Using Pi-hole, users have discovered unexpected, strange, or disturbing things happening on their network. In fact, so many things have been discovered (and discussed publicly), that this is our third time posting a list of things people have found happening on their networks.
This post–and it’s predecessors–are meant to be educational in nature; you may not know what is happening on your network, but Pi-hole can provide some insight.
Pi-hole is an ad blocker, but since it works on the DNS level, it can double as a network monitoring tool. There are several apps specifically designed to view network traffic; using Pi-hole for this purpose just provides a high level overview such as which client queried which domain.
Onto The Examples
Smart TVs And Other Devices Gone Wild
This isn’t the first time we’ve seen Smart TVs querying domains, “calling home”, or even spying on you, but it is interesting because most of the time you would not see this sort of behavior since these devices often don’t let you adjust the DNS settings.
- A FirestickTV querying Netflix even when in sleep mode
- The LG TV that likes Netflix even when it’s not being used
- The Chinese phone that (tried) to leak data to baidu.com
- The Sony Bravia TV looking for advertisements to show you
- The Vivint alarm that likes to make sure spacemonkey is still around
Networking Hardware Queries
In the previous posts, many users had their routers calling home, or sending out an absurd amount of queries. It seems to continue…
- The Wi-Fi extender asking what time it was 800 times per hour
- The TP-Link router that phoned home more than ET
- pfSense querying a strange domain name (34.203.250)
- The offline NAS that is a pain-in-the-NAS
- Netgear and Roku
Guests On Your Network
- When your friend joins your network and floods your Pi-hole with 33,000 queries in two hours…something is going on here.
- Spike in DNS queries when a friend connects his smartphone
Other Random Examples
- Found a strange client using Pi-hole
- A phone contacting appboy.com every few hours
- Top domains are udp and http
- Anti-cheating domain queried every second causing 10,000 queries
- Windows 10 contacting the mother ship thousands of times