The LuJam sensor is designed to access as few external sites as possible -- this is best practice for well engineered security products. Similarly, we've put a lot of effort into reducing the amount of data that is uploaded and downloaded, so there should be no significant impact on your network's performance after installing the agent.
The LuJam sensor accesses the following Internet sites:
https://api.lujam.com: this is the LuJam REST API server, and is used to provide feedback on the status of the network, as well as receive commands to band devices, upgrade the software, create new VPN accounts etc. If there are issues with DNS in the environment, the sensor will try to connect directly to 126.96.36.199 (IPV4 address for api.lujam.com)
https://lujam-datafeed.s3.amazonaws.com: this Amazon S3 bucket is used to store anonymised logs from the sensor.
https://lujam-updates.amazonaws.com: this Amazon S3 bucket is used to download signed updates and the latest intelligence feeds.
188.8.131.52 and 184.108.40.206: the Google DNS service and the quad9 DNS service are used as fall-back DNS servers for the LuJam services only (not other devices). This is required in environments where disabling DHCP also disables the DNS service running on the gateway. The Google service is also used to test connectivity with the Internet using ICMP.
- During an upgrade, the sensor may download additional Operating System packages needed to implement a new feature. These are downloaded from a well known, publicly available web site. Please contact firstname.lastname@example.org if your security team needs to know exactly what sites are involved.
When blocking a web site that is on LuJam's blacklists, the following addresses will be returned:
- 220.127.116.11 and/or 18.104.22.168: these are Amazon EC2 servers used to serve the "This page has been Blocked" web site, and can be accessed either via HTTP or HTTPS.
The main LuJam web page also uses the following as part of the signup process:
Note, some old sensors may use https://api.intel-centre.com via ports 2757 and 2758. These sensors will be upgraded as soon as they go live, and support for api.intel-centre.com will be removed in the early Summer of 2019.
These sensors will also use the following S3 buckets: