Menu
What's new
By:
Filters Better Search

Use "Parental controls" for IoT security?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

Jerry12

Regular Contributor
ASUS router has "Parental controls" to block, per device:
  • Adult
  • Instant Message and Communication
  • P2P and File Transfer
  • Streaming and Entertainment
Q. Are these controls useful at all for securing IoT devices like NAS, thermostats, and smart TVs from contacting malware or spyware servers?

Q. Just what do these controls block?

This feature isn't designed for this but why not turn it on if it doesn't break anything? Well, actually, it turns out that Synology NAS cannot install packages with these controls enabled, and the symptom is simply that it spins for 3 hours and gives no diagnostic information at all. And trying to install another package during that time seems to quietly add it to the queue, AFAICT. It took me hours to figure that out.
 
@Jerry12, I don't consider a NAS to be an 'IoT' device. :)

But, filtering for 'Adult' content on your thermostat may help keep the heat down. :D
 
Why dont you put your IoT devices on guest wifi, so they are separated from your intranet.
 
That's good advice. I did put most of those devices on the guest wifi.

But they could still spy, join a bot net, or do other mischief.
 
Jerry12 said:
That's good advice. I did put most of those devices on the guest wifi.

But they could still spy, join a bot net, or do other mischief.
Click to expand...
On a weekly basis just log into you router and go to traffic analyzer and look at how much traffic each device is using. Not much no problem a lot then you need to see what the device is doing.

Human intervention is sometimes required to manage your network.
 
CaptainSTX said:
On a weekly basis just log into you router and go to traffic analyzer and look at how much traffic each device is using. Not much no problem a lot then you need to see what the device is doing.
Click to expand...

A good idea, indeed! I turned it on 4 days ago and discovered my Nexus 7 tablet uploading nearly 3 GB/day over SSL/TLS since then while just sitting and charging! It was a steady 117 MB/hour. Downloads were only 4-6 MB/hour.

Today I rebooted it and uninstalled some apps, then later rechecked its traffic. The uploads phased out (down to 0-200KB) between "3h" and "5h" on the Traffic Analyzer graph. Assuming that means 03:00 - 05:00, it was 5-8 hours before rebooting!

One Mac was also uploading ≈117 MB/hour, also phasing out by 05:00, then going up and down between that and 0 the rest of the day. I'll reboot it.

Any ideas about what's going on?
 
Correction: The Mac upload traffic started when the Nexus 7 ended.

Nexus 7 graph:
upload_2020-3-24_18-54-3.png


Mac graph:
upload_2020-3-24_18-54-29.png


What to look into now?
 
Last edited:
Have you also clicked on the apps button to see if it provides any other clues to what is going on?
 
CaptainSTX said:
Have you also clicked on the apps button to see if it provides any other clues to what is going on?
Click to expand...

Yes, the Apps button confirms that it's almost all SSL/TLS upload traffic.

The consistent upper bound might be due to rate limiting in the cable network.

upload_2020-3-25_9-38-11.png


upload_2020-3-25_9-38-42.png
 
One WAG is that it is the I-Pad backing itself up to the cloud. Go into the log/connections and see what IPs the I-Pad is connecting to. Might be able to determine where the I-Pad is connecting by seeing who the IPs belong to. If it is someplace outside the USA might be time to do a factory reset on the I-Pad.

If you are running Skynet you also could try blocking the offending destination IPs and/or countries and see what happens.
 
CaptainSTX said:
Go into the log/connections and see what IPs the I-Pad is connecting to.
Click to expand...

Log/Connections is interesting!

The tablet has been fine since a few hours before (!) rebooting it. It's the Macbook Air that's now doing most of the SSL/TLS uploads and the Nest Hello has also joined in.

To test a hypothesis that a browser tab was doing the SSL/TLS uploads, I closed most of the MBA's Chrome windows, restarted Chrome, and quit everything else. Then it was used for a video conference. Traffic Analyzer shows its SSL/TLS uploads have been down to 11 - 65MB for 4 hours.

Log/Connections showed lots of connections. I ran whois on the IPs. I'll check again when it's not in use.
 
BTW the Nest Hello just has one connection and that's to GOOGLE-CLOUD which seems fine but its upload traffic was <2KB/day for the previous few days and going up and down today, peaking at 125MB/hour.

Is Traffic Analyzer straightforward to interpret or complicated by subtleties, e.g. does it confuse clients after DHCP assignments change? (I doubt the DHCP assignments are changing but this would explain the traffic hog handoffs.)

Thanks for the suggestions.
 
Last edited:
You must log in or register to reply here.

Similar threads

vlord
AdGuardHome Adguard Home Parental Controls
Replies
6
Views
3K
vlord
vlord
T
Parental Controls and time scheduling causing crashes?
Replies
1
Views
668
arrgh
arrgh
TheLyppardMan
Security for IoT devices
Replies
13
Views
2K
bennor
B
H
Parental controls : Web vs app?
Replies
2
Views
1K
NoKlu
N
R
Help me choose nice router for parental control
Replies
8
Views
2K
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
R Parental Controls - Help ASUS Wireless 6
R Having connectivity problems with IOT Bosch CT200 Heating Controller ASUS Wireless 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 722 (members: 31, guests: 691)
Top