While reading a little about the "Intel Management Engine" this post came to mind. One issue of interest might be how the Intel ME (and other brand) silent systems can send network traffic "out of band," even while the main system is turned off but sideband power still on. Apparently, nobody, even Google, knows how to turn this off. o1bigtenor wrote: > On Tue, Feb 11, 2020 at 3:46 PM r hayman <rhayman at pureice.com> wrote: >> >> While I'm not familiar with OpenWRT, but since it's linux, it probably has the built in capability to capture traffic out of the box. >> >> I'd start by looking at the destination IP addresses, protocols (UDP/TCP), and the destination ports. >> >> /var/log/ufw.log (if OpenWRT uses ufw), /var/log/syslog, or wherever it logs traffic to >> >> MAC = which LAN device traffic originates from if not statically assigned via DHCP >> DST = destination IP >> SRC = your LAN IP device (makes things easy if you statically assign via DHCP) >> PROTO = protocol >> DPT = destination port the device is trying to connect to >> >> use nslookup on the $DST >> google search "port $DPT" >> >> If you have a specific manufacturer's brand device, search for which ports they use - Apple uses https://support.apple.com/en-us/HT202944 >> >> I have all pre-defined DHCP static addresses, and rules in my firewall/router that (a), block all incoming connections, (b) block all outgoing connections - except for those I define either by source, destination, protocol, or destination port number. This is heavy-handed restrictions on the outgoing side that requires maintenance but nothing escapes my LAN without me specifying it explicitly. >> >> > I think this last is exactly what I'm trying to work toward. > Trying to figure out what is causing traffic 'x' when I'm not using > the hardware myself. > > Thanks for the ideas!!! > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list >