0

FAILLE de sécurité, des appareils inconnus s'ajoutent sur mon compte nextdns

Tout est dans le titre. Je me retrouves avec des appareils inconnus connectés venant de Chine et des USA à savoir :

Pour les USA, la Virginie  :

ec2-54-235-30-18.compute-1.amazonaws.com >> adresse IP : 54.235.30.18

Pour la chine, Pékin :

scan-59-3.security.ipip.net >> adresse ip : 103.203.59.3
scan-57-26.security.ipip.net >> adresse ip : 103.203.57.26

    Et je suis en double authentification A2F

Merci de trouver le problème que je n'ai pu isoler.

  

9 replies

null
    • iOS Developer
    • Rob
    • 2 yrs ago
    • Reported - view

    Maybe someone mistyped her/his configuration ID, typing yours instead?

    • mmlg620
    • 2 yrs ago
    • Reported - view

    no, it's not a typo in the ID because I've had this problem for several months.

      • Hey
      • 2 yrs ago
      • Reported - view

      mmlg620 Create a new configuration, then delete the old one. This would stop whoever is using the configuration as it wouldn't be tied to you. Could be some random person guessing the address and when it works, well they might just use it.

    • NextDNs
    • 2 yrs ago
    • Reported - view

    Can you share screenshots of the tooltip when hovering the padlock icon for both of those?

      • mmlg620
      • 2 yrs ago
      • Reported - view

      NextDNS I put 2 screenshots in my 1st post showing the tooltips.
      I just hide my router IP address  which is displayed below the intruders. I put them back on again

      I don't understand how they connect because I have activated the double authentication.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      mmlg620 if it is your router IP below it, it means those DNS requests are coming from your router. How is your router configured? This seem like your router is exposing it’s port 53 publicly and is used by some random hosts on the internet (which has nothing to do with your nextdns ID being leaked). Make sure your router is setup with a firewall properly configured.

    • iOS Developer
    • Rob
    • 2 yrs ago
    • Reported - view

    2FA is only for logging in to the web service my.nextdns.io to configure your settings.

    (Accidentally) Using your settings only involves using your (pretty short) Configuration ID.

    • mmlg620
    • 2 yrs ago
    • Reported - view
    Rob said:
    (Accidentally) Using your settings only involves using your (pretty short) Configuration ID.

     

    Indeed the ID defined by nextdsn is too short and therefore when the big market launches their search robots on the whole web, they find this famous ID.
    This is very bad for nextdns users. I'm not going to recreate every time a new ID to avoid this problem.

    I am surprised that other users did not notice this problem.
    I am also surprised that NextDns is not looking into this deficiency more.

      • NextDNs
      • 2 yrs ago
      • Reported - view

      mmlg620 it’s long enough that nobody can guess it. It is unlikely someone just found your ID. There is also no benefit of using someone else's ID, as with an ID one could not access your logs or anything, they can just leak their own navigation DNS data to your logs, which is a threat to them, not to you.

Login to reply

Content aside

  • 2 yrs agoLast active
  • 9Replies
  • 79Views
  • 4 Following