Alozaros
DD-WRT Guru
Joined: 16 Nov 2015
Posts: 6437
Location: UK, London, just across the river..
|
 Posted: Sun Sep 25, 2016 11:00 Post subject: Questions about DNS rebind Attacks |
 |
for the first time i got this in my syslog from last night
possible DNS-rebind attack detected: rrx68giz-7cfe4b3e3edde72856fc8ee1080e4a6079fc55f2-mob.d.aa.online-metrix.net
possible DNS-rebind attack detected: rrx68giz-f026ebfb2c019f32ef092f5ef5ca73eb7f85edea-mob.d.aa.online-metrix.net
so i have a few questions:
how reliable is no DNS rebind settings in DD-WRT?
shall i use those lines instead:
iptables -I INPUT -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get wan_ipaddr` -j DROP
i believe or they gonna brick my router as it happens before or im wrong and they are ok to use....
and last thing is how i can find the IP range of the attack source or if anyone know's it please share ??
my router is R7000 with 30645M Kong if that makes more sense..
i use DNSMasq, Local DNS, and i run Ad blocking script + IPTables firewall stuff
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913 |
|
