ER605 v1 new Firmware 1.3.0 - New data collection without permissions ?
Hello,
Since my router use the (pretty good) new firmware 1.3.0 i've seen that it looks like it now connects to 3 servers (TPlink, ieee and w3C) without any permission from me.
I specify that I have already unchecked the transmission of data in the "i" window at the top right.
To be more precise, my router is configured identically from firmware 1.2.1 until this new 1.3.0: with the old one, there was no connection to the 3 servers (TPlink, ieee and w3C), but since the upgrade to 1.3.0, my router sends data every 2 minutes (ping, watchdog?) despite the unchecked option...
I use my ER605 router locally, so without any cloud option or Omada controller.
- Could you explain to me the nature of these connections and why I cannot forbid them?
- Could you stop this in a new firmware 1.3.1?
In addition, 2 last questions in another register :
- Do you have a PDF manual describing the exact operation of the new "Quality of service" parameters introduced with this firmware 1.3.0 ?
- Why, the mDNS setup seems always to active "ID 1, defaut, all service network, all client network, any service" ?
Thanks lot
Merci.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Heraclite wrote
Hello,
Since my router use the (pretty good) new firmware 1.3.0 i've seen that it looks like it now connects to 3 servers (TPlink, ieee and w3C) without any permission from me.
I specify that I have already unchecked the transmission of data in the "i" window at the top right.
To be more precise, my router is configured identically from firmware 1.2.1 until this new 1.3.0: with the old one, there was no connection to the 3 servers (TPlink, ieee and w3C), but since the upgrade to 1.3.0, my router sends data every 2 minutes (ping, watchdog?) despite the unchecked option...
I use my ER605 router locally, so without any cloud option or Omada controller.
- Could you explain to me the nature of these connections and why I cannot forbid them?
- Could you stop this in a new firmware 1.3.1?
In addition, 2 last questions in another register :
- Do you have a PDF manual describing the exact operation of the new "Quality of service" parameters introduced with this firmware 1.3.0 ?
- Why, the mDNS setup seems always to active "ID 1, defaut, all service network, all client network, any service" ?
Thanks lot
Merci.
Hello,
No, I don't have any other products with Tp-Link firmware. The only TP-Link product I have is this ER-605v1 router.
Before updating to firmware 1.3.0, the ER605 router did not connect to the domain "www.tp-link.com, www.ieee.org, www.google.com".
However, since this firmware 1.3.0, the router connects to these 3 domains every 2 minutes, like a sort of ping. (I specify that I do not use Google DNS and that I have disabled the sending of analytical data to Tp-Link)
What's more, my ER605 router uses a DOH DNS server located on my network, so the DNS is supposed to be encrypted for all connections on my network. However, all connections are indeed encrypted. Except these mysterious connections to "www.tp-link.com, www.ieee.org, www.google.com" every 2 or 3 minutes...
In short, all this arouses the greatest suspicion in me, all this since the 1.3.0 firmware update...
- Copy Link
- Report Inappropriate Content
Hi @Heraclite
Thanks for posting in our business forum.
Hello,
No, I don't have any other products with Tp-Link firmware. The only TP-Link product I have is this ER-605v1 router.
Before updating to firmware 1.3.0, the ER605 router did not connect to the domain "www.tp-link.com, www.ieee.org, www.google.com".
However, since this firmware 1.3.0, the router connects to these 3 domains every 2 minutes, like a sort of ping. (I specify that I do not use Google DNS and that I have disabled the sending of analytical data to Tp-Link)
What's more, my ER605 router uses a DOH DNS server located on my network, so the DNS is supposed to be encrypted for all connections on my network. However, all connections are indeed encrypted. Except these mysterious connections to "www.tp-link.com, www.ieee.org, www.google.com" every 2 or 3 minutes...
In short, all this arouses the greatest suspicion in me, all this since the 1.3.0 firmware update...
My first question is, if you say that you host a DNS server yourself, then do you sync your DNS with an upstream DNS server? As far as I know, AdGuard and Pi-hole do sync with the upstream.
Well, I have an ER605 V1 1.3.0 at my hand and I just monitored it for 1-2 minutes and I don't see any of the domains popped up.
I suggest you Wireshark and send the capture to me. I need something more than that.
Supposedly, you should stop any network activity disconnect as many devices as possible, and leave a single computer for Wireshark. Do the port mirroring and capture on the WAN.
You can keep your DNS server online in the LAN and capture the ingress and egress of the DNS server as well. This makes two capture packets.
So if you say that the router is constantly ping-ing or accessing these domains, then try to use ip.src == gatewayip and dns to look for the source.
I left my computer idle and I can see my computer 192.168.10.5 is requesting google.com while there is no web page on it.
On my ER605 V1 1.3.0, I don't see any ieee and W3C. Same, no sign for the TP-Link site.
Update: This might not be accurate. Please refer to the replies @ #19.
- Copy Link
- Report Inappropriate Content
Was there any update on this
I have just set up a ER707-M2 in standalone mode and seeing lots of connections to
w3
ieee
tp-link
Anyone know the reason why it is needed?
- Copy Link
- Report Inappropriate Content
Hi @Sherwood99
Thanks for posting in our business forum.
Sherwood99 wrote
Was there any update on this
I have just set up a ER707-M2 in standalone mode and seeing lots of connections to
w3
ieee
tp-link
Anyone know the reason why it is needed?
I need more information than this.
1. What devices do you have in your LAN? Or on WAN? Would be best if you could provide a diagram of that.
2. How do you determine that this Omada router is constantly sending DNS queries to these domains? Screenshot or Wireshark as supplementary proof.
