I've noticed some strange traffic originating from my server running Cumulus. The Cumulus app tries to connect to some IP addresses with a few on the Amazon AWS cloud on port 80.
54.189.192.189
23.102.25.149
34.214.226.247
Why would Cumulus try and connect to these servers? The only thing I can think of is to update APRS, WOW and Wunderground?
Welcome to the Cumulus Support forum.
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Cumulus MX V4 beta test release 4.0.0 (build 4019) - 03 April 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Cumulus MX V4 beta test release 4.0.0 (build 4019) - 03 April 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Cumulus connecting to remote site on the internet?
- steve
- Cumulus Author
- Posts: 26701
- Joined: Mon 02 Jun 2008 6:49 pm
- Weather Station: None
- Operating System: None
- Location: Vienne, France
- Contact:
Re: Cumulus connecting to remote site on the internet?
If you have uploads to those sites configured, then those are the most likely candidates (in particular WU and WOW). Uploads to WU, PWS, and WOW all use port 80. The obvious way to find out is to turn off uploads to those sites one at a time.
Steve
Re: Cumulus connecting to remote site on the internet?
Ok, I can confirm that its WU, PWS, and WOW.
What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.
IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.
IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
- ConligWX
- Posts: 1619
- Joined: Mon 19 May 2014 10:45 pm
- Weather Station: Davis vPro2+ w/DFARS + AirLink
- Operating System: Ubuntu 22.04 LTS
- Location: Bangor, NI
- Contact:
Re: Cumulus connecting to remote site on the internet?
might be worth sending the data logs to Unifi, who are pretty good in fixing issues.spyker wrote:Ok, I can confirm that its WU, PWS, and WOW.
What was weird is that the intrusion detection system on my Unifi USG was marking this traffic as malicious.
IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)). From: 192.168.0.74:4911, to: 54.189.192.189:80, protocol: TCP, on interface: eth1
Regards Simon
https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir • CumulusMX v4.0.0
https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir • CumulusMX v4.0.0