##########################################################################################

       ADBLK-22: Xiaomi global zone

##########################################################################################


Issue Type: Improvement 
-----------------------------------------------------------------------------------------

Issue Information
====================

Priority: Major					Status:      Closed
Resolution:  Done (2020-05-04 18:45:43)
Project: Adblock Lists (ADBLK)


Reported By: btasker					
Assigned To: btasker





Time Estimate: 0 minutes
Time Logged:   0 minutes


-----------------------------------------------------------------------------------------

Issue Description
==================

Xiaomi's apps seem to fallback onto a new DNS zone if they cannot resolve their initial
one.

In ADBLK-19 the zone app.chat.xiaomi.net was blocked.

Looking in my logs, can see that our Xiaomi devices are trying
fr.app.chat.global.xiaomi.net instead

-----------------------------------------------------------------------------------------

Issue Relations
================
	
	- relates to ADBLK-19: Xiaomi Data-Grubbing


-----------------------------------------------------------------------------------------

Activity
==========

	
-----------------------------------------------------------------------------------------
2020-05-04 18:40:48              btasker
-----------------------------------------------------------------------------------------

Just like it's original counterpart, the record is a CNAME out to an AWS ELB

-- BEGIN SNIPPET --

May  4 11:31:50 dnsmasq[26416]: reply fr.app.chat.global.xiaomi.net is <CNAME>
May  4 11:31:50 dnsmasq[26416]: reply
fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.194.120.89
May  4 11:31:50 dnsmasq[26416]: reply
fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.185.225.129
May  4 11:31:50 dnsmasq[26416]: reply
fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.184.95.216
May  4 11:31:50 dnsmasq[26416]: reply
fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.185.217.8
May  4 11:31:50 dnsmasq[26416]: reply
fr-app-chat-global-xiaomi-net-1516654448.eu-central-1.elb.amazonaws.com is 18.185.0.130

 -- END SNIPPET --

Seem to see log entries at various times.

nmap shows they're accepting websockets

-- BEGIN SNIPPET --

ben@milleniumfalcon:~$ nmap -sV 18.194.120.89

Starting Nmap 7.01 ( https://nmap.org ) at 2020-05-04 18:37 BST
Nmap scan report for ec2-18-194-120-89.eu-central-1.compute.amazonaws.com (18.194.120.89)
Host is up (0.024s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE      VERSION
80/tcp   open  http
443/tcp  open  https
5222/tcp open  xmpp-client?
3 services unrecognized despite returning data. If you know the service/version, please
submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.01%I=7%D=5/4%Time=5EB052D7%P=x86_64-pc-linux-gnu%r(GetRe
SF:quest,42,"HTTP/1\.1\x20418\x20WebSocket\x20protocol\x20error\r\nContent
SF:-Type:\x20text/html\r\n\r\n")%r(FourOhFourRequest,42,"HTTP/1\.1\x20418\
SF:x20WebSocket\x20protocol\x20error\r\nContent-Type:\x20text/html\r\n\r\n
SF:");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.01%I=7%D=5/4%Time=5EB052E1%P=x86_64-pc-linux-gnu%r(GetR
SF:equest,42,"HTTP/1\.1\x20418\x20WebSocket\x20protocol\x20error\r\nConten
SF:t-Type:\x20text/html\r\n\r\n")%r(FourOhFourRequest,42,"HTTP/1\.1\x20418
SF:\x20WebSocket\x20protocol\x20error\r\nContent-Type:\x20text/html\r\n\r\
SF:n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5222-TCP:V=7.01%I=7%D=5/4%Time=5EB052D7%P=x86_64-pc-linux-gnu%r(Get
SF:Request,42,"HTTP/1\.1\x20418\x20WebSocket\x20protocol\x20error\r\nConte
SF:nt-Type:\x20text/html\r\n\r\n")%r(FourOhFourRequest,42,"HTTP/1\.1\x2041
SF:8\x20WebSocket\x20protocol\x20error\r\nContent-Type:\x20text/html\r\n\r
SF:\n");

Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 70.20 seconds


 -- END SNIPPET --

	
-----------------------------------------------------------------------------------------
2020-05-04 18:43:15              git
-----------------------------------------------------------------------------------------


-- BEGIN QUOTE --


Repo: adblocklists
Commit: 8d3fa37c98cb52095f349663fb26fdc4847b96e5
Author: B Tasker <github@<Domain Hidden>>

Date: Mon May 04 18:40:56 2020 +0100
Commit Message: ADBLK-22 block fr.app.global.xiaomi.net and whatever variations they come
up with for the third-level domain



Modified (-)(+)
-------
config/regexes/xiaomi.txt



-- END QUOTE --

*Webhook User-Agent*


-- BEGIN SNIPPET --

GitHub-Hookshot/7431eee
 -- END SNIPPET --

https://github.com/bentasker/adblocklists/commit/8d3fa37c98cb52095f349663fb26fdc4847b96e5


	
-----------------------------------------------------------------------------------------
2020-05-04 18:45:33              btasker
-----------------------------------------------------------------------------------------

For completeness, also spotted weatherapi.market.xiaomi.com in the logs. I've not blocked
that in my global DNS service, but have chosen to block at home.
	
-----------------------------------------------------------------------------------------
2020-05-04 18:45:43              
-----------------------------------------------------------------------------------------

btasker changed status from 'Open' to 'Resolved'
	
-----------------------------------------------------------------------------------------
2020-05-04 18:45:43              
-----------------------------------------------------------------------------------------

btasker added 'Done' to resolution
	
-----------------------------------------------------------------------------------------
2020-05-04 18:45:48              
-----------------------------------------------------------------------------------------

btasker changed status from 'Resolved' to 'Closed'