I recently have been hub’ing it out to see what traffic was going through the network and found a startling discovery. Currently it’s setup between the router and modem so it is capturing all traffic going to and from the Internet.
At first I was sniffing packets at random and start interrogating each stream. I eventually came across regular TCP data on FTP port all going to 103.10.4.40.
Doing a whois on the IP and also checking Geo IP found the IP address belonged to Asus and it went to Taiwan. This kind of tallies where Asus’s HQ was.
Next step was to track down what was communicating to Asus over FTP. There was really lack of information containing the IP address but good enough for Google to find it on ShouldIBlockIt pointing to Asus AI Suite.
My desktop uses an Asus board with the AI Suite III software installed. A quick test using the Windows firewall to block the program and voila! No more FTP traffic. I find this disturbing because:
Even if the program was using it to check for updates it shouldn’t need to do it so often over an insecure protocol.
I just realized this too – I have no idea why it would need to use that much FTP data.