Possible DNS Rebind attack

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
hushcoden
DD-WRT Novice


Joined: 30 Jan 2018
Posts: 17
PostPosted: Sat Jun 09, 2018 15:56    Post subject: Possible DNS Rebind attack Reply with quote
Router: Netgear R7000

Firmware: DD-WRT v3.0-r36070M kongac (05/31/2018)

Kernel: Linux 4.4.134 #568 SMP Thu May 31 11:02:32 CEST 2018 armv7l

Status: Up and running for 6 days and 5 hours

Reset: No

With this version my syslog started to be plagued with the following messages:
Code:
daemon.warn dnsmasq[1391]: possible DNS-rebind attack detected: 14-0.19-a3000479.10002.170c.22d5.2f4a.210.0.7wt294ll6pmfi7sstrgn5eb1nj.avts.mcafee.com


I don't recall having ever seen those messages before, should I be concerned? I have hundreds of those...
Back to top View user's profile Send private message
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6437
Location: UK, London, just across the river..
PostPosted: Sun Jun 10, 2018 9:51    Post subject: Reply with quote
if your router is behind another router with different DNS settings that's what is all about...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
hushcoden
DD-WRT Novice


Joined: 30 Jan 2018
Posts: 17
PostPosted: Sun Jun 10, 2018 12:10    Post subject: Reply with quote
Nope, my R7000 is connected to a ZyXEL modem, that's it...

And like I said, I don't recall having those messages in the previous firmware versions...
Back to top View user's profile Send private message
hushcoden
DD-WRT Novice


Joined: 30 Jan 2018
Posts: 17
PostPosted: Sun Jun 10, 2018 18:59    Post subject: Reply with quote
Many thanks for the thorough explanation !

One of my laptop's got McAfee Antivirus Plus, so I reckon it's the guilty of it...

I will maybe uninstall it and replace it with ZoneAlarm...
Back to top View user's profile Send private message
jordancaver123
DD-WRT Novice


Joined: 17 May 2018
Posts: 2
PostPosted: Mon Jun 11, 2018 4:59    Post subject: Reply with quote
thans
Back to top View user's profile Send private message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6437
Location: UK, London, just across the river..
PostPosted: Mon Jun 11, 2018 9:49    Post subject: Reply with quote
TBH in my case it happens with 2 x DD-WRT routers in a chain.. and not always, yes on some builds its there and on some builds its not it must be an a DNSmasq related issue..

but anyway, McAfee, Zonealarm, Norton, all the commercial
AV are big slap in the face...a pure marketing trick...
in all my history of been behind a computer, i keep internet hygiene, and never used any of those commercial AV as they are full of backdoors and tons or bloatware and resource mining stuff...
What i do have is MalwareBts and ClavAV the best and light combo but hardly ever seen any use of those ...in my case
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
hushcoden
DD-WRT Novice


Joined: 30 Jan 2018
Posts: 17
PostPosted: Mon Jun 11, 2018 18:17    Post subject: Reply with quote
You probably right, I will give ClamAV a try...

Thanks for the heads-up.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum