I have recently noticed an extreme spike in my routers (own) 2.4GHz Wi-Fi activity, normally it’s around the 40-50% mark, which is pretty high in itself, but since the start of the week, it skyrocketed to +90% allocation. This is an absolutely insane number, considering all other 2.4GHz devices (ZigBee, Bluetooth, Proprietary Wireless, etc.) also share bandwidth with 2.4GHz Wi-Fi! The consequence of this is basically nothing else on 2.4GHz works in the entire house, neighbours Wi-Fi goes down, Bluetooth becomes very short-ranged and ZigBee basically doesn’t work at all anymore (the biggest problem).
I have done some analysis, unplugging every single device in my house from Wi-Fi and testing the difference in Traffic. I came to the conclusion that Homey is single-handily responsible for the additional 40-50% of Wi-Fi traffic! When I unplug Homey Traffic goes back to normal instantly.
I have gone on and did a (~10min) package capture on my router, to see what sort of traffic is happening here, and it seems to be lots (1000+ per hour) of TLS requests to some Amazon (AWS) Server in Ireland, which I assume is for the Athom cloud connectivity.
Is anyone else experiencing this lately, and can anything be done besides completely blocking Athom Cloud access?
I though that too, but when I do a tracert to connect.athom.com (which is the first and only DNS request my Homey makes when rebooting) it goes through about 10 different (USA) AWS Servers and ends up at the exact IP of the Irish AWS Node that sends all of the TLS-packets.
My Homey is not running any apps or services that require AWS access, and AWS is the first provider it contacts for “regular” traffic (the others being Google’s DNS servers and an NTP pool server).
I have tried blocking connect.athom.com in my routers firewall, to see if that reduces the traffic at all (sacrificing cloud connectivity until there is a better solution), but that just splits the TLS requests into multiple different chains to and from (Internet-dependent) app-specific servers (LIFX, Spotify, etc.).
This seems very strange to me since when I first noticed this behavior I disabled all apps on my Homey and saw no difference to network traffic (or TLS-Packets) at all. I will try disabling everything again and do another packet capture during the reboot.
EDIT:
Doing this stops nearly all TLS-Packets, but now I just get my traffic filled with corrupted TCP-Packets (going and coming from the same server in Ireland)
I have tried disabling all my apps again with and without blocking access to the Athom Cloud, now I am seeing thousands of TCP re-transmission errors, mostly coming from AWS Servers and supposed to go to Homey (but failing to do so correctly, hence the re-transmission) with nearly zero successful TCP transmissions in-between. Maybe the Server tries to push data to apps, that are no longer running (because I have disabled them all) and that’s why the traffic does not stop regardless of what apps I have installed or not? I am not sure if this is intentional behavior, it seems kind of pointless to me to push data to an app that is not running…
My Homey doesn’t do DNS requests for these URLs though, so I don’T think blocking them in the Router’s firewall should change anything, as far as I know.