I got DNS changed, need to block everything related to this host and IPs


#1

Worst attack ive ever received in my life. Full access to all devices, screens, webcams and they restreamed everything on a russian site.
Apparently theres a huge security issuemwith the modem im using (dpc 3925) that alows attackers to change the dns without the user noticing it.

Anyways I got two questions. How to block everything related to this address and IP:
208.91.197.27
utopia.net

I already blocked it on access restrictions, is that enough?
Second question: How can I set up authoritative DNS? Asking because even if I chekc the “Use customs dns servers” box, Im still getting the ISPs servers.

How can I block port 53 on the wan side so the router completely ignores the DNS provided by the modem?
Thanks.


#2

Anyone?
Also:
1- How can I protect my network against DNS rebinds?
2- To protect myself against DNS cache poisoning attack, is Disabling DNS cache enough?
3- The built-in firewall, it does protect me againt TCP-SYN floods, right?
4- Enforcing HTTPS (its enabled by default) + blocking UDP 53 should take care of any attempt of DNS hijacking, is this correct?
5- The built in anti-ddos/intrusion feature+use the DNSs setup on the router+blocking udp 53 so the router completely ignores the modem’s DNS, does it work against NXDOMAIN attacks, phantom domains attacks and random subdomain attacks and botnet? Regarding botnet I mean: lets say I have a compromised device in my network, I dont want that device to establish a TCP connection with a malicious resolver to launch an attack to X domain.

So many questions… Hope we get DNScrypt soon, that would help a bit. And if tha happens, please use Cisco/OpenDNS so we can easily check if everything is alright by testing it on https://welcome.opendns.com. Another way to check a succesful dnscrypt setup is by using dnsleaktest.com, but a double check doesn’t hurt. Plus I think OpenDNS is very trusted.

Thanks.


#3

What device are you using? If applicable, make sure that you are using local dns redirection.


#4

Surfwave soho.


#5

I was hoping someone with a SOHO would chime in. I am pretty sure it does not have a local DNS proxy redirect option. I am not sure how you would accomplish this with a SOHO.


#6

Blocking an IP address is easy with an outbound firewall rule.
Go to Advanced tab, the Firewall access rules.
Give the rule a name like block-1.2.3.4
set protocol to any. Set source IP and port to any.
Rest is self-explanatory.


#7

To force use of your desired DSN servers:
From the dashboard, click on Details button for your ISP connection
In the window that pops up there is a checkbox "Use the following DNS server address(es)"
turn it on and enter the IP addresses of your desired DNS servers

As for forcing all connected devices to use these DNS servers and no others, its possible, I’ve done it. But the doc is confusing and I don’t recall which option controls this. Sorry.