GenMatrix Posted September 6, 2020 Share Posted September 6, 2020 I've been getting quite a few of these every minute and wanted to make sure something isn't amiss on my network. I do have a Pi-Hole configured with a static address and selected as my DNS server. Link to comment Share on other sites More sharing options...
Guest Killhippie Posted September 6, 2020 Share Posted September 6, 2020 These are not good, DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script" so I would try without the Pi-Hole and run a scan on your system. See the link on lifehacker for some advice. Avoid malicious web pages too and up your security on the pi-hole and router. basically a script you have visited on a malicious webpage somewhere could get control of your whole LAN its time for a major scan and reboot of your router and doing whatever you need to do with PI-Hole to protect yourself like turning off UPnP and using strong passwords etc. Also its best to not to run your own DNS servers. generally for most users, your ISP probably provides DNS servers that are protected by DNSSEC. For users that need improved performance, there are paid DNS hosting providers that do a great job without the risks. https://en.wikipedia.org/wiki/DNS_rebindinghttps://lifehacker.com/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291 Link to comment Share on other sites More sharing options...
Zippy Posted September 6, 2020 Share Posted September 6, 2020 35 minutes ago, Killhippie said: These are not good, DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script" so I would try without the Pi-Hole and run a scan on your system. See the link on lifehacker for some advice. Avoid malicious web pages too and up your security on the pi-hole and router. basically a script you have visited on a malicious webpage somewhere could get control of your whole LAN its time for a major scan and reboot of your router and doing whatever you need to do with PI-Hole to protect yourself like turning off UPnP and using strong passwords etc.https://en.wikipedia.org/wiki/DNS_rebindinghttps://lifehacker.com/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291 Hey Killhippie, Are you using UPNP? Also do you have respond to ping enabled in your Network settings? I think the R2 defaults to that.. Thanks for the info btw.. Nice job my friend! Zippy. Link to comment Share on other sites More sharing options...
Guest Killhippie Posted September 6, 2020 Share Posted September 6, 2020 5 minutes ago, Zippy said: Hey Killhippie, Are you using UPNP? Also do you have respond to ping enabled in your Network settings? I think the R2 defaults to that.. Thanks for the info btw.. Nice job my friend! Zippy. Currently using a different router, UPnP turned off and the router does not respond to ping requests. I just test the R2 when new firmware comes out and then take it down after a while, like some others do here as I'm currently not gaming due to ocular migraines. Link to comment Share on other sites More sharing options...
Zippy Posted September 6, 2020 Share Posted September 6, 2020 4 minutes ago, Killhippie said: Currently using a different router, UPnP turned off and the router does not respond to ping requests. I just test the R2 when new firmware comes out and then take it down after a while, like some others do here as I'm currently not gaming due to ocular migraines. Thanks Killhippie, Ive got my R2 locked down like that as well.. Can I ask why dont you keep the R2 hooked up? Is the wifi not good enough for yah? Thanks! Zippy. Link to comment Share on other sites More sharing options...
Guest Killhippie Posted September 6, 2020 Share Posted September 6, 2020 Bug testing but under a NDA so cant really talk about it, Zippy. Link to comment Share on other sites More sharing options...
GenMatrix Posted September 6, 2020 Author Share Posted September 6, 2020 1 hour ago, Killhippie said: These are not good, DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script" so I would try without the Pi-Hole and run a scan on your system. See the link on lifehacker for some advice. Avoid malicious web pages too and up your security on the pi-hole and router. basically a script you have visited on a malicious webpage somewhere could get control of your whole LAN its time for a major scan and reboot of your router and doing whatever you need to do with PI-Hole to protect yourself like turning off UPnP and using strong passwords etc. Also its best to not to run your own DNS servers. generally for most users, your ISP probably provides DNS servers that are protected by DNSSEC. For users that need improved performance, there are paid DNS hosting providers that do a great job without the risks. https://en.wikipedia.org/wiki/DNS_rebindinghttps://lifehacker.com/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291 Thanks for this info. I've disabled the Pi-Hole to see if the messages keep coming up. Could there be any chance the alerts are just false positives? Link to comment Share on other sites More sharing options...
Guest Killhippie Posted September 6, 2020 Share Posted September 6, 2020 9 minutes ago, GenMatrix said: Thanks for this info. I've disabled the Pi-Hole to see if the messages keep coming up. Could there be any chance the alerts are just false positives? Tbh Netgear have the most false positives in their routers and I have never seen DNS Rebind as a false positive alas. It could be a hidden setting within the R2 firmware causing the issue which is DNS rebind protection but turning that off if it exists is a bit like opening a hornets nest. KInd of damned if you do and damned if you dont. Just be very wary. Link to comment Share on other sites More sharing options...
GenMatrix Posted September 6, 2020 Author Share Posted September 6, 2020 2 minutes ago, Killhippie said: Tbh Netgear have the most false positives in their routers and I have never seen DNS Rebind as a false positive alas. Thanks again @Killhippie. As a side note, this is a great opportunity to use DumaOS Adblock. Didn't use it before since I had my Pi-Hole going but considering the circumstances, it's time to give it a go. =D Link to comment Share on other sites More sharing options...
Guest Killhippie Posted September 6, 2020 Share Posted September 6, 2020 8 minutes ago, GenMatrix said: Thanks again @Killhippie. As a side note, this is a great opportunity to use DumaOS Adblock. Didn't use it before since I had my Pi-Hole going but considering the circumstances, it's time to give it a go. =D Netgear routers were attacked in June this year in a similar way, which was patched in firmware for the routers that were vulnerable, best to ask @Netduma Fraser if the R2 has this feature built in. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted September 6, 2020 Administrators Share Posted September 6, 2020 27 minutes ago, Killhippie said: Netgear routers were attacked in June this year in a similar way, which was patched in firmware for the routers that were vulnerable, best to ask @Netduma Fraser if the R2 has this feature built in. I believe it does but will double check with the team. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.