is Comodo’s DNS backed by CloudFlare’s DDoS protection??
I was trying to configure something on my LAN where it would route through Comodo first, then CloudFlare before routing through whatever I was using locally
basically I have my router set to 1.1.1.1/1.0.0.1 where my devices behind that were configured for 8.26.56.26/8.20.247.20
I was hoping my devices would send a request to comodo through cloudflare to forward the request to whatever service I wanted
but a traceroute and DNS check doesn’t seem to find comodo, only cloudflare…
yes I understand that if I got DDoSed, Comodo’s DNS would take the brunt if this actually worked before CloudFlare would pick up the slack and just eat the DDoS.
EDIT:
basically what I was hoping to achieve with this was that if some hacker tried to RAT me, say, through a Discord webhook or RCE, that comodo would detect the intrusion and block it before it even affected my computer…
since CAVL doesn’t seem to have HIPS, and I’ve already been RATted once with Pupy.
EDIT2:
also, I should note, I’m not an expert in networking (I’m rather quite a noob), but I do know it’s possible to route through 2 DNS servers
I’m just not sure how
perhaps maybe setting up my own website, setting my router to Comodo, and then having cloudflare protect my website
since I have my own DNS I’m working on behind my router (for providing my own domain name that I myself own) that I initially wanted to protect me from RATs like I now want to use Comodo for…
but again I’m a noob, so I’m looking into what I can cobble together now.
If your devices are set locally to use Comodo DNS servers then they will Comodo DNS. If your devices are set to obtain DNS servers automatically it will use the servers the router provides; in your case Cloudfare. You can’t daisy chain them.
Cloudflare DDOS protection is for websites not for end users. As far as I understand it it protects when your site is hosted by them.
DDOS protection does not help you when you are infected with an RAT. I am not familiar with Linux so I cannot comment on how to lock it down using user rights limitations to keep from getting infected. Using a third party firewall could be of help but I don’t know Linux.
my devices are set to use Comodo while my router is set to use CloudFlare…
so what you’re saying is that, with that configuration, my device will use Comodo despite the fact my router is supposed to forward the requests through cloudflare??
I think this article will help clear that up
while it’s not explicitly stated on their site, it’s clear from this action that when you use 1.1.1.1, you automatically receive DDoS protection from their services:
I think Linus (yes the geek on youtube) even mentioned DDoS protection is included with 1.1.1.1, and that the IP itself is actually special in that it acts as a “trash bin” for requests, which is how it’s able to simply eat a DDoS attack.
I’m not sure how it works behind the scenes, I know there’s more to it than that (at least I think, because there usually is), but I trust the word from what I see.
right, that’s why I was hoping to use Comodo services on top of CloudFlare
since I believe Comodo could detect an intrusion through the DNS
if Comodo used CloudFlare, I could simply just use Comodo and not have to worry about some special configuration (Why can’t we have both? Mexican Music)
for the alternative though
I could really use a guide to set up perms like you mentioned =3=
(I’ll be looking about for something, but if you know of anything it would greatly help)
thanks for getting back with me btw, even if you weren’t knowledgeable
The requests are handled by Comodo because that is what you set them to. If you want to use the Cloudflare DNS you need to set the devices to receive the DNS servers automatically which will obtain them from the router.
I think this article will help clear that up :)
while it's not explicitly stated on their site, it's clear from this action that when you use 1.1.1.1, you automatically receive DDoS protection from their services:
https://nakedsecurity.sophos.com/2018/06/04/cloudflare-mistakes-own-1-1-1-1-dns-for-ddos-attack/
I see no implication that the Cloudflare DDOS protection extends to the end users.
I think Linus (yes the geek on youtube) even mentioned DDoS protection is included with 1.1.1.1, and that the IP itself is actually special in that it acts as a "trash bin" for requests, which is how it's able to simply eat a DDoS attack.
I cannot comment on this.
I'm not sure how it works behind the scenes, I know there's more to it than that (at least I think, because there usually is), but I trust the word from what I see.right, that's why I was hoping to use Comodo services on top of CloudFlare
since I believe Comodo could detect an intrusion through the DNS
If a malicious site is in a blacklist that is used by a DNS server it will block. But why wouldn't and RAT not simply connect to an IP address?
if Comodo used CloudFlare, I could simply just use Comodo and not have to worry about some special configuration (Why can't we have both? *Mexican Music*)
for the alternative though
I could really use a guide to set up perms like you mentioned =3=
(I’ll be looking about for something, but if you know of anything it would greatly help)
thanks for getting back with me btw, even if you weren’t knowledgeable
Sounds like something that is more up jay2007tech’s alley.
