Showing results for 
Search instead for 
Did you mean: 

R320 started making requests to international endpoint

New Contributor

Hello. I have two Ruckus R320 APs running My router (a Firewalla Gold) notified me last night that the master AP started making requests every few minutes to, supposedly originating from the AP, and the endpoint being in China.

I did a bit of Googling about the endpoint and couldn't determine anything other than Exands seems to be a "network infrastructure operator". Once I blocked the endpoint, I started seeing (DNS) requests instead (also being blocked by my router), similarly originating from the WAP.

This has concerned me, as if it could be malware, but I don't know how to investigate. If it were a plain linux box, maybe I could use something like tcpdump to determine the process making the requests; I can SSH into it, but the Ruckus CLI is limited. Any advice before I wipe and reinstall the APs?

Aside: I notice the master AP is also making constant (seemingly every 2-3min) attempts to for a long time. I believe that's a tactic used to determine if a device is on a captive network, but is that a feature of Unleashed?


RUCKUS Team Member

"exands" is a specific customer. Probably the AP was holding the configuration. Probably you need to do the Factory default and then load the firmware if you are using a second hand APs.

View solution in original post