What is that noisy IoT device on my network?

That's the first question that popped up when I installed AdGuard Home on my Raspberry Pi last night. Within minutes, hundreds of queries went out for these two domains:
  • xx.ott.io.mi.com
  • xx.ot.io.mi.com
What is mi.com, you ask. It is Xiaomi's US website. I don't (or thought I didn't) have an Xiaomi device on my network because, wel, I'd never bought a Xiaomi device.

Except, it turns out, someone in my household did. It's just not sold as a Xiaomi device. It's a vacuum, specifically a Roborock S4. That robot sits idle for 2-3 days, does 45 minutes of work, then goes idle again. And when it's idle, tucked away under a bench, charging it's little battery and complaining on the app about dirty filters, it's pinging those two addresses 119,000 times a day.
Screen shot of AdGuard's dashboard showing 58,369 and 58,360 blocked queries respectively
I mean come ON
That screen shot was taken 24 hours after I set up AdGuard and blocked those two domains. Around 16 times a minute, every minute of every hour of every day.

So, if you're seeing crazy traffic on your network and need a place to start, look for down-market IoT devices that may have borrowed tech from Xiaomi.

If you have AdGuard, the custom filtering rules you want are:

||xx.ott.io.mi.com^$important
||io.mi.com^$important



If you're there adding those, toss in this one for your noisy Rokus as well.

||logs.roku.com

What is that noisy IoT device on my network?

That's the first question that popped up when I installed AdGuard Home on my Raspberry Pi last night. Within minutes, hundreds of querie...