So why is Netflix hitting me with Dradis?
-
@johnpoz Don't be naïve, John. Maybe it'd help to think of it more like people trying to actually understand the technology they use.
You're welcome for the report.
-
@tinfoilmatt and I was trying to help - pointing out that its not them using dradis against them - and just his iot using hard coded DNS.
Every little thing you see in a log doesn't mean your under attack, or compromised or something being bad - sometime, most of the time with ips/ids its going to be noise.. If you want to use it properly there is a huge learning curve - its not just push a button.
Most users have zero use for IPS/ids in their home - and without understanding how it works your just going to think the sky is falling.
-
@johnpoz said in So why is Netflix hitting me with Dradis?:
and just his iot using hard coded DNS
Which you have no idea the purpose of. You're equally speculating.
-
Also if it was a company as big as Netflix doing something - why would they not just hide the traffic in their normal traffic vs doing a DNS query in the clear?
This isn't speculation - its experience and common sense
-
@johnpoz You'd have to ask Netflix.
-
@tinfoilmatt Sure go ask them.. Or its just a simple DNS query and not some form of trying to sneak something into your network.
-
@johnpoz said in So why is Netflix hitting me with Dradis?:
Or its just a simple DNS query and not some form of trying to sneak something into your network.
Which, again, is equal speculation on your part.
-
@tinfoilmatt Yeah I am just speculating that a dns query is just a dns query <rolleyes>
-
@johnpoz said in So why is Netflix hitting me with Dradis?:
@tinfoilmatt Yeah I am just speculating that a dns query is just a dns query <rolleyes>
Your attempts to manipulate my words reveal the strength of your position.
-
You could block that if you want, but when they can't talk they tend to get more chatty about it - asking more and more often, etc..
Also a noob here myself lol. That's pretty much like my Netgear router despite being in AP mode, pretty much spams 8.8.8.8/8.8.4.4 for connectivity checks, even though its DNS in its web interface is set to the pfsense firewall which in turn is set to Cloudflare and Quad9. When 8.8.8.8/8.8.4.4 got blocked as part of the DoH IP list in pfblockerng it became even more aggressive and I had a spam of block alerts like every 3-5 secs if not more often at times lol. If I recall something similar happened when I had "Chromecast with Google TV" dongles a few years ago, so I'm not surprised.
-
@aivxtla My devices hammer
connectivitycheck.gstatic.com,gsas.apple.com,bing.com,ngw.dvr163.com(a Chinese NVR), etc. all day long. It is what it is.On this point specifically (i.e., DNSBL and/or IPBL), make sure to configure logging such that these queries/packets are 'sinked'.
