DNS-rebind attack detected

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
View previous topic :: View next topic  
Author Message
hifiboy
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 45
PostPosted: Sat Dec 25, 2021 23:16    Post subject: DNS-rebind attack detected Reply with quote
For everthing I am accessing, I am getting the below " possible DNS-rebind attack deteced"

[i]Dec 26 00:05:45 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: dit.whatsapp.net
Dec 26 00:06:27 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: dit.whatsapp.net
Dec 26 00:06:30 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: sdkconfig.ad.intl.xiaomi.com
Dec 26 00:13:45 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: googleads.g.doubleclick.net
Dec 26 00:13:45 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: googleads.g.doubleclick.net
Dec 26 00:13:59 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: config.unityads.unity3d.com
Dec 26 00:13:59 DD-WRT daemon.warn dnsmasq[6614]: possible DNS-rebind attack detected: config.unityads.unity3d.com


I am using r47900 build on netgear 7800. The connection is fibre broadband (only ip4) via a modem and then to router. For DNS I ignored WAN dns from ISP and have enabled adguard dns family dnscyprt from the options avilable via GUI. Did not make any other chnages

How do I resolve this or is it normal?
Back to top View user's profile Send private message
Sponsor
hifiboy
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 45
PostPosted: Sat Dec 25, 2021 23:35    Post subject: Reply with quote
screenshot
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14242
Location: Texas, USA
PostPosted: Sun Dec 26, 2021 0:12    Post subject: Re: DNS-rebind attack detected Reply with quote
hifiboy wrote:
For DNS I ignored WAN dns from ISP and have enabled adguard dns family dnscrypt from the options available via GUI. Did not make any other changes

How do I resolve this or is it normal?

You have to allow rebind to localhost, most likely:
Code:
rebind-localhost-ok

At most you have to allow rebinding of each domain:
Code:
rebind-domain-ok=[<domain>]|[[/<domain>/[<domain>/]

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
hifiboy
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 45
PostPosted: Sun Dec 26, 2021 0:29    Post subject: Reply with quote
Thank you. I think it worked as suggested.

Dec 26 00:16:17 DD-WRT daemon.info dnscrypt-proxy[15599]: Server key fingerprint is 6519:DAD5:69D7:E6B1:C1B1:94AF:CD0B:B214:3992:47CB:FFCD:848C:090E:222E:D3E5:5841
Dec 26 00:16:17 DD-WRT daemon.notice dnscrypt-proxy[15599]: Proxying from 127.0.0.1:30 to XXXXX:5443
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: started, version 2.86 cachesize 1500
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack ipset no-auth cryptohash DNSSEC loop-detect inotify no-dumpfile
Dec 26 00:16:17 DD-WRT daemon.warn dnsmasq[15611]: warning: ignoring resolv-file flag because no-resolv is set
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq-dhcp[15611]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 1d
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using nameserver 127.0.0.1#30
Dec 26 00:16:17 DD-WRT user.info : [dnsmasq] : daemon successfully started
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for test
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for onion
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for localhost
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for local
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for invalid
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: using only locally-known addresses for bind
Dec 26 00:16:17 DD-WRT daemon.info dnsmasq[15611]: read /etc/hosts - 2 addresses
Dec 26 00:16:17 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully stopped
Dec 26 00:16:17 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Dec 26 00:16:18 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully stopped
Dec 26 00:16:18 DD-WRT user.info root: WireGuard number of non failed tunnels in fail set: 0
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : vpn modules successfully unloaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_conntrack_proto_gre successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_nat_proto_gre successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_conntrack_pptp successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [vpn modules] : nf_nat_pptp successfully loaded
Dec 26 00:16:19 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Dec 26 00:16:19 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started

No more mention in the logs and above produced looks okay
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum