Possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com

hello

anybody know what is this??? i can't find more info where it come from, it still show even all pc shut down. only cctv and nvr on.
thinking to disable disable dns protection, but i don't know is good option or not.

thanks for help

Sun May 26 09:29:41 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:43 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:44 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:44 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:49 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:50 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:50 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:50 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:52 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:52 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:54 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:55 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com
Sun May 26 09:29:55 2024 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: inner-all.fe-non-tt-og-sgcentral-rowttp.sg1.bytelb.com

Using TikTok ?

block it, see is something breaks ?

1 Like

No using tiktok

Try block it, no hear compaint. Or error.

Any tools I can use to investigate, just want make sure, the issue from internal or from external

If from internal any tools I can use to know which device or ip?

How would external work ?
Are you exposing you DNS to internet?

tcpdump, like in Unknown bing.com request - #7 by lexavey

nope, just using cloudflare tunnel to access my cloud.
i do have ip public, but never show to outsite.

only 2 deivce i need access from outside
cctv hikvision nvr, by hikvision system
truenassale (cloud) by cloudflare tunnel

will try investigate

thanks for help

You hikvison probably has some apps from bytedance

i not sure, but can be.
i already use hikvison use from 2019, just get notice this log from last 2 weeks

From the routers command prompt you can see the DNS queries with:
cat /proc/net/nf_conntrack | grep -E ' dport=(53|853) ' | sort -nrk3

tcpdump is also a viable options

i just found this news from hikvision, looks like my model on the list.

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/

I think I found the issue come frome

  1. Cut of my nvr Internet cloud
  2. Remove tiktok from other phone

Almost 12hr I not see the notification anymore.

Thanks

just found the trouble maker.
it also come from tokopedia apps, (online marketplace apps)).
everytime use the apps, than show the notification in log.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.