I monitored outbound connections from the router just after it was powered on. No users ever connected to the router and automatic updates are disabled. It makes lots of NTP requests using UDP to port 123. Fine.
It also makes requests on port 443 to 217.31.192.101 and 217.31.192.69 which seems like it is phoning home. These requests seem to run in bunches every hour on the hour. Why would the router phone home?
Thank you.
if enabled, aside from that vanilla NTP, perhaps
Well, 217.31.192.101 maps to api.turris.cz and 217.31.192.69 is repo.turris.cz.
There are several tasks that might cause that. It’s an intended behavior - for instance, updater used our own internal CA, so it checks for CRL periodically - the check is done over HTTPS too. There are several similar things, containing no or minimal details about the router.
All the software we deploy on routers is open source, so you can read its source code if you wish.
And after all, you have root access to the router, so you can disable most/all of the things if you wish.
/etc/init.d/
/etc/cron.d/
Just keep in mind that the provided scripts have certain reason and they form the router environment - software developers expect that they are present and working. If you decide to disable/remove them, you have an unsupported use-case and some functionalities of the router will most likely not work.
To see what was causing these opened connections, I looked at the system log for 3 different hours at the top of the hour. The data is below. Does this make any sense to anyone? It has something to do with a registration code and the status of a contract. Can this processing, whatever it is, be shut down? Thanks in advance.
19:00:01 info /usr/sbin/cron[4795]: (root) CMD (nethist_stats.lua)
19:00:01 info /usr/sbin/cron[4797]: (root) CMD (/usr/bin/get-api-crl)
19:00:01 info /usr/sbin/cron[4791]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
19:00:01 info /usr/sbin/cron[4798]: (root) CMD ( /usr/bin/notifier)
19:00:01 info /usr/sbin/cron[4799]: (root) CMD (/usr/share/server-uplink/registration_code.sh)
19:00:01 info /usr/sbin/cron[4800]: (root) CMD (/usr/share/server-uplink/contract_valid.sh)
19:00:02 err server_uplink[]: Failed to download contract status
20:00:01 info /usr/sbin/cron[17780]: (root) CMD (nethist_stats.lua)
20:00:01 info /usr/sbin/cron[17783]: (root) CMD (/usr/bin/updater-supervisor -d --rand-sleep)
20:00:01 info /usr/sbin/cron[17776]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
20:00:01 info /usr/sbin/cron[17785]: (root) CMD (/usr/share/server-uplink/contract_valid.sh)
20:00:01 info /usr/sbin/cron[17782]: (root) CMD (/usr/bin/get-api-crl)
20:00:01 info /usr/sbin/cron[17786]: (root) CMD (/usr/share/server-uplink/registration_code.sh)
20:00:01 info /usr/sbin/cron[17784]: (root) CMD ( /usr/bin/notifier)
20:00:02 err server_uplink[]: Failed to download contract status
20:00:36 err server_uplink[]: Failed to get registration code
21:00:01 info /usr/sbin/cron[20989]: (root) CMD (nethist_stats.lua)
21:00:01 info /usr/sbin/cron[20990]: (root) CMD (/usr/share/server-uplink/registration_code.sh)
21:00:01 info /usr/sbin/cron[20985]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
21:00:01 info /usr/sbin/cron[20992]: (root) CMD (/usr/share/server-uplink/contract_valid.sh)
21:00:01 info /usr/sbin/cron[20991]: (root) CMD (/usr/bin/get-api-crl)
21:00:01 info /usr/sbin/cron[20993]: (root) CMD ( /usr/bin/notifier)
21:00:01 err server_uplink[]: Failed to download contract status
21:00:34 err server_uplink[]: Failed to get registration code
This is remanent of project Turris history. Originally it was reasearch project and routers were given away for free under a contract. This script you see is checking if given router is under contract. The usecase is to automatically register router for data collection. I can look into it if we are able to drop it on omnia. But in general we are working on new data collection system that is going to be more open and less dependent on exact settings on router. With introduction of new data collection system all these remanents are going to be droppped.
Closely related thread: Why does the router access project.turris.cz when I'm opted out of data collection?
… Thank you …