1. nathansw's Avatar
    Hello everyone,

    I've begun recently taking my home security setup more seriously and locking down my firewall.

    I have a blackberry passport running the latest OS, autoloaded post-shutdown and is working fine.

    However, for my WiFi to successfully connect to my local access point, I have to allow the passport outbound connectivity on http to 23.78.170.49

    NetRange: 23.72.0.0 - 23.79.255.255
    CIDR: 23.72.0.0/13
    NetName: AKAMAI
    NetHandle: NET-23-72-0-0-1
    Parent: NET23 (NET-23-0-0-0-0)
    NetType: Direct Allocation
    OriginAS:
    Organization: Akamai Technologies, Inc. (AKAMAI)
    RegDate: 2013-01-25
    Updated: 2013-01-25
    Ref: https://rdap.arin.net/registry/ip/23.72.0.0

    OrgName: Akamai Technologies, Inc.
    OrgId: AKAMAI
    Address: 145 Broadway
    City: Cambridge
    StateProv: MA
    PostalCode: 02142
    Country: US
    RegDate: 1999-01-21
    Updated: 2022-04-08
    Ref: https://rdap.arin.net/registry/entity/AKAMAI

    Any idea what's going on here? Why would I have to allow an outbound Akamai connection to simply connect it to my local Wireless network?

    Thanks,
    03-20-23 10:30 AM
  2. nathansw's Avatar
    Actually, looks like there are a few other IPs too, same deal, HTTP. I find this especially weird since all services are supposed to be offline & I skipped registration with BBID.
    Last edited by nathansw; 03-20-23 at 11:12 AM.
    03-20-23 10:55 AM
  3. Dunt Dunt Dunt's Avatar
    Service might be dead, but your phone doesn't know that and it keeps calling home (or where every else it was designed to call)... BlackBerry never allowed for "the end" and never pushed any updates to shut down these attempts to call home.


    Pretty sure Akamai handled some of the content delivery.... back when BlackBerry World had music and movies.
    03-20-23 11:34 AM
  4. nathansw's Avatar
    Any idea why to connect to my own local Wifi I have to allow outbound HTTP to these addresses? So weird. If I shut off the mobile network, it connects to WIFI no problem. If both are on, it has to be able to connect to those akamai addresses.
    03-20-23 11:40 AM
  5. Dunt Dunt Dunt's Avatar
    Any idea why to connect to my own local Wifi I have to allow outbound HTTP to these addresses? So weird. If I shut off the mobile network, it connects to WIFI no problem. If both are on, it has to be able to connect to those akamai addresses.
    Just something that was required by BlackBerry or their vendors....
    03-20-23 01:02 PM
  6. spARTacus's Avatar
    What do you mean by in order "...to connect to my own local wifi"? Does the connection attempt to wifi fail with some sort of bad password or failed connection message? Does the phone think there isn't any internet for that wifi SSID unless that http address is also allowed, like a "connected but no internet" state?
    03-20-23 05:23 PM
  7. nathansw's Avatar
    Exactly, "connected but no internet" state. Until I allow it's http outbound connection attempts through the firewall, to Akamai & others.
    03-21-23 10:04 AM
  8. spARTacus's Avatar
    How are you "allowing" or "not allowing" the traffic in question? At your Router Firewall or on the Passport via some sort of Firewall App?

    My guess is the destination in question is simply what the Passport uses to determine if it has a "connection to Internet" or not. I think almost every single device or OS does the same, probably using other different ping points. When on the Passport it says "connected but no internet", is the Passport still able to facilitate traffic to/with other internet addresses, regardless of it thinking there is no internet via that WiFi? Lots of Windows PCs/Laptops in the past would frequently not show the globe icon while also still able to successfully surf the internet.
    03-21-23 02:54 PM
  9. nathansw's Avatar
    I'm doing this at my router/firewall, not with any software on the Passport. I tried regular wifi activity when I had it locked down and wasn't allowing those outbound https attempts, and it wouldn't let me do anything. That's the part that really annoyed me, especially with no BIS or BB10 services even operational anymore. And my device was never registered with a BBID since autoloading it a month ago.
    03-21-23 03:02 PM
  10. spARTacus's Avatar
    So the Passport will specifically think it doesn't have a connection to the internet if traffic to those specific addresses does not successfully return, and worse the Passport will also prevent any other traffic attempts to any other addresses if it doesn't first get a successful return from those specific addresses? But, with cellular turned off it doesn't behave like that? And, the traffic in question is simple http traffic, not encrypted?
    03-21-23 03:23 PM
  11. nathansw's Avatar
    With cellular turned off, it acts the same bizarre way. It'll show that it has a full wifi connection by showing the wifi icon top right, but it behaves the same way as when cellular is on.

    The outbound traffic that I have to allow for this to work is unencrypted http traffic.
    03-22-23 08:42 AM
  12. Dunt Dunt Dunt's Avatar
    One has to wonder what happens when those "services" don't make the right reply.....
    03-22-23 09:12 AM
  13. spARTacus's Avatar
    With cellular turned off, it acts the same bizarre way. It'll show that it has a full wifi connection by showing the wifi icon top right, but it behaves the same way as when cellular is on.

    The outbound traffic that I have to allow for this to work is unencrypted http traffic.
    I suggest just letting the traffic through. Or, put a hardware switch between your access point and your gateway and then sniff the traffic, to give you confidence if it is indeed only just a simple call home check/return exchange.
    03-22-23 12:17 PM
  14. spARTacus's Avatar
    One has to wonder what happens when those "services" don't make the right reply.....
    Don't we already have the answer, in that the Passport will prevent further use of WiFi?
    03-22-23 12:18 PM
  15. nathansw's Avatar
    I've done a bit more research in the meantime and I'll add it here for anyone interested.

    Even post-shutdown newly autoloaded/activated phones, without BBID, reach out to the following domains:

    icc.blackberry.com
    pki.services.blackberry.com
    cs.sl.blackberry.com
    cse.doc.blackberry.com
    time.blackberry.com

    I've experimented with blocking all of these. The one that is associated with the issues mentioned above is icc.blackberry.com, which I allow so that my internet & wifi will continue to work properly. The others, I am dropping the outbound connection attempts, and haven't noticed any issues yet. I will update here should that change.
    03-26-23 03:30 PM

Similar Threads

  1. My Blackberry venture comes to an end (2020 - 2023)
    By Francesco Sani in forum New to the Forums? Introduce Yourself Here!
    Replies: 4
    Last Post: 03-31-23, 07:17 AM
  2. My Android BB Hub wont open emails 03/18/23
    By baspeed in forum Ask a Question
    Replies: 9
    Last Post: 03-26-23, 10:36 AM
  3. Replies: 1
    Last Post: 03-18-23, 02:04 PM
  4. Trying to resurrect my Q10
    By BlackBurreh in forum BlackBerry Q10
    Replies: 7
    Last Post: 03-14-23, 06:59 AM
  5. Replies: 1
    Last Post: 03-11-23, 09:45 PM
LINK TO POST COPIED TO CLIPBOARD