-->
Page 1 of 2

ESP module phones home?

PostPosted: Wed Apr 08, 2015 1:36 am
by markbee
Just did some random checks whether there is some "phone home" from the modules that are connected to my (separated ESP-)WLAN.

OOPS.

It does some trafiic with an IP address in Argentina - 200.45.255.63 that is and resolves to ***.telecom.net.ar

Strange.

Can anyone confirm this? Module(s) is/ are programmed w/ the ESP-Arduino IDE and a fairly simple Webserver script - almost identical to the provided example.

I certainly will have a deeper look into this and if this might be a false positive.

markbee

EDIT: One other module does a 40 byte TCP connection to 32.53.255.63 (AT&T USA)
EDIT2: There seems to be a pattern:
56.46.255.63
40.46.255.63
are two more IPs only going off from ESP8266 and only if programmed with the Arduino IDE (as far as I can see). I did some cross check with NodeMCU and lua with a webserver and there seems to be no network traffic to the outside.
Please be aware that this might have any reason or any cause in my network. I'm further checking the network traffic and for now have disconnected all the ESP-modules to see if there is any traffic fitting to the addresses above.

Re: ESP module phones home?

PostPosted: Wed Apr 08, 2015 2:35 am
by uhrheber
That's indeed strange. Are you sure that your router isn't infected?

Re: ESP module phones home?

PostPosted: Wed Apr 08, 2015 2:44 am
by markbee
I'm currently logging all the network data and do some more tests with different firmware on the ESPs.

Re: ESP module phones home?

PostPosted: Wed Apr 08, 2015 3:36 am
by alonewolfx2
markbee wrote:I'm currently logging all the network data and do some more tests with different firmware on the ESPs.

strange. i am waiting for your log result