1 Reply Latest reply on Mar 3, 2019 6:59 PM by RotBlitz

    Old DynDNS account still sending packets?

    bc87aa5a-2f95-4ce5-b9c7-d85e24ec5b2d

      I have a new router that detects threats and is now indicating DynDNS is sending me packets. Any idea how I get this stopped? Alert detail (from Synology router):

       

      alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY DynDNS CheckIp External IP Address Server Response"; flow:established,to_client; content:"Server|3A 20|DynDNS-CheckIP/"; http_header; classtype:bad-unknown; sid:2014932; rev:2; metadata:created_at 2012_06_21, updated_at 2012_06_21;)

       

      Above seems to date from 2012!? 216.146.43.71 seems to be DynDNS, and I see similar attempts from 216.146.43.70. Especially odd since I have changed by ISP recently too. Maybe something is being triggered internally from 192.168.1.203 (an old IP Cam), but DynDNS isn't configured by me there, though it might have been back in 2012...

       

      Capture.JPG

        • 1. Re: Old DynDNS account still sending packets?
          RotBlitz

          DynDNS accounts do not and cannot send packets.

           

          You have the DDNS update client enabled on 192.168.1.203 which raises HTTP requests to checkip.dyndns.com (131.186.113.70, 216.146.43.70, 216.146.43.71), probably every 10 minutes, to see if your IP address has changed.  What your router log shows are the responses to these requests.  No idea about the reference to 2012, but network traffic is supposed to be current.

           

          I suggest you ignore this stupid router message, or to change the rule which causes this output.  Also disabling the DDNS update client on 192.168.1.203 should help if you don't need it anymore.