Forum Stats

  • 3,851,567 Users
  • 2,264,000 Discussions


Old DynDNS account still sending packets?

edited Mar 3, 2019 1:59PM in Dyn Community

I have a new router that detects threats and is now indicating DynDNS is sending me packets. Any idea how I get this stopped? Alert detail (from Synology router):

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY DynDNS CheckIp External IP Address Server Response"; flow:established,to_client; content:"Server|3A 20|DynDNS-CheckIP/"; http_header; classtype:bad-unknown; sid:2014932; rev:2; metadata:created_at 2012_06_21, updated_at 2012_06_21;)

Above seems to date from 2012!? seems to be DynDNS, and I see similar attempts from Especially odd since I have changed by ISP recently too. Maybe something is being triggered internally from (an old IP Cam), but DynDNS isn't configured by me there, though it might have been back in 2012...




  • RotBlitz
    RotBlitz Member Posts: 149 Red Ribbon
    edited Mar 3, 2019 1:59PM

    DynDNS accounts do not and cannot send packets.

    You have the DDNS update client enabled on which raises HTTP requests to (,,, probably every 10 minutes, to see if your IP address has changed.  What your router log shows are the responses to these requests.  No idea about the reference to 2012, but network traffic is supposed to be current.

    I suggest you ignore this stupid router message, or to change the rule which causes this output.  Also disabling the DDNS update client on should help if you don't need it anymore.