Asus AI Suite Constant FTP

I recently have been hub’ing it out to see what traffic was going through the network and found a startling discovery. Currently it’s setup between the router and modem so it is capturing all traffic going to and from the Internet.

At first I was sniffing packets at random and start interrogating each stream. I eventually came across regular TCP data on FTP port all going to 103.10.4.40.

Doing a whois on the IP and also checking Geo IP found the IP address belonged to Asus and it went to Taiwan. This kind of tallies where Asus’s HQ was.

Next step was to track down what was communicating to Asus over FTP. There was really lack of information containing the IP address but good enough for Google to find it on ShouldIBlockIt pointing to Asus AI Suite.

My desktop uses an Asus board with the AI Suite III software installed. A quick test using the Windows firewall to block the program and voila! No more FTP traffic. I find this disturbing because:

1. Why would a hardware monitoring program need to make an FTP connection
2. The frequency of the packets

Even if the program was using it to check for updates it shouldn’t need to do it so often over an insecure protocol.

About Danny

I.T software professional always studying and applying the knowledge gained and one way of doing this is to blog. Danny also has participates in a part time project called Energy@Home [http://code.google.com/p/energyathome/] for monitoring energy usage on a premise. Dedicated to I.T since studying pure Information Technology since the age of 16, Danny Tsang working in the field that he has aimed for since leaving school. View all posts by Danny → This entry was posted in Networking and tagged Asus, firewall, FTP, GeoIP, Google, hub, IP, Packet, PCAP, Sniffing, Taiwan, whois, Windows, Wireshark. Bookmark the permalink.

One Response to Asus AI Suite Constant FTP

This site uses Akismet to reduce spam. Learn how your comment data is processed.