Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE

Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-01-25 09:36:17
Model: OC200
Hardware Version: V1
Firmware Version: OC200v1_un_1.9.3_20210914_rel39903_up.BIN

My OPNSense FW is blocking connection back to 

 

n-devs-smb.tplinkcloud.com 

n-deventry-smb.tplinkcloud.com

 

This is unacceptable to have this calling home and it looks like using smb across the internet, clearly unsafe and since I don not use cloud based is a breach in GDPR since I have not authorised said software from connecting to these domains. Also looks like developer entry points!!

 

Please advise that this will be taken out on the next firmware upgrade or of required, then only those whom choose to use cloud based solution\updates and so forth.

 

1
1
#1
Options
28 Reply
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-01-25 09:46:37
Further investigation is showing that it is being generated by the EAP245 V3 Firmware Version:5.0.4 Build 20211021 Rel. 57494 Only started straight after the Firmware update
0
0
#2
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-01-25 09:48:44
Tell a lie, its the EAP225 to. Sorry for multiple posts I cant seem to edit and save posts!
0
0
#3
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-01-25 09:51:30

@Fae FYI 

0
0
#5
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-01-26 03:42:44

Dear @Pugs,

 

Pugs wrote

My OPNSense FW is blocking connection back to 

 

n-devs-smb.tplinkcloud.com 

n-deventry-smb.tplinkcloud.com

 

This is unacceptable to have this calling home and it looks like using smb across the internet, clearly unsafe and since I don not use cloud based is a breach in GDPR since I have not authorised said software from connecting to these domains. Also looks like developer entry points!!


I'd like to clarify that the "smb" in the URLs above refers to "Small and Medium Business", which doesn't refer to the SMB protocol for file sharing. If you are worrying that the Omada devices are sending private files to the above URLs, please take it easy, this will never happen.

 

In fact, the URLs above are subdomain names of Omada Cloud Portal, and Omada devices connecting these URLs is ONLY used for Omada Cloud-based Controller to discovery Omada devices, which is not malicious connection nor with the intent to invade privacy.

New to the TP-Link Community? Getting Started from this thread: https://community.tp-link.com/en/business/forum/topic/551684
0
0
#6
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-01-30 09:25:16 - last edited 2022-01-30 09:26:45

@Fae 

 

Why should i 'take it easy' when these sites are connecting unauthorized back to HQ? I don't use your cloud services on the grounds of the many breaches that have taken place globally and is clearly an entry point into ones network. Now, there have been 500 attempts in the last 24 hrs to connect back. 

 

If people want to use cloud services, thats their choice, not mine and therefore I (and many others) should have the option to completely opt out, esp when we don't use TP-LINK online cloud services AND when I purchased these items there was no mention on signing up to 'phone home' products!

0
0
#7
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-02-01 09:26:39

@Fae 

 

Bumpty bump bump ^

0
0
#8
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-02-02 22:11:53 - last edited 2022-02-02 22:17:27

 

tagging along.   I'm also a bit annoyed by the fact I need to have cloud acces enabled to do a mere efficient way to update my various devices. 

 

There is no destinction about what the could access entails.     imho cloud access could benefit from certain toggles so user can control and manage their network like they see fit and then Pugs can also go on with his life :)

 

-opt in :  FW update checks only   (nothing further is pulled the TP link account is only used to pull/push the bare minimum) 

-opt in :  Discovery  (I don't know what discovery means with your wording ) *  but until today I never used the TP could portal I only used the toggle on my controller and my hardware controller 'existed' there with some data. 

-opt in ;  This controller can recieve configuration/executed activities from TP cloud services  , the full shebang cloud enabledness. 

 

this opt ins  should NOT be configurable by option 2&3  except my local configuration,  so when you would enter the cloud credentials locally you would set this

 

so like I said I never logged onto the cloud portal site until just now. I did however toggled cloud access because updating FW manually became tiresome , and international and localize tp links sides differences made this even more difficult. 

 

today I for the first time connected to the TP cloud services and I could see my off line controller with the following data 

HOST Type MAC ADDRESS STATUS SITES DEVICES CLIENTS ALERTS VERSION

FIRMWARE

 

 

Anyway Pugs claim of GDPR ,  GDPR is not about calling back to domains.  Its about what happens with personal data and if the person is are aware about what happens with the data.  and if you can control it  etc... 

https://gdpr-info.eu/issues/personal-data/ 

 

I just tried that , then you enable the cloud access at controller side ,  you just reload the TP cloud site and bam ,    redirecting and bam , I can control my controller.    so there is a certain GDPR ness the moment you use the account on the controller side. 

Anyway I immedaitely toggled the switch to off again and pressed 'forget on TP cloud and my controller was gone again <= I'm Happy I geuss it will remain like that until I toggle my controller sided toggle again ,   I guess I will sadly do the slow and painfull manaul  updates) 

 

but to indulge Pugs ,  why can't I only choose the option to not 'phone home' and forego the option of discovery and control ? 

Why can't there be an option for FW retrieval without extra data above,   

 

so again a FW check only option without discovery would be very nice. 

 

 

 

 

 

 

 

 

2
2
#9
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-02-03 09:31:01 - last edited 2022-02-03 09:43:52

@mehmeh Thing is, couple of firmware revisions earlier this wasn't happening, They have embedded this since, say 6 months ago. Before that, I believe it worked perfectly anyway. The 'dev' entry points is just that, otherwise why name it that way! They seem to be, being a bit quiet on this.

 

It also happened couple of years ago where myself and a guy who used to frequent here, found the software connecting back to a domain that clearly the devs had left in!!!

 

2 out of the top 3 blocks in the last 24 hrs, TP-LINK why? GDPR or not it's unacceptable for those whom do not use these features nor want their devices potentially being compromised via a online backdoor

 

 

 

 

 

 

0
0
#10
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-02-03 09:40:40 - last edited 2022-02-03 09:53:11

@mehmeh By the way, prior to the big firmware upgrades, we could all update through the software WITHOUT a cloud account, just as you have asked for in the last 2 paragraphs.

 

Personally, I think people nowadays are too indisposed/strong disinclination about software phoning home and possibly insecure back doors back into your network. Just taking a look at what my firewall is blocking right now (100s of blacklists and top 30 day rolling attackers) backs it all up and what ports are they using to make a connection?

 

So yeah I like to give a little of my life pointing it out and thats why I use open source, ad blockers, FW rules, CalyxOS and try to have nowt to do with Google and so forth etc wherever possible.

0
0
#11
Options
Re:Connecting to n-devs-smb.tplinkcloud.com AND n-deventry-smb.tplinkcloud.com - UNACCEPTABLE
2022-02-03 09:53:20 - last edited 2022-02-03 09:53:55

@Pugs 

 

to clarify I'm on your side.   I just I found your statement call back is GDPR entry point a bit strong.

I just tried to provide context 

 

I do agree , there should be options to handle this better 

that's why I proposed levels of opt in 

completely disable the callback , its indeed worrying that if cloud access is disabled they call back 

minimum for FW upgrade version only ,

should be distinguishable from 'full could access' , which clearly can't be done now.

 

 

0
0
#12
Options