I see, so it’s me just being a noob
thanks for being patient with me
“Users pointing their DNS resolution at 1.1.1.1 (or 1.0.0.1) would have noticed a 17-minute disruption to DNS resolution for all network devices.”
that right there (modified the line a bit to remove the time and router-level)
again, it’s not stated on their site, but you can see it from what happens when using it.
(logical assumption)
er… I was talking about cloudflare, but thanks regardless
I thought a RAT would still have to go through the DNS ragardless… >.>
so I guess if direct connection is involved, I’m still boned… oof X(
maybe it is better I’m working on my own funnel then (a PC forwarding internet to the subnet from my router to act as a number of things including a DNS)
I should be able to control traffic to my PC through that, but protection for that is still a concern for a question I’m not sure how to ask…
alright. I’ll look forward to hearing from him then, thanks
EDIT:
just so this doesn’t get buried
the original question is still on the shelf:
Does Comodo DNS route through CloudFlare??
The article describes a server configuration error. The server assumed that the DNS requests coming from routers were a DDOS attack.
er... I was talking about cloudflare, but thanks regardless
I thought a RAT would still have to go through the DNS ragardless… >.>
so I guess if direct connection is involved, I’m still boned… oof X(
maybe it is better I’m working on my own funnel then (a PC forwarding internet to the subnet from my router to act as a number of things including a DNS)
I should be able to control traffic to my PC through that, but protection for that is still a concern for a question I’m not sure how to ask…
alright. I’ll look forward to hearing from him then, thanks
EDIT:
just so this doesn’t get buried
the original question is still on the shelf:
Does Comodo DNS route through CloudFlare??
for anyone who can answer
Comodo DNS does not route through CloudFlare. Comodo has their own DNS servers. Several years ago Comodo acquired Neustar DNS so Comodo has its own infrastructure.
I don’t know Linux but I can’t help but wondered if there are firewalls around with an Intrusion Detection System (IDS) that may help to keep an eye on possible malicious traffic.
exactly
I mean at least the issue is fixed now, but I think it serves enough as proof
sure it’s probably stupid to go on and assume I’m getting protection just because it looks and quacks like a duck
but if I end up assuming wrong, then… what…
from the activity, it appears they are… if they do or don’t they don’t exactly say.
I will be honest though, you did peak my interest to look deeper now.
I applied the setting believing it thanks to what Linus described about it (it’s just inherent).
but if both me and Linus are wrong, all that’s left to do is clean up our mess of misinformation.
there’s plenty of IDS software, but not very many IPS software
the stuff that does exist isn’t very easy to setup and maintain, and (like most linux software) isn’t very good in terms of quality
(haven’t bothered installing as everything claims to be good while most of it is garbage and I don’t know what to go for)
IDS software only notifies you
IPS software actually Prevents Intrusion
this is why I was hoping for HIPS in CAVL
which to a degree it kinda has if you enable on-access scanning
but it’s kinda a joke to call that a HIPS
I did try asking the Ubuntu community, but that got me nowhere:
Well, Since I dont know what Operating System you have and What changes outside of default configurations have been done and ,
Also, Let say you had a RAT on your Linux, even after you remove the RAT, you don’t know what changes the RAT has been made. You can kill a RAT but it wont reverse the changes it has done. Hopefully you and ASSUMING you reinstalled the OS and all your passwords including email passwords too!
Linux is pretty damm secure out the box. You don’t need to attempt chaining 2 dns servers. If your not a linux nerd YOU MUST KEEP it simple because that how misconfiguration happen and attackers will take advantage of it
What Linux OS do you have?
Is this for a home computer?
yeah I’m not a linux nerd yet, but I do know some stuff to get me by
anyways, I’m running Xubuntu 16.04, and haven’t really done too much related to hardcore configs aside from ALSA and grub
for it’s position, you could say it’s a home computer, but it’s not a family computer
I have about 5 PCs on my subnet (all of which is my own for various purposes), though I really only use about 3 currently, including my (I’m just gonna call it this because it’s everything below and then some) DNS, which I intend to use for naming my webserver connected to it.
I’m too poor for an advanced infrastructure, these are all trash-picked PCs… lol
but yeah they’re all running verious versions of Xubuntu just so I can tinker with things with ease (Xubuntu below 18.04 is quite decently performative)
(linux is linux, it doesn’t matter what distro you use, although Arch-based is arguable)
I can PM you my network structure if you like
EDIT:
also thanks for the Discord stuff
2FA doesn’t protect you from token hacks, but it does protect you from typical logins
I have a little something that automatically logs out the attacker if I get token hacked, and yes I know the service is pretty much malicious.
I’ve had an ongoing feud with allthefoxes on there and yeah, they pretty much refuse to fix it
I do use a utf-16 generated password though (I built my own generator), and have done pretty much everything I can to protect my account
I should be safe from another attack
