Hi!
Today i had 4-8 MBit/s Traffic between my CPE (Mikrotik) and 18.66.18.89 (Amazon Cloud).
Is Mikrotik calling home?
Mikrotik’s home is not on Amazon. So if your router is calling somewhere, it might be owned … Also verify that it’s really router, not some device behind the router.
Complaining doesnt help, check scripts and scheduler.
No.
As said, not the router phoning home, but it is actually a device behind the router, there ARE LOTS of devices that phone home - where home IS on Amazon AWS.
So you need to determine really what was generating that traffic.
Highly recommend this, also look at your socks proxy as well as users and IP>services lists to make sure they have not been edited, another ‘fun’ thing is that they will also try and set up some access to the device other than socks so look out for vpn interface you are unsure of or weird firewall rules.
To actually troubleshoot this you are able to use the packet snooper to capture what is going out your wan port, if you save this to file and name it .pcap you can open and inspect the traffic thoroughly if you would like so you can get an idea of what the traffic really is.
Put the /export on forum, after censoring private parts (notice: censoring is not removing)
MikroTik call home when CONFIGURED:
for Cloud DDNS (default OFF),
for Cloud Backup (default OFF)
MikroTik call home when NOT configured:
for Cloud Update Time (default ON)
for Time Zone Autodetect (default ON)
Actually, it is. But not to Amazon, rather to IP addresses in Latvia.
I implemented some output rules to monitor that and there are regular connects to the upgrade server at 159.148.172.226 and 159.148.147.204.
These are HTTP (port 80) requests where it fetches the latest available version, giving the actually installed version as a parameter.
Some devices do that, others do not, but it is unclear what is the trigger. Certainly not something I can recognize in the config.
(of course in the default config “ip cloud” also calls home, but I disabled that)
Pretty sure CHR calls home for licensing purposes, not sure about the rest
That doesn’t do 4-8Mbps of traffic as described in the first post.
And anything else besides timezone detect, update time and ddns doesn’t “auto” call home.
True. It normally makes 1 connection per hour with only a few kb of data.
And anything else besides timezone detect, update time and ddns doesn’t “auto” call home.
I believed that as well, but actually devices do call home to check for updates. No idea why and when, but I am sure there is nothing at all configured to do that.
(at first I believed it would be related to an open “system->packages->update” window, but it is not the case)
Probably I would even like it when it did this by default, although not once an hour. And then, when the user has not configured otherwise, auto-upgrade the device within the same major version.
But there is no such (default) function in RouterOS, so I wonder why it still does the check. Maybe some initial work was done but it never was completed?
When you use closed source software. You’ll never know.
You say that like it’s a bad or nefarious thing. When you choose to buy and use closed source software, you willingly and actively accept that reality. If you don’t like it then sell what you have and use only open source solutions. Best of luck.
Probably you can trust MikroTik but not your (wife|husband|mate)…
@gabscho4
Sir, read my lines without interpreting them.
I’ll repeat, and that is not specific to ROS: closed source software is a blackbox. You are not going to find out if it is phoning home any time. That is a fact.
Open Source you can review and can say for like 100% certainty: yes or no E.T. calls.
@rextended
Trust is a thing in relationships.
Well, of course you can log what happens in the network. Even when an “output” rule cannot be fully trusted, we have many MikroTik routers in a network with a plain Linux box on the edge, and we can (and do) log what connections are made to the MikroTik servers, after initially finding them.