XBox Series X + DNS-rebind attack

Klingon · November 5, 2021, 9:07am

Hi,

Today checking my router logs, I've found something weird:

Fri Nov  5 02:27:28 2021 daemon.info dnsmasq-dhcp[3779]: DHCPACK(br-lan) 192.168.1.126 04:27:28:xx:xx:xx XBox-Series-X
Fri Nov  5 02:28:04 2021 daemon.warn dnsmasq[3779]: possible DNS-rebind attack detected: dns.msftncsi.com
Fri Nov  5 02:28:40 2021 daemon.warn dnsmasq[3779]: possible DNS-rebind attack detected: dns.msftncsi.com
Fri Nov  5 02:29:15 2021 daemon.warn dnsmasq[3779]: possible DNS-rebind attack detected: dns.msftncsi.com
Fri Nov  5 02:29:16 2021 daemon.warn dnsmasq[8255]: possible DNS-rebind attack detected: dns.msftncsi.com

I can promise no one is playing at 2:27:00 hours, everyone at home is sleeping.
And the DNS-rebind attack, is something I should be worried about? Is my XBox spying me while I'm sleeping?

Any idea or clue?

Many thanks to everyone,

trendy · November 5, 2021, 9:55am

root@magiatiko:[~]#host dns.msftncsi.com
dns.msftncsi.com has address 131.107.255.255
dns.msftncsi.com has IPv6 address fd3e:4f5a:5b81::1

They are using a private IPv6, which triggers the DNS-rebind log message. It's not worrying per se.
There is no evidence that xbox requested this address, but as long as it is powered, even in standby, you can expect it to exchange packets with headquarters.

Klingon · November 5, 2021, 10:35am

Xbox is in "Power Save" mode, it shoud send nothing to Internet/LAN. From now I'll unplug it from electricity before going to sleep

Thanks @trendy for your help and clarification!!!

trendy · November 5, 2021, 11:19am

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

janh · November 5, 2021, 8:06pm

You probably have automatic updates enabled on your Xbox. This option makes it turn on every night to check.

system · November 15, 2021, 8:07pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.