NOTE: This is a translation of my German post 'ESP8266 "telefoniert nach Hause"' in mikrocontroller.net. I translated it to reach a broader and more international audience. Back in october/november I build a light sensor to control the lighting around my house. You can see the result in the attached picture and the sensor works fine. The ESP8266 is connected to a WLAN, that is not connected to the internet and is utilized only for local traffic. Then I got a new router and noticed, that the ESP8266 tries to reach an external IP address (now 128.85.255.63, two weeks ago it was 112.82.255.65). The ESP8266 scans ports in the upper port range from about port 30.000 to 62.000 on that specific address. Until I noticed the described behaviour, the ESP8266 was not capable to communicate with external (internet) IP addresses. I can rule out that the ESP8266 responds to incoming traffic from the internet. I changed that now and currently I am sniffing the traffic. An actual log of this traffic is attached as a PCAP-File, which you can download for the use in Wireshark. My device is an ESP8266 coupled with an I2C BH1750 light sensor. The ESP8266 contains portions of the „ESP8266AdvancedWebserver“ example of the Aruino IDE (1.6.4) plugin, which was installed through the board-manager. The webserver returns the sensor value upon a http request. I have coded the ESP myself via Arduino IDE and scanned the libs available as source code. I did not find anything that could explain the behaviour. I have made use of the following libs: #include <ESP8266WiFi.h> #include <WiFiClient.h> #include <ESP8266WebServer.h> #include <ESP8266mDNS.h> #include <Wire.h> #include <math.h> At the moment I cannot re-enact this situation in lab conditions and with different releases. Hence, I kindly ask you to check if your ESP8266 is calling home as well. You just need to check the routing table of your router. Please post if your ESP8266 connects to "alien" servers as well. Positive/negative reports are welcome. I attached a picture of my light-sensor, screenshots of my routing table and a pcap file for Wireshark, where I have collected a few of the suspicous pakets. I look forward to hearing from you, Jo
Attached files:
-
Lichtsensor_Bild_klein.png
350 KB -
Lichtsensor_Router1.png
9 KB -
Lichtsensor_Router2.png
14 KB
It turned out that the issue was caused by the application itself (not the ESP module or firmware). What seemed like "calling home" are really random data.
What do you mean by "random data?" I have two that are doing the exact same thing.
Call me one of those conspiracy nuts, but one of those IP addresses is in China. Think about this, you're making these tiny controllers that are made to connect to wireless LANs and likely the internet. You make these and sell them for a couple bucks and half a bazillion are sold and being tinkered with everywhere. You have 1) a massive source of data that could be harvested with no effort, and 2) a controller that can be triggered to perform a simple function. We really don't know what is in the chip. They may have inaccessible memory that has a tiny program to phone home and do something. I'm just sayin.... Am I off my rocker? Has my cheese slipped off my cracker? Has anyone read "Daemon" by Daniel Suarez? Awesome book. You would definitely be interested.
Configure your router to cut the ESP from external connections. If you need access from thr global internet, use an Rpi to handle the data or use VPN.
Watch this topic
Disable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
Do you have a Google/GoogleMail account? No registration required!
Log in with Google account
Log in with Google account
No account? Register here.