possible DNS-rebind attack detected

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
View previous topic :: View next topic  
Author Message
jifffy
DD-WRT User


Joined: 08 Jun 2020
Posts: 58
PostPosted: Wed Jul 07, 2021 13:50    Post subject: possible DNS-rebind attack detected Reply with quote
My logs are filled with this
Code:
Jul  7 15:03:16 DD-WRT daemon.info hostapd: wlan1: STA 18:e7:f4:98:e9:99 WPA: group key handshake completed (RSN)
Jul  7 15:03:16 DD-WRT daemon.info hostapd: wlan0: STA 86:95:52:1c:0c:62 WPA: group key handshake completed (RSN)
Jul  7 15:03:16 DD-WRT daemon.info hostapd: wlan0: STA fe:59:5f:00:f3:47 WPA: group key handshake completed (RSN)
Jul  7 15:13:55 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: push.services.mozilla.com
Jul  7 15:21:07 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul  7 15:21:12 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: api.weather.com
Jul  7 15:21:40 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: e4478.a.akamaiedge.net
Jul  7 15:21:47 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: api.weather.com
Jul  7 15:23:02 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: weather-analytics-events.apple.com
Jul  7 15:24:55 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: dns.cloudflare.com
Jul  7 15:25:29 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: dns.cloudflare.com
Jul  7 15:28:31 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul  7 15:28:33 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul  7 15:28:33 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: iphone-ld.apple.com
Jul  7 15:28:49 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: www.aviationweather.gov
Jul  7 15:30:14 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: dns.cloudflare.com
Jul  7 15:36:51 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: e4478.a.akamaiedge.net
Jul  7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul  7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul  7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul  7 15:41:44 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
Jul  7 15:41:47 DD-WRT daemon.warn dnsmasq[3791]: possible DNS-rebind attack detected: s3.amazonaws.com
I have a Linksys 3200 ACM with pihole installed on an Odroid C2, I am not sure if that matters. What can be done.
Back to top View user's profile Send private message
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14221
Location: Texas, USA
PostPosted: Wed Jul 07, 2021 14:02    Post subject: Reply with quote
I presume you are still on r46979 on this router. Is your router and PiHole configured properly?

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329571
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
jifffy
DD-WRT User


Joined: 08 Jun 2020
Posts: 58
PostPosted: Wed Jul 07, 2021 15:51    Post subject: Reply with quote
kernel-panic69 wrote:
I presume you are still on r46979 on this router. Is your router and PiHole configured properly?

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329571

I am on DD-WRT v3.0-r47000 std (06/28/21) my pihole is configured as follows
Code:
no-resolv
server=192.168.1.12
cache-size=2048
log-async=5
#strict-order
dns-forward-max=5096
min-cache-ttl=300
dhcp-option=6,192.168.1.12
My pihole IP is 192.168.1.12 and it seems to be working ok, blocking unwanted junk. So where is the problem ?

PS. Ok i see the problem, the Use DNSMasq for DNS was checked off, i unchecked it. Was this the correct thing to do?

PSS Problem solved, thanks guys.

Last edited by jifffy on Wed Jul 07, 2021 16:05; edited 2 times in total
Back to top View user's profile Send private message
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2976
Location: Germany
PostPosted: Wed Jul 07, 2021 15:58    Post subject: Reply with quote
is explained in the linked thread?

Quote:
Please do not add "Additional Dnsmasq Options" on the Router.


Quote:
if you still want to use the DNS rebind protection you should enable this option directly in the DNSMasq of the Pi-Hole


Quote:
All required settings are shown in the picture.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum