-->
Page 1 of 1

ESP making unknown HTTP requests

PostPosted: Sun Jan 24, 2016 9:21 pm
by anecdata
I just noticed in my router logs that my ESP8266s are making TCP port 80 HTTP requests that are completely unexpected. I'm using Adafruit Huzzah and Feather Huzzah versions, running Arduino IDE 1.6.5.

I do make several HTTP requests in my code, but all to my own server (which does not use a CDN), which does not correspond to the various destination IP addresses that I'm seeing. The only other network activity that my code initiates are DNS requests (which should be to port 53) and I do see the frequent NTP requests that my devices make to port 123.

There's a pattern: a couple of minutes after I hit my server, there's an unknown HTTP request from the ESP8266 to an unknown server (using the same source port as the just-prior request to my server). These unknown servers are seemingly generic backbone or telecom servers all over the world, but different each time.

It occurred to me it could be something in the LWIP DNS resolution, but I looked at that code and it appears that, as expected, it should be using UDP. It could be something buried in a library, though it will take some time to examine all of that code.

There may be an easy explanation for this, I don't want to assume something malicious. Just wondering if anyone else has seen this behavior and/or has an explanation.