Blocking fritz.box takes computers offline when the Fritz!Box is DNS provider for the local network

[lfkrebs]

Tool used (pick one):

• [ ] uBlock Origin
• [ ] Adguard for iOS
• [ ] Adguard for Android
• [ ] Adguard Browser add-on/extension
• [ ] Brave Ad Block
• [ ] PiHole
• [ ] Adguard Home
• [x] Little Snitch

(I'm also using PiHole and uBlock, but the affected channel here is Little Snitch)

What service are you trying to use?' fritz.box (ports 53 for DNS and 80 for the admin interface)

What does not work? As far as I can see, fritz.box was added to the block list today. Because this domain is name is used by AVM-manufactured routers called Fritz!Box as the domain for the admin interface and all other services used by the router (like DNS), this rule essentially makes it impossible for a computer to reach the internet or their own router.

Which rule you believe is causing this? On line 10376 of today's version: ||fritz.box^

Background: rule probably not needed anymore The rule is likely a response to AVM failing to register the domain fritz.box when .box became an active TLD earlier this year. A private person claimed the domain and used it to send people to a variety of (not particularly nefarious?) sites. This would primarily affect people with a Fritz!Box at home who were trying to dial into their admin interface without realizing that they are on some other network — but could have easily been used to phish for admin passwords. In the meantime, AVM has gone to court and has won the rights to the domain so it is no longer serving any dangerous content.

Thank you! Thank you so much for providing this service!

[ph00lt0]

@lfkrebs thanks for your detailed report. I will be looking into this more.

Can't you connect to your router directly using the IP?

The reason for blocking is however different than you guessed. We detected some strange behaviour to to this fritz[.]box domain namely DNS requests with following indicators:

1. chat.signal.org[.]fritz[.]box
2. mail-api.proton.me[.]fritz[.]box

should you have any information about that I would been kindly informed.

[lfkrebs]

@ph00lt0 Thanks so much for getting back to me so quickly!

How odd! No, I haven't seen any such activity, also not in my PiHole log. Is there a regional pattern to the requests you are seeing?

Oddly enough, I cannot even reach my router via the regular IP address as long as the rule is in effect in Little Snitch. I suspect that as soon as the rule is in effect, it may prevent other functions like getting a DHCP lease — but I'm way too ignorant of the exact workings of the network processes to make an informed guess. All I can say is that with the rule in effect, the Mac is entirely cut off, and the problem disappears as soon as I override or remove the rule. Sorry for not being much help…

In any case: I can fix this for myself and I don't see any other activity here. Maybe this can be closed if nobody else shows up?

Thanks again for your work! It's appreciated!

[ph00lt0]

DW about closing it. I will reach out to the vendor and some others to ask for clarification. Until we know more I am happy to keep the issue open.

We only have Intel from a few EU countries as of now and global stuff. This is a recent thing I am doing. I don't want to disclose the methods of obtaining these trackers for I guess obvious reasons.

[yoshimo]

The domain is now owned by AVM itself and it will tell you that something is wrong with your dns when you tried to reach your local router. IP Adress will work too

[ph00lt0]

FYI I am waiting on reply from the vendor, initial contact was established.

The problem with this behavior caused by their devices is that it could help deanoymizing users. Fritz devices do seem to trigger connected clients into making these these DNS requests. Fritzbox devices themselves do not forward them but if you have other DNS servers configured on other devices they do get requested.