Occasionally, I sniff my network. Usually when I wonder why my network light is blinking like mad on my modem despite there being no computers on. Or, so I thought, as it has always turned out to be something innocent. But I've got my blog all warmed up and ready for when it turns out not to be!
If something in my house was continuously transmitting a stream of audio, I'd notice. Very, very eventually, but I would notice. There's enough of us out there that this sort of thing is harder to sneak by than you might first guess. Home networks are easy to sniff because they're so empty, whereas my work network is a constant stream of mDNS, DHCP, and all sorts of other broadcast traffic to step through before I can see anything interesting.
(Also, yes, I'm eliding details like wired vs. wireless sniffing, etc. And I'm not talking about the router, though evidence online suggests there's a set of people periodically sniffing the router<->internet, too. And yes, clever clogs could try to time things to when people may not be looking, etc. The point is that the traffic is not as unwatched as you may think, not that the watchers are perfect.)
Isn't one of OpenDNS main features watching your network to find suspicious activity. If your network is asking openDNS to resolve DNS of black listed servers or something it could throw up a red flag.
Apart from OpenDNS I'm guessing companies like ESET (Antivirus) will monitor network activity and look for streaming audio and trigger something? Or maybe that's a more tailored alert.
OpenDNS does not have a great record (do they still modify NXDOMAIN responses?) - are you sure you want to send them information about everything you're connecting to?
This is just untrue. Even when we modified NXD responses, we were always open about it and let people control their experience.
We are probably the fastest growing (revenue) security company in the market today, and our good reputation is a big part of it. I say fastest growing for at least companies north of $10m ARR. It's easy to be doing 1000% growth < $10m ARR. :-)
What if your TV provider is also your Internet provider (and also provides your modem)? Wondering if they could disguise or obscure this traffic if they control the network.
That's part of what I was trying to sweep under the rug, because there's a ton of details and caveats. In particular, while I'm sure it's possible, I personally do not have the hardware to intercept between the cable modem and its network.
However, for the smart TV, broadly speaking, they can disguise what the traffic is, but they are not capable of disguising that there is traffic, and without engaging in outright deception can't disguise where the traffic is going. (I mean that caveat about outright deception... it is theoretically feasible, of course.) (If the TV is wired-only, I'd have to insert my computer between the TV and the router. This is a few minutes with Linux routing commands. If it's wireless I just sniff the wireless.)
And many of the cases we are talking about are cases where the mere presence of traffic, or traffic in a certain shape ("a continuous 4kilobit stream" -> audio stream), is intrinsically suspicious. Netflix pouring megabytes into my console when I ask for a movie is not surprising; constant leaks coming out of my cell phone when I'm not actively using it would be, whereas occasional bursts to Google Play servers or my corporate email server wouldn't be. The topic of "metadata" is one that comes up a lot in these discussions, and here's an example of where that can play in our advantage for once... you can tell a lot just by looking at a stream's basic characteristics, no matter how encrypted the internals may be.
If something in my house was continuously transmitting a stream of audio, I'd notice. Very, very eventually, but I would notice. There's enough of us out there that this sort of thing is harder to sneak by than you might first guess. Home networks are easy to sniff because they're so empty, whereas my work network is a constant stream of mDNS, DHCP, and all sorts of other broadcast traffic to step through before I can see anything interesting.
(Also, yes, I'm eliding details like wired vs. wireless sniffing, etc. And I'm not talking about the router, though evidence online suggests there's a set of people periodically sniffing the router<->internet, too. And yes, clever clogs could try to time things to when people may not be looking, etc. The point is that the traffic is not as unwatched as you may think, not that the watchers are perfect.)