Asus router phones home when booted

mikeh2

Occasional Visitor
Just an FYI.
I have been watching the boot-up network activity of an Asus AC1900P running the latest firmware, 3.0.0.4.386_43129-g60defb2.

For whatever reason, it makes a STUN call to Google to learn its public IP address. I see this as a UDP request to port 19302 at 108.177.122.127

This is followed by 5 outbound requests all to Asus.

Two requests are made dlcdnets.asus.com. They are TCP requests on port 443 to 152.199.5.151
One request is made to routerfeedback.asus.com. It was TCP on port 443 to 103.10.4.102
Two requests are made to routerahs.asus.com. Again, TCP to port 443 at 103.10.4.85

None of the fancy/advanced options are enabled in the router. Again, this is boot time with no devices connected to the router.
 

ColinTaylor

Part of the Furniture
Use search...

It's checking for firmware updates and signature updates.
 

mikeh2

Occasional Visitor
Signatures for what? The security software is disabled.
Firmware and Signature updates sound like 2 requests. There were 5 requests in the log.
Do you know if this is documented anywhere? Thank you.
 

RMerlin

Asuswrt-Merlin dev
AHS = signature files used by the firmware for built-in security (ASD) and stability (AHS) checks (totally separate from Trend Micro, this is for the router's own built-in security).

STUN check = used to determine the router's real public IP, required for various built-in services for when in a double NAT or CGNAT situation.

dlcdnets = various things. New firmware checks, cloud-based database of DNS servers shown in the dropdown WAN page, OUI database lookups for identifying client devices by MAC address on the networkmap, updated timezone data, and a few more additionnal things.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top