I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.

Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.

Oh! Also, it’s been uploading and downloading 100+ MB of data a day.

  • StarkZarn@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    It’s just an NTP pool. The device is trying to update it’s time. Likely it made many other requests to other servers when this one didn’t work.

    Maintaining up to date lists of anything is a game of whack a mole, so you’re always going to get weird results.

    If you’re actually unsure, pcap the traffic on your pfsense box and see for yourself. NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.

    That said, I’d still agree with the other poster about local integration with home assistant and just block that sucker from the Internet.

    • MonkderZweite@feddit.ch
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.

      Wait, it is? Pretty sure chrony.conf has some auth stuff in it.