explain-appendix-length
Occasional Visitor
RT-X3000 running 388.2_2
I have Nextdns.io configured and have been seeing excessive connections to wordpress.com, specifically www.wordpress.com.
In the System logs I do find:
No more connection attempts to www.wordpress.com
Two Issues here:
I have been tracking this down for a few weeks and finally found the time to just disable everything on the AP and do some testing.
I am updating to RT-AX58U_3004_388.4_0.zip and will see if that has any changes regarding this traffic.
I have Nextdns.io configured and have been seeing excessive connections to wordpress.com, specifically www.wordpress.com.
In the System logs I do find:
But there are no active connections to www.wordpress.com (192.0.78.13)dnsmasq[2243]: possible DNS-rebind attack detected: wordpress.com
- To better isolate, I disabled all wifi, had no lan connections with the router by itself.
- Monitor nextdns logs for this profile (profile for this router/device only ) it logs www.wordpress.com attempts (which I blocked) every SECOND, Two attempts.
No more connection attempts to www.wordpress.com
Two Issues here:
- Why is the firmware (does not happen with Asus stock firmware) attempt to connect to www.wordpress.com TWICE every second?
- A grave security issue is why does the system or active connection log NOT display connections from the router? Specifically this traffic?
- Seems like a real sketchy activity
- Searched the source (on github) for any calls to www.wordpress.com, could find none
- WTH is going on with that??
I have been tracking this down for a few weeks and finally found the time to just disable everything on the AP and do some testing.
I am updating to RT-AX58U_3004_388.4_0.zip and will see if that has any changes regarding this traffic.