TRB 14x Unwanted traffic

Hello,
After installation firmware and basic configuration:

  • Change password for web interface
  • Set custorm APN in mobile interface (mobile interface has no access to Internet)
  • Service → Cloud Solutions RMS → Connection type set from standby to Disable
  • Install tcpdump_4.9.3-1_arm_cortex-a7_neon-vfpv4.ipk from terminal

Firmware version: TRB1_R_00.07.05.4

I can see unwanted traffic every four minutes.

10.18.33.15 is address on rmnet0 interface (mobile). Log from tcpdump:

07:54:52.820581 IP 10.18.33.15.9993 > 103.195.103.66.9993: UDP, length 137
07:54:52.823136 IP 10.18.33.15.43530 > 103.195.103.66.9993: UDP, length 137
07:54:52.823192 IP 10.18.33.15.30399 > 103.195.103.66.9993: UDP, length 137
07:54:52.823221 IP 10.18.33.15.9993 > 84.17.53.155.9993: UDP, length 137
07:54:52.823249 IP 10.18.33.15.43530 > 84.17.53.155.9993: UDP, length 137
07:54:52.823315 IP 10.18.33.15.30399 > 84.17.53.155.9993: UDP, length 137
07:54:52.823350 IP 10.18.33.15.9993 > 50.7.252.138.9993: UDP, length 137
07:54:52.823379 IP 10.18.33.15.43530 > 50.7.252.138.9993: UDP, length 137
07:58:36.845312 IP 10.18.33.15.9993 > 103.195.103.66.9993: UDP, length 137
07:58:36.847598 IP 10.18.33.15.43530 > 103.195.103.66.9993: UDP, length 137
07:58:36.847659 IP 10.18.33.15.30399 > 103.195.103.66.9993: UDP, length 137
07:58:36.847689 IP 10.18.33.15.9993 > 84.17.53.155.9993: UDP, length 137
07:58:36.847716 IP 10.18.33.15.43530 > 84.17.53.155.9993: UDP, length 137
07:58:36.848330 IP 10.18.33.15.30399 > 84.17.53.155.9993: UDP, length 137
07:58:36.848398 IP 10.18.33.15.9993 > 50.7.252.138.9993: UDP, length 137
07:58:36.848428 IP 10.18.33.15.43530 > 50.7.252.138.9993: UDP, length 137
07:58:36.848455 IP 10.18.33.15.30399 > 50.7.252.138.9993: UDP, length 137
07:58:36.848942 IP 10.18.33.15.9993 > 104.194.8.134.9993: UDP, length 137
07:58:36.849004 IP 10.18.33.15.43530 > 104.194.8.134.9993: UDP, length 137
07:58:36.849036 IP 10.18.33.15.30399 > 104.194.8.134.9993: UDP, length 137

I found there are zero-tier servers but I didn’t even install zero-tier package. How can i find which app is sending data and how to disable that unwanted traffic.

Another problem:
Sometimes when go to System → Administration → General on web interface (http://192.168.2.1/system/admin/admin) then another packets are sent:

07:30:54.423879 IP 10.18.33.15.49192 > 3.66.40.246.80: Flags [S], seq 3960205893, win 64240, options [mss 1460,sackOK,TS val 1695406887 ecr 0,nop,wscale 5], length 0
07:30:55.476289 IP 10.18.33.15.49192 > 3.66.40.246.80: Flags [S], seq 3960205893, win 64240, options [mss 1460,sackOK,TS val 1695407940 ecr 0,nop,wscale 5], length 0
07:30:57.556312 IP 10.18.33.15.49192 > 3.66.40.246.80: Flags [S], seq 3960205893, win 64240, options [mss 1460,sackOK,TS val 1695410020 ecr 0,nop,wscale 5], length 0
07:31:01.636446 IP 10.18.33.15.49192 > 3.66.40.246.80: Flags [S], seq 3960205893, win 64240, options [mss 1460,sackOK,TS val 1695414100 ecr 0,nop,wscale 5], length 0

Hello,

By default, the Zerotier package is not installed on the devices we ship. Therefore, there should be no communication with it or any other random IP addresses. Please ensure that devices connected to the TRB14X do not communicate through those ports themselves.

Best regards,

The first probles solved. Zerotier was installed on programming PC connected to USB interface, so that was forwarded traffic. Thank you.

And what about the second issue?

This topic was automatically closed 40 hours after the last reply. New replies are no longer allowed.

Hello,

These IP addresses are used for Teltonika firmware and package updates. They send requests to check if any new updates are available.

Best regards,