Hide messages in the system logs

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
yoles
DD-WRT Novice


Joined: 01 Apr 2019
Posts: 4

PostPosted: Mon May 13, 2019 12:22    Post subject: Hide messages in the system logs Reply with quote
Hello,

I would like to hide a type of messages in the system logs. Since I have connected a new device, i have an incalculable number of messages like these :
Code:
May 13 13:11:35 DD-WRT daemon.warn dnsmasq[1725]: possible DNS-rebind attack detected: g2ij7c.vkcache.com
May 13 13:11:36 DD-WRT daemon.warn dnsmasq[1725]: possible DNS-rebind attack detected: b0pz1x.vkcache.com
May 13 13:11:37 DD-WRT daemon.warn dnsmasq[1725]: possible DNS-rebind attack detected: d98qw6.vkcache.com
May 13 13:11:37 DD-WRT daemon.warn dnsmasq[1725]: possible DNS-rebind attack detected: jkuhgf.vkcache.com
May 13 13:11:38 DD-WRT daemon.warn dnsmasq[1725]: possible DNS-rebind attack detected: ewnvbc.vkcache.com
May 13 13:11:38 DD-WRT daemon.warn dnsmasq[1725]: possible DNS-rebind attack detected: ovjo6s.vkcache.com


I think it's not recommended to disable "No DNS Rebind", so how can I hide these warnings from the System logs ?

Thanks in advance.
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon May 13, 2019 13:58    Post subject: Reply with quote
Rather than disabling rebind attack protection entirely, you can just make exceptions for those specific domains by adding the following to the Additional DNSMasq Options field on the Services page.

Code:
rebind-domain-ok=/g2ij7c.vkcache.com/jkuhgf.vkcache.com/ovjo6s.vkcache.com


Or else the entire domain name (if that seems appropriate).

Code:
rebind-domain-ok=vkcache.com

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
yoles
DD-WRT Novice


Joined: 01 Apr 2019
Posts: 4

PostPosted: Mon May 13, 2019 16:23    Post subject: Reply with quote
Many thanks, but is it safe to allow this DNS rebind for the domain vkcache.com ? I don't know why I have these messages.

Thanks in advance.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon May 13, 2019 17:32    Post subject: Reply with quote
Well that's a different issue. When you said you wanted to remove the messages, I assumed you knew them to be safe. That sometimes is the case. But without any context, it's impossible for anyone else to know if it's safe or not. And if you don't know, then instead of hiding the messages, you need to determine the cause. That's the point of having the warning messages.

https://en.wikipedia.org/wiki/DNS_rebinding

P.S. FWIW, given those rather cryptic domain names, it does look like a real DNS rebind attack.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
yoles
DD-WRT Novice


Joined: 01 Apr 2019
Posts: 4

PostPosted: Mon May 13, 2019 21:40    Post subject: Reply with quote
Thanks, if the router prevents these attacks, it's good for me. So, I would like to hide these warnings without disabling any protection on my router. just removing the display of this type of messages at Syslog windows.

I wonder if it's possible, many thanks.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon May 13, 2019 22:12    Post subject: Reply with quote
I don't know of any way to stop a process from accessing the syslog. That process (DNSMasq) would have to offer that option, and after looking through the DNSMasq documentation, I don't see it.

http://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Perhaps just block access to that domain, the same way ads are blocked. Add the following to Additional DNSMasq Options on the Services page.

Code:
address=/vkcache.com/0.0.0.0

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
yoles
DD-WRT Novice


Joined: 01 Apr 2019
Posts: 4

PostPosted: Tue May 14, 2019 10:57    Post subject: Reply with quote
Thanks, warnings have disapeared with your configuration.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum