Menu
What's new
By:
Filters Better Search

possible DNS-rebind attack detected

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

JohnD5000

Very Senior Member
A whole bunch of lines like this in log. What does it mean?

Mar 25 13:01:23 dnsmasq[11170]: possible DNS-rebind attack detected: googlecm.hit.gemius.pl
Mar 25 13:01:24 dnsmasq[11170]: possible DNS-rebind attack detected: googlecm.hit.gemius.pl
Mar 25 13:01:33 dnsmasq[11170]: possible DNS-rebind attack detected: googlecm.hit.gemius.pl
Mar 25 13:01:33 dnsmasq[11170]: possible DNS-rebind attack detected: googlecm.hit.gemius.pl
 
JohnD5000 said:
Why would an ad be attacking my system?
Click to expand...
The message says "possible DNS-rebind attack" because it resolves to a non-standard address. Often it's a loopback address used for media streaming apps (Amazon does this). In this case it resolves to 255.255.255.255 which is kinda pointless.

Are you going to any Polish websites?
 
Last edited:
Is there any way to know which device in the network is triggering this event? I've been getting a ton to domain ignore.me for awhile now, and suspect it's the firestick but how to know for sure? Tried searching it out on google a couple times and hit dead ends. I can't morally unplug the firestick in questionfor any amount of time to see if the message goes away, because it's pretty much a 24 hour lifeline to elderly parent living with us.

Jul 11 10:05:34 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:05:34 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:06:37 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:06:37 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:06:37 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:23 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:23 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:23 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:34 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:34 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:34 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:36 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:36 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:08:36 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:13 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:13 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:13 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:20 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:20 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:20 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:54 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:54 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:09:54 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:09 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:09 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:09 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:11 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:12 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:12 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:57 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:57 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:57 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:59 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:59 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:10:59 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:11:22 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:11:22 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:11:22 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:11:42 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:11:42 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:11:42 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:12:02 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:12:02 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:12:02 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:12:44 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:12:44 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:12:44 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:27 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:27 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:27 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:29 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:29 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:29 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:40 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:41 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:41 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:51 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:51 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:51 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:53 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:53 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:13:53 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:14:39 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:14:39 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:14:39 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:14:41 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:14:41 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:14:41 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:15:29 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:15:29 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:15:30 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:15:31 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:15:31 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:15:31 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:00 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:00 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:00 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:00 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:00 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:00 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:02 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:02 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:16:02 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:10 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:10 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:15 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:37 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:37 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:37 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:38 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:38 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:18:38 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:19:51 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:19:51 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:19:51 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:05 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:05 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:05 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:07 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:07 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:07 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:28 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:28 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:28 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:30 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:30 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:20:35 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:21:03 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:21:03 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:21:03 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:21:16 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:21:16 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:21:16 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:22:04 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:22:04 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
Jul 11 10:22:04 dnsmasq[21237]: possible DNS-rebind attack detected: ignore.me
 
Run this command:
Code: 
killall dnsmasq; dnsmasq --log-async --log-queries
and then look in the syslog for something like this:
Code: 
Jul 12 02:09:32 dnsmasq[22472]: query[A] ignore.me from 192.168.1.49
Then do:
Code: 
service restart_dnsmasq
 
You have a client on your lan that is checking for WAN connectivity, so there is a task that is going to look for a DNS entry...

the dns-rebind warning suggests that it's resolving to your subnet...
 
You must log in or register to reply here.

Similar threads

TanyaC
Possible DNS-Rebind attack detected and unresponsive router plus one more
Replies
3
Views
667
TanyaC
TanyaC
H
Solved DNS Rebind Attack Message For Only Two Domains
Replies
4
Views
644
Viktor Jaep
Viktor Jaep
C
How to make dnsmasq startup wait for USB mount?
Replies
4
Views
237
chrisisbd
C
H
NXDOMAIN DNS Results Flagged As "Possible DNS-rebind attack detected" In Log
Replies
5
Views
884
HarryMuscle
H
C
Router trouble RT-AX88U
Replies
5
Views
599
ciprian.trofin
C
Similar threads
Thread starter Title Forum Replies Date
TanyaC Possible DNS-Rebind attack detected and unresponsive router plus one more Asuswrt-Merlin 3
P Custom DNS for Guest Network Possible? Asuswrt-Merlin 15
poolbeetse7en Possible DNS and/or Routing Issue Ping/Latency Slow Asuswrt-Merlin 12
L Unbound + Wireguard: is this combination possible at all? Asuswrt-Merlin 6
C Running dnsmasq with a huge config file like pihole - possible/sensible? Asuswrt-Merlin 10
A possible DCD tainted causes? Asuswrt-Merlin 1
mixels Possible to configure RT-AX86U w/ Merlin with more than 64 port forwarding rules? Asuswrt-Merlin 9
T A possible bug with QOS traffic classification? Asuswrt-Merlin 14
S Quick one. Possible to back up AX88U config and apply to AC88U router? Asuswrt-Merlin 2
K AX58U Merlin - Is it possible to subnet? Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 647 (members: 22, guests: 625)
Top