Synology RT2600, SRM 1.2.5-8227 Update 11
In my router’s daily report, it says that my top app is SSL, and it appears to account for 33% (34.2GB) of my traffic. I don’t use SSL, it doesn’t show in Activity Monitor, and the router is not set to port-forward SSL, so what gives? Any insight?
Sorry, are you sure you are not seeing SSH, not SSL? Hackers use SSH on port 22 (and other ports) to do brute-force attacks.
My home routers have a ton of this stuff, which, as long as you have authentication locked down (no guest accounts, strong passwords, default access changed or deleted) is just chatter.
Thanks for your response. It’s definitely SSL, and in today’s report it accounted for 85% of my traffic (46GB). Doesn’t make sense to me either. There is, of course, no app or file named SSL—it is, after all, an outdated security standard.
I ran Little Snitch to block outgoing connections to 103.81.228.0-103.81.232.255. It shows a connection 3 days ago from Mozilla VPN to 103.81.230.3; I don’t recall using the VPN but I evidently I turned it on for long enough to capture this. However, it does not show any ongoing connections, like the ones last night and on into this morning (the last connection was 48h ago). Curiously, all the connections were ICMP protocol.
How can I track this down?
Are you using the Synology SSL VPN?
Great catch! I have it installed, but turned off (“stopped”) for the last year or so. And these messages just started a week ago. Any other insight?
SSL is usually a library, not a standalone process. And it is often used to refer to TLS (which began life as SSL version 3).
Note also that the OpenSSL project (one of the most popular libraries) includes a TLS implementation.
Hi @gib
Perhaps not directly related to your question, but I would be remiss if I did not point out that your version of SRM (1.2.5-8227 Update 11) was released on November 21, 2023. SRM 1.2.x has not received any further updates.
Have you considered updating to SRM 1.3.x? As the owner of the same model of router, I patiently waited eons for Synology to issue an upgrade automatically; they never did. I finally took it upon myself to update manually.
While it is not a one-step process, they do make it easy. You go to a Synology website where you select the version that you are presently running, and they tell you which updates to download and install, and in what order. While your mileage may vary, I found the process to be very easy and did not experience any problems (beyond preferring the wallpaper from 1.2.x, that is.)
I would not recommend continuing to run such an old version of SRM. If there are any security concerns at play here with what you’re seeing, updating is a good first step in mitigation. Hopefully, it will go as smoothly for you as it did for me. 
Thanks for your update results. I was aware that v1.3 was not an automatic update, but the process sounded more difficult than your results suggest. I’ll definitely look at it again.
I had never undertaken a manual upgrade before (the update from SRM 1.1.x to 1.2.x was automatic) and I had the same trepidation as you at first, so my first step was to open a ticket with Synology support, and they guided me through the process. Their support has been excellent, and if you need any help, I’m sure they’ll be able to answer any questions that you might have.
Good to know, thanks again!