-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
What are the Tesla update server IP addresses?
- Thread starter Verynoice
- Start date
St Charles
Tesla, not TSLA!
Tesla uses AWS to push map updates via SSH connections. You might find it difficult to nail down specific IP addresses as those updates are likely delivered via CDN. If you are concerned about network security, you might just set up an separate enclave for your car.
Model S making outbound SSH connection and receiving at 5GB and counting from some address on AWS today | Tesla
Model S making outbound SSH connection and receiving at 5GB and counting from some address on AWS today | Tesla
Not going to be able to use IP addresses.
It’s a not a good way of making exceptions anyway and just means things break every time they adjust their environment. Especially as you aren’t going to get notified when they do.
It’s a not a good way of making exceptions anyway and just means things break every time they adjust their environment. Especially as you aren’t going to get notified when they do.
murphyS90D
Member
It's on the cellular network. The car has to have a phone number so the server(s) can call the car. Otherwise you wouldn't be able to wake up a sleeping car from the app. When the car is sleeping it is not connected to WiFi. I have a router in my garage and most of the time the car is not connected to it.
I have a Netgear router/firewall and it's also running a version of Bitlocker software, it reports that certain URL's that the car is trying to access are malicious -- why the car is connecting to URL's with IP address only is odd, so I figured that if I knew what the Tesla update IP addresses were, I would whitelist the Tesla update server and ignore anything else.
I don't have the URL's handy right now, or I'd post them. So, the real question that I didn't post initially is why does the router think the car is trying to make outbound connections to these odd URL's that Bitlocker says are malicious?
The Bitlocker software has already flagged two known good sites as malicious and that required me to contact their support to have them whitelisted, so I thought that perhaps this was similar.
I don't have the URL's handy right now, or I'd post them. So, the real question that I didn't post initially is why does the router think the car is trying to make outbound connections to these odd URL's that Bitlocker says are malicious?
The Bitlocker software has already flagged two known good sites as malicious and that required me to contact their support to have them whitelisted, so I thought that perhaps this was similar.
St Charles
Tesla, not TSLA!
...This service is called Bitlocker? You sure about that?
Regardless, an SSH connection to an IP address is not, by itself, a concern. I would suspect if you packetsniff an SSH session, you'll find that this is quite normal. I would be more concerned that you have a service with enough false positives that you call into question each alert. I'd recommend using a different service if you can.
Regardless, an SSH connection to an IP address is not, by itself, a concern. I would suspect if you packetsniff an SSH session, you'll find that this is quite normal. I would be more concerned that you have a service with enough false positives that you call into question each alert. I'd recommend using a different service if you can.
It is connecting to IP addresses because the data is either HTTPS or SSH. Since the data is encrypted from the car to the destination, there is no way for your router to see the content of the data being sent and received.
Furthermore, all connections use IP Addresses anyways. The domain name is resolved into an IP address by a DNS server and then the device connects to that IP address. So if your router has the capability, you should see domain name lookups for the servers that your car is connecting to.
If the connection is secure, then there is no readable data that flows through your router.
The only way around this is to setup a system where your router issues a certificate for the connection between the device (car), and the router/firewall. Then the firewall decrypts the traffic and then it is re encoded to HTTPS to Tesla. But the device (car) needs to accept that self signed certificate which it will never do.
Furthermore, all connections use IP Addresses anyways. The domain name is resolved into an IP address by a DNS server and then the device connects to that IP address. So if your router has the capability, you should see domain name lookups for the servers that your car is connecting to.
If the connection is secure, then there is no readable data that flows through your router.
The only way around this is to setup a system where your router issues a certificate for the connection between the device (car), and the router/firewall. Then the firewall decrypts the traffic and then it is re encoded to HTTPS to Tesla. But the device (car) needs to accept that self signed certificate which it will never do.
Watts_Up
Well-Known Member
Beside establishing a whitelist, I would be more concerned about knowing which ports are open?
Anyway, in this kind of OTA update, the weakest point is the DNS server which can easily be compromised unless using a secure connection.
I imagine that the Tesla updated are correctly signed and tested to protect them from any malicious payload attack.
Model S making outbound SSH connection from some address on AWS
Similar threads
