What's new

Asus router phones home when booted

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mikeh2

Occasional Visitor
Just an FYI.
I have been watching the boot-up network activity of an Asus AC1900P running the latest firmware, 3.0.0.4.386_43129-g60defb2.

For whatever reason, it makes a STUN call to Google to learn its public IP address. I see this as a UDP request to port 19302 at 108.177.122.127

This is followed by 5 outbound requests all to Asus.

Two requests are made dlcdnets.asus.com. They are TCP requests on port 443 to 152.199.5.151
One request is made to routerfeedback.asus.com. It was TCP on port 443 to 103.10.4.102
Two requests are made to routerahs.asus.com. Again, TCP to port 443 at 103.10.4.85

None of the fancy/advanced options are enabled in the router. Again, this is boot time with no devices connected to the router.
 
Signatures for what? The security software is disabled.
Firmware and Signature updates sound like 2 requests. There were 5 requests in the log.
Do you know if this is documented anywhere? Thank you.
 
AHS = signature files used by the firmware for built-in security (ASD) and stability (AHS) checks (totally separate from Trend Micro, this is for the router's own built-in security).

STUN check = used to determine the router's real public IP, required for various built-in services for when in a double NAT or CGNAT situation.

dlcdnets = various things. New firmware checks, cloud-based database of DNS servers shown in the dropdown WAN page, OUI database lookups for identifying client devices by MAC address on the networkmap, updated timezone data, and a few more additionnal things.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top