Why does my Fingbox send data to Amazon?

nozero
nozero Member Posts: 5
Second Anniversary 10 Comments Name Dropper Photogenic
in Devices & Security #1
Screenshot_20210331-192813.jpg

According to Firewalla blue.

Thanks

Best Answer

  • Marc
    Marc Moderator, Beta Tester Posts: 3,146
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #2 Answer ✓
    @nozero, Fing's infrastructure is hosted on Amazon's AWS servers, which is probably why you're seeing this.  This would mean telemetry etc coming  from your Fingbox would end up at an Amazon datacenter.  
    Thats Daphnee, she's a good dog...
    [Deleted User]nozero

Answers

  • nozero
    nozero Member Posts: 5
    Second Anniversary 10 Comments Name Dropper Photogenic
    #3

    Having, at one time, had an AWS account of my own, I wondered if that was the case. Thanks for the confirmation.

    FWIW, the Fingbox went offline when I blocked it from the IP address range 34.240.0.0/13 with a rule and came back online when I paused the rule.

  • Tspixn658
    Tspixn658 Member Posts: 2
    First Comment Photogenic
    #4
    From my knowledge, Fing is built on AWS (web applications, API's, etc) which would likely be the reason you see traffic being sent to an IP resolving to AWS. Fing is located in Ireland so it is a good assumption that this endpoint hosted on AWS in the EU-WEST-1 (Dublin) region is owned by Fing. There are more details below.

    IP 34.247.154.81

    These tools are fairly old but still accurate most of the time for determining if an IP address is owned by AWS and the endpoint it resolves to. Keep in mind, these tools will never be 100% accurate and an IP will not necessarily always resolve to the same endpoint, hostname, etc. 
    Prefix: 34.240.0.0/13
Region: eu-west-1 (DUBLIN)
Service: AMAZON EC2<br>
    ec2-34-247-154-81.eu-west-1.compute.amazonaws.com
Results from https://dnschecker.org/ip-to-hostname.php?query=34.247.154.81IP: 34.247.154.81
Hostname:

    Port 4443

    In this case, Fing specifically lists port 4443 as a utilized port. The data is most likely telemetry, logs, heartbeat, etc.:

    Due to the distributed and resilient design of Fing services, we recommend giving Fing app and Fingbox access to the full Internet. If you want to limit outbound connections and still ensure minimum functionality, make sure to allow Fingbox to reach any IP address on the following TCP ports: 80, 443, 4443, 5671.

    In addition, the ports needed for the Internet Speed Test, provided by M-Lab include 3001, 3002, 3003.

    https://help.fing.com/knowledge-base/firewall-compatibility/ 

    The outbound traffic is from a service (probably an API) operating on TCP port 4443 which is commonly used as an alias or replacement for 443. The "Pharos" service listed by Firewalla is from the IANA registry which is used as a general reference (https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=4443).







Categories