"Phone Home"

My firewall messages me dozens of attempts every 10 minutes of “phoning home”, even when the printer is in sleep mode.
The Form 2 tries to send data to “Amazon Web Services” via port 8443 (psync.https) to various ip adresses.

How can I stop this rubbish?

Grant the printer firewall privileges.

1 Like

Amazon?
Try checking for any malware and clear your IE cache. CC cleaner works well and Malware Bytes. I stopped using Adobe Flash on my systems because of data mining and sounds like something along those lines.

It’s not the PC, it’s the printer itself.

Granting the firewall privileges is only the second best solution. The printer floods the firewall logs, approx. 300 entries per hour.

10.0.5.114 is the Form 2. The Amazon IP adresses seem to be hard coded in the printer firmware.

How does the printer phone home? Why would the printer want to contact Amazon web services? Is that a particular port that Amazon happens to use?

Flooding would occur if the retry value is too soon ie ever half second instead of every 10 or 30 seconds. I would contact Formlabs. Haven’t seen others with this issue.

@KenCitron Your questions are the same as mine. How? And, of course: why?
Port 8443 is an alternative https-port, nothing special.

Most home office firewalls are configured as “allow all except…”, so the printer phones home and you will never recognize it. I only recognized it because of my “deny-all”-strategy.

Addition: There’s communication between Amazon and my form 2 via port 443 (https) too…

Amazon Web Services (AWS to those of us in the industry) isn’t just cloud storage. They provide all sorts of network-hosted services. I wouldn’t be at all surprised if FL decided that to try and build the infrastructure needed to support their printers “in the cloud” was a lot of work they could eliminate if they used a service provider like AWS. So the printer’s phoning home to an AWS domain wouldn’t necessarily be that unusual.

Deny All and allow on a per basis is always the best approach to firewall management. The hammering on the network is probably because the ttl time to live is too short for connect or the retry is too short so it keeps trying at an obnoxious rate. I would think you should have some control on the printer for that.
Is this wireless or hard wired? Wireless connects tend to be noisy from my experience.

Thanks Randy for explaining AWS, your hunch is probably spot on.

Should ask FL if there could be options for the printer that the user could set, ie custom printer port and other advanced options that should be accessible. Most users could be happy with the default settings but I think having some control over this would be good.

My guess is it’s trying to contact the Formlabs server so that it can update the status of the printer to your user dashboard.

@Randy_Cohen is right. Notice the download link for the preform software is https://s3.amazonaws.com/Forml...build_274.exe (shortened for simplicity’s sake).

Doing a little more digging, in fact the emails and text messages you receive upon a print being finished (if you have this feature enabled) come from AWS (IP Addy 54.165.36.113)

So I can, with almost 100% certainty, say this is not malware related. It is most likely calling home to check for an update to the firmware. However dozens of calls, every 10 mins, (especially when in sleep mode) seems excessive. Maybe there needs to be a setting to set how often it phones home (hourly, daily, weekly, etc?)

  • Kevin

Edit: I just re-read @Zachary_Brackin’s message and he is probably right…since the dashboard is being continuously updated from the printer. So in that case dozens of calls every 10 mins doesn’t seem excessive at all.

If there is a lot of packet loss or say ping is blocked then it may keep retrying causing the hammering on the network.
Should be a manual option or maybe it would be better to have that info be controlled from the PreForm rather than directly on the printer. This would give the user better control on what’s going on. Wonder if having the printer talk to the world like that poses a security risk to the printer ie is the printer hackable from the outside?

In the meantime, I blocked the printer from the internet. Nevertheless the printer found a firmware update (and installed it). Heaven knows where…

Next question: why must status data be send to the dashboard via internet? A “print finished” message to Preform via intranet would be sufficient for me. Sorry, Formlabs, you must not know what I am printing.

@KenCitron I’m not sure having it controlled in Preform is an option (although I could be wrong). I might be in the minority here but I do not have a computer connected directly to the printer, rather 3 computers which can all wirelessly print to the printer. Which one would control said settings? Your security concern is probably a valid one. Not being in network security I will not comment further on that.

@JohnK42 My guess is that the hundreds of entries you are seeing are the constant pings for updating your dashboard at formlabs.com/dashboard and the printer probably only checks for an actual update once a day or once every few days. So it will be much harder to catch that one ping checking for an update and block it.

We do collect data for dashboard (which is hosted on our servers) and for diagnostics. If you want to turn off data collection, you can disable it in the printer settings under data collection.

Good to know! I’m OK with it because I like using the dashboard (and we aren’t creating any top secret designs in the first place) but I’m sure many will take advantage of turning this off!

Also, 300 events per hour isn’t really anything that constitutes “hammering” the network interface. 300/hour is 5/minute or one every 12 seconds. I would bet the traffic isn’t even a measurable percentage of overall network bandwidth. I agree that it’s worth understanding what’s going on if you see something on your LAN you don’t expect to see. Computer Security, as they say, “starts at home”. But now it’s clear this is expected behavior, I’d argue that there’s nothing more to discuss! :slight_smile:

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.