Page 1 of 1
Cumulus connecting to remote site on the internet?
Posted: Thu 06 Sep 2018 9:39 am
by spyker
I've noticed some strange traffic originating from my server running Cumulus. The Cumulus app tries to connect to some IP addresses with a few on the Amazon AWS cloud on port 80.
54.189.192.189
23.102.25.149
34.214.226.247
Why would Cumulus try and connect to these servers? The only thing I can think of is to update APRS, WOW and Wunderground?
Re: Cumulus connecting to remote site on the internet?
Posted: Thu 06 Sep 2018 5:51 pm
by steve
If you have uploads to those sites configured, then those are the most likely candidates (in particular WU and WOW). Uploads to WU, PWS, and WOW all use port 80. The obvious way to find out is to turn off uploads to those sites one at a time.
Re: Cumulus connecting to remote site on the internet?
Posted: Mon 10 Sep 2018 11:15 am
by spyker
Ok, I can confirm that its WU, PWS, and WOW.
What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.
IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
Re: Cumulus connecting to remote site on the internet?
Posted: Mon 10 Sep 2018 2:24 pm
by ConligWX
spyker wrote:Ok, I can confirm that its WU, PWS, and WOW.
What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.
IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
might be worth sending the data logs to Unifi, who are pretty good in fixing issues.