Here
Hey Merlin,


I intend this message for you or if someone else has notice with a firewall log. I look at my logs every morning and this morning something odd show up on my IPS logs. I don't know if I over look it before but surely not since seems like my ac5300 and ac87u are phoning home. I am not sure if this is part of your firmware but both of them are phoning home via UDP port (42726 on my ac5300 and 34257 on my 87U) to 146.0.32.144:123 (tor.epow0.org) (location: Germany) exactly at 5:59:47 AM. I wasn't sure if this was the path that it's taking to check on firmware updates since my IPS blocked the outbound. I had log into those devices and check their logs but no indication of anyone tampering with them. Their also set to AP and isolated via different vlan through my firewall and also set to only allow 1 certain ip address to access it via https with no ssh or telnet. If you can let me know I would appreciate it.

Thanks,

W
 
Last edited:
West said:
Hey Merlin,


I intend this message for you or if someone else has notice with a firewall log. I look at my logs every morning and this morning something odd show up on my IPS logs. I don't know if I over look it before but surely not since seems like my ac5300 and ac87u are phoning home. I am not sure if this is part of your firmware but both of them are phoning home via UDP port (42726 on my ac5300 and 34257 on my 87U) to 146.0.32.144:123 (tor.epow0.org) (location: Germany) exactly at 5:59:47 AM. I wasn't sure if this was the path that it's taking to check on firmware updates since my IPS blocked the outbound. I had log into those devices and check their logs but no indication of anyone tampering with them. Their also set to AP and isolated via different vlan through my firewall and also set to only allow 1 certain ip address to access it via https with no ssh or telnet. If you can let me know I would appreciate it.

Thanks,

W
Click to expand...
Where do you check for the firewall log?
 
Logi said:
Where do you check for the firewall log?
Click to expand...

I have a hardware firewall so I check it through there since everything else sits behind that. I guess if you use asus as a wireless router and enable the firewall then you would check it through the system logs.
 
West said:
I have a hardware firewall so I check it through there since everything else sits behind that. I guess if you use asus as a wireless router and enable the firewall then you would check it through the system logs.
Click to expand...
Interesting, what brand model do you have?
 
This host is a Tor exit node. Something on your network is running Tor.
 
RMerlin said:
This host is a Tor exit node. Something on your network is running Tor.
Click to expand...

Thanks for the reply. I assure you I am not running any tor, but if it's not your firmware than I will just keep blocking it and keep an eye on.
 
idk, simply a time server? Here's what I get...

Code: 
# ntpdate -q tor.epow0.org
server 146.0.32.144, stratum 3, offset -0.043523, delay 0.16756
29 Jan 21:58:04 ntpdate[22757]: adjust time server 146.0.32.144 offset -0.043523 sec

.
 
The fact that the connection was on port 123 does indeed seem to indicate it was an NTP sync event. Odd that anything would use the IP of a Tor node as an ntp server tho.

In any case, no, this address isn't hardcoded anywhere in the firmware code.
 
You must log in or register to reply here.

Similar threads

adri
Firewall, Port Forwarding, and DoS Question
Replies
8
Views
692
ColinTaylor
C
J
FlexQoS possibly causing RT-AX86U Pro to become unresponsive?
Replies
5
Views
270
Kingp1n
Kingp1n
X
RT-AX58U sudden DNS problem - URGENT
Replies
14
Views
2K
dave14305
dave14305
J
Forced to reboot router to allow my laptop to connect to wifi and some other devices to work properly
2
Replies
25
Views
2K
drinkingbird
drinkingbird
T
Need help determining why asuswrt-merlin failed
Replies
3
Views
1K
tootechie
T
Similar threads
Thread starter Title Forum Replies Date
C RT-AC5300 showing devices as wired when wireless on clients list Asuswrt-Merlin 2
dragon31337 Can't add AC88U as wired AI Mesh to AC5300 Asuswrt-Merlin 13
F Unbricking RT-AC5300 using Serial Asuswrt-Merlin 3
raion969 Asus RT-AC5300 best Wireless Settings Asuswrt-Merlin 6
K Request for v2ray installation training on RT-AC5300 router Asuswrt-Merlin 2
W Upgrade Firmware to Merlin rt ac5300 Asuswrt-Merlin 12
B Asus RT-AC5300 and ExpressVPN Asuswrt-Merlin 8
H Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300. Asuswrt-Merlin 5
F RT-AC5300 with version 386.13 doesn't show any network activity! Asuswrt-Merlin 1
G RT-AC87U wifi flaky connections and network problem on reboot. Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 923 (members: 22, guests: 901)
Back
Top