Jump to content

DND-Rebind Attacks - Question

GenMatrix

By GenMatrix
in Netduma R2 Support

 Share

Recommended Posts

Guest Killhippie

Guest Killhippie

Posted
Posted

These are not good,  DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script" so I would try without the Pi-Hole and run a scan on your system. See the link on lifehacker for some advice. Avoid malicious web pages too and up your security on the pi-hole and router. basically a script you have visited on a malicious webpage somewhere could get control of your whole LAN its time for a major scan and reboot of your router and doing whatever you need to do with PI-Hole to protect yourself like turning off UPnP and using strong passwords etc.

 Also its best to not to run your own DNS servers. generally for most users, your ISP probably provides DNS servers that are protected by DNSSEC. For users that need improved performance, there are paid DNS hosting providers that do a great job without the risks.


https://en.wikipedia.org/wiki/DNS_rebinding

https://lifehacker.com/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291

Link to comment
Share on other sites
Zippy

Zippy

Posted
Posted
35 minutes ago, Killhippie said:

These are not good,  DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script" so I would try without the Pi-Hole and run a scan on your system. See the link on lifehacker for some advice. Avoid malicious web pages too and up your security on the pi-hole and router. basically a script you have visited on a malicious webpage somewhere could get control of your whole LAN its time for a major scan and reboot of your router and doing whatever you need to do with PI-Hole to protect yourself like turning off UPnP and using strong passwords etc.

https://en.wikipedia.org/wiki/DNS_rebinding

https://lifehacker.com/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291

Hey Killhippie, Are you using UPNP?  Also do you have respond to ping enabled in your Network settings? I think the R2 defaults to that..

Thanks for the info btw.. Nice job my friend! :) 

Zippy.

Link to comment
Share on other sites
Guest Killhippie

Guest Killhippie

Posted
Posted
5 minutes ago, Zippy said:

Hey Killhippie, Are you using UPNP?  Also do you have respond to ping enabled in your Network settings? I think the R2 defaults to that..

Thanks for the info btw.. Nice job my friend! :) 

Zippy.

Currently using a different router, UPnP turned off and the router does not respond to ping requests. I just test the R2 when new firmware comes out and then take it down after a while, like some others do here as I'm currently not gaming due to ocular migraines.  :)

Link to comment
Share on other sites
Zippy

Zippy

Posted
Posted
4 minutes ago, Killhippie said:

Currently using a different router, UPnP turned off and the router does not respond to ping requests. I just test the R2 when new firmware comes out and then take it down after a while, like some others do here as I'm currently not gaming due to ocular migraines.  :)

Thanks Killhippie, Ive got my R2 locked down like that as well.. Can I ask why dont you keep the R2 hooked up? Is the wifi not good enough for yah?

Thanks!

Zippy.

Link to comment
Share on other sites
GenMatrix

GenMatrix

Posted
  • Author
Posted
1 hour ago, Killhippie said:

These are not good,  DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script" so I would try without the Pi-Hole and run a scan on your system. See the link on lifehacker for some advice. Avoid malicious web pages too and up your security on the pi-hole and router. basically a script you have visited on a malicious webpage somewhere could get control of your whole LAN its time for a major scan and reboot of your router and doing whatever you need to do with PI-Hole to protect yourself like turning off UPnP and using strong passwords etc.

 Also its best to not to run your own DNS servers. generally for most users, your ISP probably provides DNS servers that are protected by DNSSEC. For users that need improved performance, there are paid DNS hosting providers that do a great job without the risks.


https://en.wikipedia.org/wiki/DNS_rebinding

https://lifehacker.com/prevent-dns-rebinding-attacks-by-adjusting-your-router-1827022291

Thanks for this info. I've disabled the Pi-Hole to see if the messages keep coming up.

Could there be any chance the alerts are just false positives? 

Link to comment
Share on other sites
Guest Killhippie

Guest Killhippie

Posted
Posted
9 minutes ago, GenMatrix said:

Thanks for this info. I've disabled the Pi-Hole to see if the messages keep coming up.

Could there be any chance the alerts are just false positives? 

Tbh Netgear have the most false positives in their routers and I have never seen DNS Rebind as a false positive alas. It could be a hidden setting within the R2 firmware causing the issue which is DNS rebind protection but turning that off if it exists is a bit like opening a hornets nest. KInd of damned if you do and damned if you dont. Just be very wary.

Link to comment
Share on other sites
GenMatrix

GenMatrix

Posted
  • Author
Posted (edited)
2 minutes ago, Killhippie said:

Tbh Netgear have the most false positives in their routers and I have never seen DNS Rebind as a false positive alas.

Thanks again @Killhippie.

As a side note, this is a great opportunity to use DumaOS Adblock. Didn't use it before since I had my Pi-Hole going but considering the circumstances, it's time to give it a go. =D

Edited by GenMatrix
missing a word
Link to comment
Share on other sites
Guest Killhippie

Guest Killhippie

Posted
Posted
8 minutes ago, GenMatrix said:

Thanks again @Killhippie.

As a side note, this is a great opportunity to use DumaOS Adblock. Didn't use it before since I had my Pi-Hole going but considering the circumstances, it's time to give it a go. =D

Netgear routers were attacked in June this year in a similar way, which was patched in firmware for the routers that were vulnerable, best to ask @Netduma Fraser if the R2 has this feature built in. :)

Link to comment
Share on other sites
  • Administrators
Netduma Fraser

Netduma Fraser

Posted
  • Administrators
Posted
27 minutes ago, Killhippie said:

Netgear routers were attacked in June this year in a similar way, which was patched in firmware for the routers that were vulnerable, best to ask @Netduma Fraser if the R2 has this feature built in. :)

I believe it does but will double check with the team.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...