Strange system log

7375462 · September 6, 2020, 11:06am

(sorry for my bad English)
I have really strange system log
Log is full of this messages:

 Sun Sep  6 09:23:01 2020 daemon.notice netifd: wan (30921): udhcpc: sending renew to (ip similar to mine)
 Sun Sep  6 09:23:01 2020 daemon.notice netifd: wan (30921): udhcpc: lease of (my pc's ip) obtained, lease time 300
 Sun Sep  6 09:25:31 2020 daemon.notice netifd: wan (30921): udhcpc: sending renew to (my pc's ip)
Sun Sep  6 09:25:32 2020 daemon.notice netifd: wan (30921): udhcpc: lease of (ip similar to mine) obtained, lease time 300
Sun Sep  6 09:28:02 2020 daemon.notice netifd: wan (30921): udhcpc: lease of (ip similar to mine)obtained, lease time 300
Sun Sep  6 09:30:32 2020 daemon.notice netifd: wan (30921): udhcpc: sending renew to (my pc's ip)

and sometimes this:

Sun Sep  6 09:50:49 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: auth.mail.ru
Sun Sep  6 09:50:49 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: touch.mail.ru
Sun Sep  6 09:51:11 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: e.mail. ru
Sun Sep  6 09:51:51 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: mail.ru
Sun Sep  6 09:51:51 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: calls.mail. ru
Sun Sep  6 09:53:31 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: dlink.mapsme.devmail. ru
Sun Sep  6 09:54:43 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected:S yxf6ba541f65084e688107879721631a65.oauth.yandex.ru
Sun Sep  6 09:54:43 2020 daemon.warn dnsmasq[3364]: possible DNS-rebind attack detected: passport.yandex. ru

Yesterday I blocked mail.ru and yandex ip's with dig + iptables, but due to router has only free 50 kb left, changes wasn't saved both in terminal and in 192.168.1.1 firewall custom rules

Also today luci accepted login from my pc while I was sleeping
Sun Sep 6 10:12:16 2020 daemon.err uhttpd[904]: luci: accepted login on / for root from 192.168.1.205

What should I do to fix all this

hnyman · September 6, 2020, 12:26pm

I suspects that something has gone awry with your personal rules.
Or you have somehow mixed the wan and lan zones in firewall ?

udhcpc is the WAN side DHCP client, so it should not see anything about your PC's IP address (on LAN side, something like 192.168.x.x). It should only say that it has obtained the WAN IP address for the router itself.

I suggest that you reset the router and start from scratch. Always a good choice if you do not trust your current settings any more

7375462 · September 6, 2020, 3:07pm

I reset my router, but I still get this messages