Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
AndroidTV accessing my domain provider
« previous
next »
Print
Pages: [
1
]
Author
Topic: AndroidTV accessing my domain provider (Read 745 times)
teclab
Newbie
Posts: 7
Karma: 0
AndroidTV accessing my domain provider
«
on:
March 01, 2024, 09:00:11 am »
Hi all,
Recently my email account was blocked because my domain/email provider told me he had an attack from my IP:
IM360 WAF: Infectors. Dirb like fuzzing||MVN:REQUEST_FILENAME||MV:/debian/pool/main/f/felix-shell/felix-shell_1.4.3.orig.tar.xz||T:APACHE||
That's when I started to watch my traffic towards my provider and realized that not only the PC running Outlook is contacting my provider, but also my Android TV. See screenshot attached.
Now I have a lot of questions:
What reasons could Android TV do that?
Anyone else observed that same behaviour?
The screenshot shows only a live view, but is there any history stored I can view?
How can I analyze the traffic further?
Appart from this Android TV anomaly, what would you do now?
thx!
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: AndroidTV accessing my domain provider
«
Reply #1 on:
March 01, 2024, 02:30:22 pm »
Quote from: teclab on March 01, 2024, 09:00:11 am
what would you do now?
Dumb down your smart TV by taking it off the LAN and connect a device you can control and trust more (e.g. Kodi on RPi).
It looks like your TV is subsidised by surveillance at best and/or infected by malware at worst.
Bart...
Logged
CGrisamore
Newbie
Posts: 25
Karma: 1
Re: AndroidTV accessing my domain provider
«
Reply #2 on:
March 01, 2024, 05:39:58 pm »
I have a 2015 Sony TV running Android and shortly after installing Adguard Home I noticed that the Netflix and Vudu apps were connecting to domains (presumably sending telemetry) and my TV was contacting a Sony.net domain address also. I blocked those with custom filtering rules in Adguard Home. Looking at my Adguard stats over the last 24 hours the TV has made over 5,000 connection attempts to reach Netflix and I don't even have an active Netflix account.
Note: if you go this route you will probably need some firewall rules to force DNS queries through Adguard (or Pihole) as many embedded devices will use 8.8.8.8 effectively bypassing your Pihole or Adguard blockers unless you reroute DNS queries. I also have 3 Roku devices and they do the same thing.
Logged
teclab
Newbie
Posts: 7
Karma: 0
Re: AndroidTV accessing my domain provider
«
Reply #3 on:
March 02, 2024, 11:23:08 pm »
Actually I figured it out.
In my DNS A Record there was a wildcard *.mydomain.at
This led to my Sony TV searching for wpad.mydomain.at which actullay should have stayed inside my private network, but now went public.
It also alarmed my domain provider because I had my debian bookworm mirror wrongly setup to debian.mydomain.at which then spamed my provider, because there was no such private domain, and eventually shutdown my IP.
I learned a lot this weekend ...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
AndroidTV accessing my domain provider