Hello. I have two Ruckus R320 APs running 126.96.36.199.129. My router (a Firewalla Gold) notified me last night that the master AP started making requests every few minutes to umm1.exands.com:443, supposedly originating from the AP, and the endpoint being in China.
I did a bit of Googling about the endpoint and couldn't determine anything other than Exands seems to be a "network infrastructure operator". Once I blocked the endpoint, I started seeing umm1.exands.com:53 (DNS) requests instead (also being blocked by my router), similarly originating from the WAP.
This has concerned me, as if it could be malware, but I don't know how to investigate. If it were a plain linux box, maybe I could use something like tcpdump to determine the process making the requests; I can SSH into it, but the Ruckus CLI is limited. Any advice before I wipe and reinstall the APs?
Aside: I notice the master AP is also making constant (seemingly every 2-3min) attempts to captive.apple.com for a long time. I believe that's a tactic used to determine if a device is on a captive network, but is that a feature of Unleashed?
Solved! Go to Solution.
I believe you are not from the exands. Could you please confirm if there is any special configuration done for the AP or with regards to the UMM settings?
Also, is this the first time the router reported this?
Any changes done before this issue triggerred?
Please confirm the AP location (Country)
Is this - "exands.com" - specific to a particular client? Can it be "pushed" to the AP? Or would my AP have had this configured the whole time? I never checked this setting before.
> Could you please confirm if there is any special configuration done for the AP or with regards to the UMM settings?
No. I bought both of these APs second-hand and installed the Unleashed firmware fresh. This is for home use, just the two APs.
> Also, is this the first time the router reported this?
This is the first time to my knowledge. I suppose it's possible it happened before, I only have 24 hours of history and it started up suddenly looking at the timeline.
> Any changes done before this issue triggerred?
Not that I can think of. I haven't touched the Unleashed configuration in months.
> Please confirm the AP location (Country)