Outside Base pinging Google.com

Hi,
I’ve noticed a client in my network consistently pinging www.google.com. Turns out the client is the Wyze Outside Base. It reaches out to Google.com exactly at min:14sec and at min:44sec. This adds up to several thousand connect attempts every week.
This is not the type of behavior I expect from a professional, well behaved client in my network.
What is going on, why is this needed, and how can I turn this off?

Markus

3 Likes

Welcome back @markus!
I haven’t seen any reports of this and I can’t see any why this could happen. Could you provide a screenshot of the activity from the base?


I’m punishing myself for attempting do use this forum on my phone…
Are the screenshots coming through?

2 Likes

I have read online that pinging google is often a practice done by companies to have their devices determine if the internet is connected/working and how good the connection is and use those results to make determinations of other sorts. If Wyze is doing this, I’d imagine it is for this same reason as I’ve read it’s fairly common practice for lots of internet connected devices as some kind of standard.

I personally never understood it, why shouldn’t the devices only care about the connection to their own server? Why ping a 3rd party at all? I guess it has something to do with reliability and standardization or something. Since you are saying it happens exactly every 30 seconds, I am pretty confident that’s what’s going on.

2 Likes

Yes, your screenshots came through great

It’s a little stranger still. Those entries are labeled “queries”, as in DNS queries, and your device reports it satisfied the query from cache. That would mean it’s not pinging anything at all and also not verifying anything about available Internet connectivity? All the base is doing is executing a DNS query (nsloookup)?

Or perhaps it is pinging after the query but you just used the DNS query log as available evidence of the activity.

What you are seeing here is just the DNS query log (I’m running my own DNS server). So, you are only seeing the DNS query; what this Wyze client is doing with the target domain, I do not know. I used the word “ping” in the sense of “reaching out” not actually the ping command.
It is because of these DNS queries that I found this behavior. Here is another screenshot of the client behavior from a DNS perspective over the course of 5 minutes yesterday.

I understand that IOT devices need to connect to various servers during the course of operation but this is not acceptable, neither from the target (why Google and not a target that is actually relevant to operations) nor from a frequency perspective.

1 Like

It’s also, to use a more old fashioned term, rude. As both you and Carver imply, Wyze should test against its own public sites, not take up Google’s resources so frequently. While unlikely, if Google ever rebrands, goes down, or decides simply to block ICMP (entirely likely) then the base will have problems.

1 Like

Same issue here. I’ve blackholed the request using PiHole (DNSMASQ) for this and other devices. And don’t get me started on my Netgear router…

What is the exact blacklist that was created for the DNS query? If you want to see chatty devices install a Roku on your network…

But if you blackhole this request don’t you blackhole the whole google.com domain (searches, etc)?

Many routers will allow you to block a certain MAC address from a certain IP address. I have used this many times to block some devices from things, but let my devices keep working.

Recently, my daughter was missing over 30 assignments in school, so I blocked out youtube I{P’s and her favorite games’ IP’s just for all her devices until she caught up on homework (VPN’s and proxies were blocked at the DNS level for all devices except mine, and I shut off her mobile data…and she isn’t techy enough to know how to work some of the loopholes…and all she had to do was catch up on her missing homework and I’d turn everything back on anyway). The point is, you most definitely can block a certain address just for a certain device.

Furthermore, google uses TONS of IP addresses…I mean, even to just block youtube I had to block like a dozen different RANGES of IP addresses because if only one was blocked, it would just use another to connect automatically. I found the same thing with Google…so blocking 1 google IP address on the entire network shouldn’t really affect any other devices trying to actually use google. Additionally, the ping is probably a google IP address, but I bet if you watched what address your device uses when you go to google . com it would be using a different IP address anyway.

My question was directly for blacklisting the DNS request in pihole by chrisjost.

You can specify client level blocking of domains. The 101 and 128 addresses are cams and are blocked while my phone still goes through. Pi-hole really let’s you see what’s going on.

Literally www.google.com

You can also create a regex. I have one that catches anything containing the word Facebook.

1 Like

Thanks, just wanted to see if you had a regex setup or if you were using the new client group function… I suppose there is nothing stopping you from doing both.

1 Like