What Really Happens On Your Network? Part Eight


#1

Originally published at: https://pi-hole.net/2018/09/19/what-really-happens-on-your-network-part-eight/

Just last week, we had a post of things people have discovered happening on their networks. But there is no shortage of these types of posts, so here is another collection of them or you can read previous iterations of these type of posts.

Read on to find out more to find out what people discovered happening on their networks, thanks to Pi-hole.

Queries for strange domains or strange patterns on the graphs

This user saw regular queries to baidu.com from a Wi-Fi amplifier. It turned out this–along with other domains–were the ones the company selected to query in order to verify Internet access.

This user saw queries to a strange domain, but nothing else is known about it.

We have seen reports of users finding devices that try to continually query domains to verify Internet connectivity. For example, this user saw a large spike in queries in the middle of the night.

This user saw a large spike in queries to a marketing, analytics, and engagement company on a Pixel2.

Queries to this .cc domain were originating from a UniFi Security Gateway, but no other information was disclosed in the thread.

This person saw one of their family member’s work device making a lot of queries while the device was asleep in a laptop bag. The most likely thing that happened here is that the device was querying all sorts of local domains when it was disconnected from the VPN, as others in the thread seem to support this theory.

Analytics, Telemetry, Advertisements, And Tracking

Amazon, Roku, and Sonos were the top three offenders on this network that were blocked by Pi-hole (not to mention the other tracking domains in their list).

Here’s a case of Roku sending back viewing habits and more back to Roku’s mothership.

Sonos also likes to know what you’re doing with their devices and how you’re using them. This has been reported by more than one user.

This HP Envy printer phones home every hour.

According to one user, Malwarebytes collects telemetry from it’s users as seen below.

This user’s Washington Post app desperately tries to reach out to an analytical domain, as does this user’s Android phone.

Excessive Queries For Domains

This user switched to a new Google Pixel phone and saw a massive jump in queries generated by Google Music.

It’s also interesting to see how domains behave once they are blocked by Pi-hole. In the case of Comcast, blocking it results in devices trying to reach out excessively to the domain trying to re-establish contact.

NVIDIA is another example where the user blocked the domain and it generated tens of thousands of queries trying to re-establish contact.

This user saw a massive spike of 28,000 queries in the middle of the night for a Google connectivity check.

Other Random Things People Have Found

There is no shortage of posts about these sorts of things. Below is a large list of posts that are very similar to the ones already described in detail above or ones that didn’t have a nice screenshot and weren’t a great fit for this post, but they are left here for those that are curious about those things people have discovered.

ftl-blast2.gif


Philips Hue hub caught pants-down trying to call China.
Greetings: A quick hello
Bad link in "What Really Happens On Your Network"