I just Decided to check my G3100 routers system log because I haven’t checked it in a long time and am now noticing I keep getting the following errors in the router:
[SYS.4][SYS] possible DNS-rebind attack detected for the domains
ucs02.engageya.com
gwallcheck.api-alliance.com
fbwallcheck.api-alliance.com
but I don’t know what to do please help me because I know the domains that are being blocked are ones I never even went to help!!!!
Solved! Go to Correct Answer
DNS Rebind means the DNS Records resolve to IP addresses which would belong to an internal network, like a corporate or home network. It's not necessarily an attack. Some sites use DNS Rebinding to communicate with an application on your PC or network, without having to install a browser extension or other helper application. But yes it can also be used in attacks.
As for what caused those to occur, I believe those domains are more or less tracking related. Would have to find the problem service on the problem device. Did the router log a device IP?
DNS Rebind means the DNS Records resolve to IP addresses which would belong to an internal network, like a corporate or home network. It's not necessarily an attack. Some sites use DNS Rebinding to communicate with an application on your PC or network, without having to install a browser extension or other helper application. But yes it can also be used in attacks.
As for what caused those to occur, I believe those domains are more or less tracking related. Would have to find the problem service on the problem device. Did the router log a device IP?
@Smith6612
No how can I tell if it returned a device ip and I have no laptops no computers at home just a iPhone 13
From what I am reading about the DNS rebind, some public DNS servers are responding a local IP address instead of a public routable IP address. Given you have an iPhone and a router, you have two local IP addresses already, so the DNS rebind could target either your iPhone, your router, or both.
You can monitor your WAN connection with a switch that supports port mirroring. You can capture the packet with WIreshark and read the DNS responses over time. I am not sure whether DNS over HTTPS is widely used though, I will defer to Smith6612 for this question.
do you recommend any switches that supports port mirroring?
and how do I monitor my WAN connection and how do I l capture the packet with WIreshark and read the DNS responses over time????
I would like to thank everyone for taking the time to post your comments and opinions related to this topic. This topic has been thoroughly discussed and will now be closed. Please feel free to open a new thread for further discussion. Thank you.
Don't close this issue without pointing out the DNS rebind options in the G3100 that allow you turn off DNS rebind protection in various contexts, or to turn off DNS rebind protection entirely!
It is quite absurd to let nonsense be the final answer.
I solved this problem easily with a DNS rebind exception in G3100 / Advanced / Network Settings / DNS Server
Start a new topic or ask questions in the open forum.
