Backdoor in firmware? Router is uploading data itself that i have no clue of

What about ntp requests?

Looks like Iā€™m going to revert back to DD wrt

yup openwrt isn't for you. and google what backdoor is.

1 Like

OK, so first off, you need to determine what software is providing that information and what it means by "other" protocol. "Protocol" has very specific meaning to networking people, and it could mean "a different application than listed above" or it could mean a protocol other than the standard TCP, UDP, and ICMP, or most anything else.

Your choice to show just a snippet of the screenshot was completely unhelpful.

It appears that the build is using the Netlink Bandwidth monitor. You, @Cuteass, should read up on that and determine what the output means before panicking.

Most "monitor" programs like that include the data flowing through the router (which is the bulk of traffic). It's very possible that the data comes from a client device on your network, not the router.

Further, 39 kB / 69 connections ~ 500 bytes per connection. As pointed out, that isn't much data flowing at all. 3 days * 24 hours / day = 72 hours, same order of magnitude as the connections. Might be broadcast, might be your iPhone checking in somewhere over IPSEC, could be most anything.

Then, if you were still concerned, you would need to learn to run tcpdump and/or conntrackd and interpret the results to find out more. Given that you're running a storage and memory constrained device, you may have to learn to build your own firmware and remove one or more packages from the build you're running now, or use an external file system.

2 Likes