this post was submitted on 26 Jan 2024
168 points (88.9% liked)

Privacy

31942 readers
799 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.

Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.

Oh! Also, it’s been uploading and downloading 100+ MB of data a day.

you are viewing a single comment's thread
view the rest of the comments
[–] starkzarn@infosec.pub 110 points 9 months ago (3 children)

It's just an NTP pool. The device is trying to update it's time. Likely it made many other requests to other servers when this one didn't work.

Maintaining up to date lists of anything is a game of whack a mole, so you're always going to get weird results.

If you're actually unsure, pcap the traffic on your pfsense box and see for yourself. NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.

That said, I'd still agree with the other poster about local integration with home assistant and just block that sucker from the Internet.

[–] czardestructo@lemmy.world 3 points 9 months ago

Agreed. To add to this because the traffic is being blocked it keeps retrying so it's inflating the traffic size. I have about 14 tplink WiFi switches on a vlan and my pfsense rule for NTP is less than 6 megabytes. OP is conflating legitimate NTP traffic with Tor.

[–] MonkderZweite@feddit.ch 3 points 9 months ago (1 children)

NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.

Wait, it is? Pretty sure chrony.conf has some auth stuff in it.

[–] Bronco1676@lemmy.ml 10 points 9 months ago (1 children)
[–] lemming741@lemmy.world 2 points 9 months ago* (last edited 9 months ago)

Similar to forwarding all DNS traffic to my pihole, I also forward 123 to the opnsense NTP server.