Modify

Opened 13 months ago

Last modified 6 weeks ago

#59 assigned task

dns2-anycast.fullrate.dk

Reported by: admin Owned by: admin
Priority: major Milestone: Release Candidate 1
Component: DNS Servers Version: 0.1
Severity: savir Keywords: trackers spyware dns
Cc:

Description

With the new Sagem F@st 3686 AC router from fullrate.dk it's come to our knowledge that they by any means will try to force they're costumers to be logged by there DNS server, but what they are doing with these logs a not a published document or telling.

But with the knowledge from other hands like the danish media's the data about what you are doing on the internet is sold by TDC (Yet another American company who own's the danish infrastructure, incl. Fullrate). They are by definition a SpyWare domain and shall be threaded as such, that's why we will recommend you to add the following IP addresses to be blocked within you're firewall and setup our DNS Servers for better privacy.

To add the dns2-anycast.fullrate.dk to you're firewall these commands are usefull:

UFW for Debian- Ubuntu like systems, otherwise use iptables/ip6tables

sudo ufw deny from any to 89.150.129.10
sudo ufw deny from any to 89.150.129.22
sudo ufw deny from 89.150.129.22 to any
sudo ufw deny from 89.150.129.10 to any
sudo ufw deny from any to 2a02:980::aaaa
sudo ufw deny from any to 2a02:980::bbbb
sudo ufw deny from 2a02:980::aaaa to any
sudo ufw deny from 2a02:980::bbbb to any

remember you can use the sudo ufw insert 2 and that you have to add ipv4 rules before ipv6 rules.....

Let's see how sudo ufw status numbered shows there are already two rules

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 123/udp                    ALLOW IN    Anywhere
[ 2] 123/udp (v6)               ALLOW IN    Anywhere (v6)

now let's add the ipv4 address first

sudo ufw insert 1 deny from any to 89.150.129.10
sudo ufw insert 1 deny from any to 89.150.129.22
sudo ufw insert 1 deny from 89.150.129.22 to any
sudo ufw insert 1 deny from 89.150.129.10 to any

Let's list the rules again to figure out wich add rule number we have to use for our ipv6.

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     89.150.129.10
[ 2] Anywhere                   DENY IN     89.150.129.22
[ 3] 89.150.129.22              DENY IN     Anywhere
[ 4] 89.150.129.10              DENY IN     Anywhere
[ 5] 123/udp                    ALLOW IN    Anywhere
[ 6] 123/udp (v6)               ALLOW IN    Anywhere (v6)

This shows us we need to add the ipv6 addresses before rule 6

sudo ufw insert 6 deny from any to 2a02:980::aaaa
sudo ufw insert 6 deny from any to 2a02:980::bbbb
sudo ufw insert 6 deny from 2a02:980::aaaa to any
sudo ufw insert 6 deny from 2a02:980::bbbb to any

Let's see if everything worked out fine sudo ufw status numbered

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     89.150.129.10
[ 2] Anywhere                   DENY IN     89.150.129.22
[ 3] 89.150.129.22              DENY IN     Anywhere
[ 4] 89.150.129.10              DENY IN     Anywhere
[ 5] 123/udp                    ALLOW IN    Anywhere
[ 6] Anywhere (v6)              DENY IN     2a02:980::bbbb
[ 7] Anywhere (v6)              DENY IN     2a02:980::aaaa
[ 8] 2a02:980::bbbb             DENY IN     Anywhere (v6)
[ 9] 2a02:980::aaaa             DENY IN     Anywhere (v6)
[10] 123/udp (v6)               ALLOW IN    Anywhere (v6)

As you can see all the DENY rules are inserted before any ALLOW rules... we are happy :)

Attachments (0)

Change History (1)

Modify Ticket

Action
as assigned The owner will remain admin.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.