Security question possible malicious traffic?

So you're not going to explain what evidence drove you to the conclusion that you had a malicious DNS rebind attack?

To be clear, there are indeed risks of malicious rebind attacks, but this behavior can also be encountered as a false positive in certain situations such as when you have cascading routers. So before you call it malicious, it's important to qualify first:

  1. What evidence you have of a rebind attack in general
  2. What evidence you have that makes it clear it was malicious.
2 Likes

Want to try again, but this time making sense?

1 Like

yes.

redacted

ok im going to say it, i switched to a dns which informs me of all the traffic and in the report says 10 request were blocked because of dns rebinding which is true cause when i go to google or bing it promts error and redirects to bing.cn and im not on china so possibly its the chinese or the russians

ok im going to say it, i switched to a dns which informs me of all the traffic and in the report says 10 request were blocked because of dns rebinding which is true cause when i go to google or bing it promts error and redirects to bing.cn and im not on china so possibly its the chinese or the russians

What evidence do you have of this?

Does this happen with all of your devices, or only specific ones? For example, if you have a Windows computer and an iPhone, does the issue occur on both?

1 Like

my internet is compromised, if it werent for the openwrt routers i probably would have died long ago, if i connect directly to the modem it starts to connect to random russian ips and ips from china, and even in a clean install, its like they are actively probing plus all my websites are being hit with ips from russia scanning the A/D :face_with_thermometer: so thank you guys :saluting_face: :saluting_face: :saluting_face:

It sounds like your computer is compromised, not OpenWrt.

1 Like

the isp, in fact, i just clean installed from scratch yesterday, 0 bloatware, all lawful

If you believe that your isp is compromised, a new isp would be a good idea. But this is not an openwrt issue.

1 Like

yes, this thread was asking for help to how to identify a possible attack coming from my neigbor router, it has been confirmed its coming from them, however it was mitigated

What dns provider?

Dns doesn’t give reports, they give IP addresses for domain searches.

Bing…the only thing that use bing which is the most worthless peace of search engine crap in the world is Microsoft Windows Edge, and that is USA. I doubt China would use Bing even under pressure.

http://bing.cn/“ as you provided is false anyway since it is a http address. All search engines in the world are https so you really need a serious dns provider instead of the dns provider you now have.
I doubt your neighbors or ISP is to blame for this mess, it is you that has messed up your own DNS searches.

1 Like

Now your neighbor has a router which I asked about earlier since a router would masq the internal IP numbers and internal clients and your answer then was this

So which one is it?
Do your neighbor have a router or a repeater connected to your router?

1 Like