I have this old TP-Link smart lightbulb, it’s the only thing that’s IoT and on WiFi in my house.

Looking through pfBlocker logs for fun, and noticed it’s been trying to connect to the Tor network.

Oh! Also, it’s been uploading and downloading 100+ MB of data a day.

  • mozz@mbin.grits.dev
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    You’re the one that connected an impossible-to-security-update device to the internet. You can do plenty of home automation without it needing to be that way, if you’re open to a little more setup being involved in the process.

    • errorlab@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      10 months ago

      It’s on it’s own VLAN from the beginning. Wanted to poke around but never got to it.

      I still have it connected, want to use for practice.

  • Auzy@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    10 months ago

    Egh… More bad info. Seems to be prolific here on Lemmy

    And yeah, definitely not Tor (I happen to know the TPLink KASA HS100 protocol too). The chip running on them wouldn’t even have sufficient resources to run tor more likely lol

    Plus, as others have said, port 123 is NTP

  • StarkZarn@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    It’s just an NTP pool. The device is trying to update it’s time. Likely it made many other requests to other servers when this one didn’t work.

    Maintaining up to date lists of anything is a game of whack a mole, so you’re always going to get weird results.

    If you’re actually unsure, pcap the traffic on your pfsense box and see for yourself. NTP is an unencrypted protocol, so tshark or Wireshark will have no problem telling you all about it.

    That said, I’d still agree with the other poster about local integration with home assistant and just block that sucker from the Internet.

    • lemming741@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Similar to forwarding all DNS traffic to my pihole, I also forward 123 to the opnsense NTP server.

  • Haystack@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    10 months ago

    Fwiw the TP link bulbs usually have a local API that Home Assistant has an integration for. You can use that and block their internet access - unless they’ve removed that feature. I only used one of these briefly because someone gave it to me. Usually just use cheap ZigBee bulbs. I would throw that one out though as someone else said it’s likely been compromised already…