ASUS → ASUS RT-AC88U - Strange AP traffic

Asus cloud?

hey thanks for the reply..

I was able to get a Wireshark session on it and you are correct, it appears to be Asus Cloud traffic as I saw the DNS queries it was making before attempting to connect..

I went back to the Merlin firmware, but I am curious is if there is any way to disable this? All I saw were AI Cloud options but they were all disabled.

Thanks,

jk

My ASUS RT-AC88U also started doing the same after update. I asked ASUS about it but did not get an answer so I blocked all of them at my outboard router. No change in performance and I'm still being notified of updates. Would love to know the reason for connecting to Chunghwa Telecom Co.

Sidebar - Just recently acquired an used ASUS RT-N66U, with latest firmware installed. So, I examined internal menus, set it up, and discovered something unusual when using "nslookup" DOS command, which is a means to find out what DNS server is being used.

In the WAN menu, see photo above, when setup this way, and when you input a DNS IP address into your OS's networking config setup, then the IP address entered will be used. For instance, I'm using Google's Public DNS, and when doing a nslookup command, I see this below,

>nslookup
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
>

But, in that photo above, if I insert Google's IP address, 8.8.8.8 , in that top empty box, then I will see this,

>nslookup
Default Server: router.asus.com
Address: 192.168.1.1

and if I do a tracert for "router.asus.com", I will see this

>tracert router.asus.com
  1    <1 ms    <1 ms    <1 ms  router.asus.com [192.168.1.1]
Trace complete
 

So, nslookup and tracert data points to the router, and I have no clue if Google's DNS server is being used.

Now, when I leave blank, as shown in photo above, and do a tracert on "router.asus.com", it ends up being

ASN name (ISP) ASUSTek COMPUTER INC.
Location Taipei, Taipei City, Taiwan (TW)

Without seeing this router's WAN output side, I have no idea what's going on. Is ASUS re-routing a DNS request to their Taiwan server, and monitoring your surfing? When a company has user data, there are buyers for it.

Thus, I don't know if ASUS is collecting data or not, but I do know nslookup can't tell what's happening when configured as indicated above.

Note - OS and Router have to be rebooted for changes to take hold.

When you enter a DNS server in your OS configuration, that's what your OS will use to resolve DNS request (and what you'll see when you do nslookups). If you don't, it gets its DNS configuration from the DHCP server, which is probably your router, in which case the router will point to itself and use whatever is configured on its WAN interface to forward DNS requests it receives from your local network (but nslookup executed on your PC will show the router as the DNS server).

If you leave the router's WAN configuration to "Connect to DNS Server automatically" the router will forward DNS requests to whatever your ISP sends for DNS servers with their DHCP. If you input specific DNS server addresses the router will forward the DNS requests to those servers, but nslookup still shows your router as its DNS server because that where it sends the requests, which is then forwarded by the router.

Only way to know if your assertion is true, is to sniff the WAN's output side. As noted, nslookup returns this below, when OS is configured to be "in charge," and when WAN's DNS (Connect to DNS server automatically) is checked Yes.

>nslookup
Default Server: router.asus.com
Address: 192.168.1.1

Enclosed pic shows LAN's configuration, which I didn't change when doing these tests.

hostsThats in the router's hosts file or host config file. Any calls to that address that the router resolves will return with that response.

I'm using OEM firmware. When doing this nslookup below, it shows the router acting as a DNS server, even though Google's DNS server was configured in router's WAN menu. I can't confirm if Google's DNS server was being used on not. But, I can say that "router.asus.com" is not a real DNS server on internet. Without inspecting outgoing WAN packets, I have no idea what DNS server was being used. Maybe no smoke here, but I can't confirm/deny.

>nslookup gmail.com
Server:  router.asus.com
Address:  192.168.1.1
 
Non-authoritative answer:
Name:    gmail.com
Address:  172.217.1.197
 

Wondering why traffic is going to the 210.65.113.XXX range. Going out to port 443 so I don't think it's DNS . I also checked to see if DDNS Client was enabled and it wasn't. I'm not using any cloud or air protection but still the connections persist. Anyone figure it out?