D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: wannaplay on February 13, 2009, 04:30:20 PM
-
Hi guys! Is it possible to restrict incoming traffic by dns and block all other external ip's that try to access my system? If not could this security feature be added in the future?
-
Why would you have such a feature? I think you ought to get a hardware firewall to do so. Remember this is a SOHO router...
-
Sry, forgot about this post :-0. Anyway well there are no security features for dns. i.e. if someone knows ur dns, basically ur stuffed... they will always be able to find u and attack you, which is something i've had happen recently. A security feature which only allows those people u trust through some sort of dns allow/ deny feature, same thing as the ip's allow/deny feature on the router, would improve its security don't you think?
Yes i know that changing my dns would solve the problem, hypothetically say i can't at this moment change my dns, basically there isn't much that i would be able to do to protect myself against attacks...
-
DNS are shared and synced all over the world, it's the backbone of 'internet'... So where do you get the idea that 'someone who knows your DNS' can attack you? Do you perhaps mean 'IP address', because that would make more sense (although contentwise it does not when related to your remark).
You might wanna read some Wikipedia's first about how networking/the internet really works before you come up with a feature request...
-
Well that is what i mean DNS related to an ip address i.e. domains created by DynDNS.com for example. I know for a fact that this feature is possible as i have it working at home on my linux box and would be quite an easy addition to the router.
-
I'm not sure what you mean. In the router, you can restrict incoming requests by ip's and ip ranges. If you have a linux box, then just have that behind the router and do your thing with IPtables, and it's own dns server with a forward lookup zone.
If you have a DNS server setup somewhere else, then perhaps you can use that and use some sort of IPsec or something to secure DNS lookups.
You may even want to email OpenDNS and see what options they have. I do believe they offer secure dns. however, as you stated, anyone will be able to get your ip address, but they would have to take interest in you in order to be motivated to find your ipaddress and use it for whatever reason you gave them to attack you.
So, you may want to stay out of other peoples boxes.
-
"If you have a linux box, then just have that behind the router and do your thing with IPtables, and it's own dns server with a forward lookup zone."
I see, i didn't know this could be done. Thank you for your help guys. :)