Yet another reason to be careful about "Internet of Things" devices.
It looks like it'd be a good idea to blackhole several of these command and control DNS names, and do some packet sniffing to see if any devices on your network are reaching out or doing anything suspicious.
EDIT: Was asked to provide more specific mitigation techniques that OpenWrt enables for you. Consider some of the following ideas:
- Putting Internet of Things devices on a separate VLAN, a little like the concept of a DMZ https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_dmz
- Consider preventing devices on your separate VLAN from exceeding some upload speed such as say 1/4 of your upload capacity. This can be done with SQM by configuring the "download" speed of the wifi device they are connected to. https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm?s=sqm
- Consider installing Adblock and looking for a list which blocks DNS lookups of known "command and control" servers https://openwrt.org/docs/guide-user/services/ad-blocking
- Consider doing bandwidth monitoring so you could detect if you are part of a botnet spamming upload bandwidth towards distributed denial of service targets: https://openwrt.org/docs/guide-user/services/network_monitoring/bwmon?s=bandwidth&s=monitoring
I'm not familiar with the different bandwidth monitoring solutions but perhaps others can suggest which ones are low-overhead and appropriate for such usage.