log-ingestion.samsungacr.com

So, I was playing around with Wireshark and found this packet. Would someone please explain why "log-ingestion.samsungacr.com" is in the packet? Hopefully the format is clear enough to read.

Potential helpful info:

1. The samsung tv is connected to a router.
2. The router uses the PIA DNS servers and connects to a first router (connected to a cable modem).
3. This first router uses DD-WRT and PIA through openvpn.

Here is the packet. I suspect the Samsung TV is logging the connection through log-ingestion.samsungacr.com

 resolver1.privateinternetaccess.com    DNS    88    Standard query 0xf9fc A log-ingestion.samsungacr.com
Frame 522: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) on interface 0
Ethernet II, Src: SamsungE_ce:c7:50 (cc:b1:1a:ce:c7:50), Dst: XXXX_06:22:e9 (68:1c:a2:06:22:e9)
Internet Protocol Version 4, Src: 192.168.6.101 (192.168.6.101), Dst: resolver1.privateinternetaccess.com (209.222.18.222)
User Datagram Protocol, Src Port: 59154, Dst Port: 53
    Source Port: 59154
    Destination Port: 53
    Length: 54
    Checksum: 0x1ded [unverified]
    [Checksum Status: Unverified]
    [Stream index: 30]
Domain Name System (query)
    [Response In: 523]
    Transaction ID: 0xf9fc
    Flags: 0x0100 Standard query
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries


Queries
    log-ingestion.samsungacr.com: type A, class IN
        Name: log-ingestion.samsungacr.com
        [Name Length: 28]
        [Label Count: 3]
        Type: A (Host Address) (1)
        Class: IN (0x0001)






Comments

  • The way I see it, if Samsung is sending something from an object is designed to receive, then I would block it big time in your router. See if the TV complains about not being able to phone home.
  • That definitely looks sketchy. The MAC address in the packet is assigned to Samsung, and it's a Samsung domain...

    This domain is also blocked by both uBlock and MACE.

    Seems that it is somewhat known and there's ways to disable it: https://www.consumerreports.org/privacy/how-to-turn-off-smart-tv-snooping-features/
  • Thanks for the comments. I tried to close all  the settings options in Samsung settings, but Wireshark on launch reports an "Open" connection.

    C:\Users|XX\Desktop\log-ingestion.samsungacr.com.pcapng (189 KB)

    This is on the Wirshark launch page before selecting a capture. So is it still logging?

    I renamed the log file

    C:\Users|XX\Desktop\BAKlog-ingestion.samsungacr.com.pcapng (not found)

    and now Wireshark reports (not found) for that file. Also strange is that there was no activity in that capture for today, the 17th even though the TV has been on since last night.

    Very strange.

    Thanks again.
Sign In or Register to comment.