Suspicious openwrt activity

Hello
I'm using linux and have not, as of yet, set up an openwrt router. I just ran tcpdump on my wireless interface and saw traffic to and from 'forum-01.infra.openwrt.org' and this with no browser running. Any ideas?

So packets between http://forum-01.infra.openwrt.org/ and which device on your network? I see packets between that host and my desktop as I type this.

My wireless interface is wlp3s0. The packets seem to be directly between my desktop and http://forum-01.infra.openwrt.org/ although there are some packets between my desktop and a raspberry pi running pihole (a sort of DNS server). Again, this is without any voluntary connection on my part to http://forum-01.infra.openwrt.org/.

First of all, you're currently posting on forum-01.infra.openwrt.org right now.

Apart from that the discourse software uses web workers (browser background threads) to deliver push notifications etc. Depending on the kind of client (mobile phone etc.) it might be possible that there's still web activity despite the fact that no browser window is open.

4 Likes