3. Is your device under controller mode? If you are in standalone mode, you should not see any DNS query as I have tested this before with an ER605 V1 with 1.3.0 firmware. Data collection is disabled.
And on a new coming model, I do not see this.
- Copy Link
- Report Inappropriate Content
I have tplink deco 9 as access point hasnt changed since this install
Was previously running Er605 v1 (no requests)
using controld paid Dns and crazy requests per hour showing for these 3 domains
Not in controller mode
I see you say you have tested this with ER605 V1 with 1.3.0 firmware I didn't have this till I installed the TP-Link ER707-M2 This was the only thread that came up when searching so thought I would ask.
Not personally comfortable with the requests and that there is no knowledge of them as the TP-Link ER707-M2 is a new release router but guessing the firmware is based on the ER605 And TL-ER7206
- Copy Link
- Report Inappropriate Content
Hi @Sherwood99
Thanks for posting in our business forum.
Sherwood99 wrote
I have tplink deco 9 as access point hasnt changed since this install
Was previously running Er605 v1 (no requests)
using controld paid Dns and crazy requests per hour showing for these 3 domains
Not in controller mode
I see you say you have tested this with ER605 V1 with 1.3.0 firmware I didn't have this till I installed the TP-Link ER707-M2 This was the only thread that came up when searching so thought I would ask.
Not personally comfortable with the requests and that there is no knowledge of them as the TP-Link ER707-M2 is a new release router but guessing the firmware is based on the ER605 And TL-ER7206
Well, I further tested this and I think that might come from Deco. In my topology, I have a device constantly accessing the DNS of these three domains. And its IP address is 192.168.68.1/24 or 192.168.67.1/24. I tracer route my network and my ER605 is 192.168.0.1 and got several other TP-Link models on the route.
192.168.0.1 > 192.168.2.1 > 192.168.68.1 > 192.168.67.1 > XXX.XXX > X.X.X.X
So that's why I asked you if you have any other devices. 192.168.68.1 is the Deco default IP address.
I think you should check the source of it. I verified the process by Wireshark.
I am very certain that if you disable the data collection on the Omada device, there won't be any illegal or suspicious DNS requests from the Omada product line if you use it in standalone mode.
Suggest you do this with Wireshark and port mirroring on WAN. I verified the source IP address and MAC address in this process.
Or you can remove the Deco and check again.
At least we should proceed troubleshooting based on the facts, correct method and evidence.
- Copy Link
- Report Inappropriate Content
I have made sure to check and I have never enabled data collection it is disabled.
Surprised after a couple of years of the deco 9 connected to the ER605 never had these calls and then installing a new router they show up so guessing this is not the reason. But would also have to ask why the Deco 9 is making these calls if you have found them? My deco's are in access point and gets the ip from the router.
Will look into it with Wireshark and see how it goes
- Copy Link
- Report Inappropriate Content
Hi @Sherwood99
Thanks for posting in our business forum.
Sherwood99 wrote
I have made sure to check and I have never enabled data collection it is disabled.
Surprised after a couple of years of the deco 9 connected to the ER605 never had these calls and then installing a new router they show up so guessing this is not the reason. But would also have to ask why the Deco 9 is making these calls if you have found them? My deco's are in access point and gets the ip from the router.
Will look into it with Wireshark and see how it goes
I am not responsible for Deco products. But what I found is that the IPs are from other devices in my test environment. Could be the Deco.
Conclusion:
The ER605 itself sends to these three domains only when you have Online Detection enabled.
Online Detection will send the DNS query to these three domains but not spam as crazy as the other IP address I found in Wireshark. It's periodically.
Except for the Online Detection, I don't think there are other settings sending traffic actively by the router. If you change the Online Detection to manual and set a DNS server, this DNS query will change accordingly.
I tested this on an alpha phase model and similar firmware as the ER605 V2 and 7206 or other.
Scenario 1:
When I set Online Detection to 114.114.114.114 as the DNS lookup server. WAN IP = 192.168.2.133
Any traffic to the 223.5.5.5 is normal traffic because the WAN DNS is 223.5.5.5.
Scenario 2:
If I set WAN DNS to 1.1.1.1 and I set the WAN as Always Online, this is what happens.
No more queries to google.com, tp-link.com, 3w and IEEE.
Online Detection is in effect. I don't think you should worry. In my test, I have witnessed some IP addresses like Deco 192.168.67.1 or 192.168.68.1 spamming DNS queries. I am not sure the reason why but the ER605 is not spam as bad as them.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Scenario 2:
If I set WAN DNS to 1.1.1.1 and I set the WAN as Always Online, this is what happens.
No more queries to google.com, tp-link.com, 3w and IEEE.
Online Detection is in effect. I don't think you should worry. In my test, I have witnessed some IP addresses like Deco 192.168.67.1 or 192.168.68.1 spamming DNS queries. I am not sure the reason why but the ER605 is not spam as bad as them.
Thanks for this. This has saved me having to install wireshark.
Indeed changing the mode to always online has stopped these queries. Hopefully this will aslo help others when they search for the reaso.
Thanks again and have a great weekend
- Copy Link
- Report Inappropriate Content
Thanks for this explanation. Merci pour cette explication.
However, in my case, when i set to "Manual" the online detection with this two new ping adress 1.1.1.1 and 9.9.9.9, my router ER605v1 Firmware 1.3.0 continue to ping "Google, w3c and ieee" each minute...
:-/
I really dislike "pro" stuff that use connection to ip adress withour any consentement...
:-(
This same ER605v1 router (with same setup and same home network) never didn't do this with its old firmware 1.2.2 ...
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3184
Replies: 21
Voters 0
No one has voted for it yet.