Hacking DNS Server Blocks Nintendo Addresses

J

jammybudga777

Well-Known Member
Member
Level 10
Joined
Aug 23, 2013
Messages
2,284
Trophies
1
Age
37
XP
2,193
Country
no it blocks everything nintendo related apparantly. but once i have somebody else confirm how to set this up. ill post back and let you no for deffinate
 
Ninja_Carver

Ninja_Carver

Well-Known Member
OP
Member
Level 5
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
39
XP
652
Country
United States
guise, I don't have a WiiU. This DNS server blocks WHAT I BELIEVE is all Nintendo content. I don't expect you will be able to use the eShop. But I see several people are already using the server. Maybe they can chime in and report their results.
 
  • Like
Reactions: Margen67, dojafoja and jammybudga777
Vivec

Vivec

Active Member
Newcomer
Level 1
Joined
Jan 24, 2015
Messages
33
Trophies
0
Age
34
XP
112
Country
Put the address on the first post as Primary DNS, ignore the Secondary, and there won't be access to online play, be it directly playing with others as in Mario Kart 8 or the weird thing from Hyrule Warriors, eShop, Miiverse, uPlay... nothing at all, you get an error immediately after choosing that option. The only thing that seems to work is the Internet Browser.

By blocking the six entries in Bug_Checker_'s post in your router you can still play online but don't have access to eShop but everything else works. I currently have a notification that there's a system update that couldn't be downloaded, with a red X on it using this and not the server. I only know how to do it on a DD-WRT router.
I have this under commands running at startup:
Code: 
iptables -I FORWARD -d nus.cdn.wup.shop.nintendo.net -j DROP
iptables -I FORWARD -d nus.wup.shop.nintendo.net -j DROP
iptables -I FORWARD -d 23.65.181.75 -j DROP
iptables -I FORWARD -d 96.17.161.145 -j DROP
iptables -I FORWARD -d 184.50.229.158 -j DROP
iptables -I FORWARD -d 184.50.229.137 -j DROP

I dunno how this affects the 3DS, though I'd like to know what to block with such precission as in that post.

EDIT: Blocking those doesn't seem to work anymore. Just editing this out for future references.
 
  • Like
Reactions: jammybudga777
Ninja_Carver

Ninja_Carver

Well-Known Member
OP
Member
Level 5
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
39
XP
652
Country
United States
Vivec said:
Put the address on the first post as Primary DNS, ignore the Secondary, and there won't be access to online play, be it directly playing with others as in Mario Kart 8 or the weird thing from Hyrule Warriors, eShop, Miiverse, uPlay... nothing at all, you get an error immediately after choosing that option. The only thing that seems to work is the Internet Browser.

By blocking the six entries in Bug_Checker_'s post in your router you can still play online but don't have access to eShop but everything else works. I currently have a notification that there's a system update that couldn't be downloaded, with a red X on it using this and not the server. I only know how to do it on a DD-WRT router.
I have this under commands running at startup:
Code: 
iptables -I FORWARD -d nus.cdn.wup.shop.nintendo.net -j DROP
iptables -I FORWARD -d nus.wup.shop.nintendo.net -j DROP
iptables -I FORWARD -d 23.65.181.75 -j DROP
iptables -I FORWARD -d 96.17.161.145 -j DROP
iptables -I FORWARD -d 184.50.229.158 -j DROP
iptables -I FORWARD -d 184.50.229.137 -j DROP

I dunno how this affects the 3DS, though I'd like to know what to block with such precission as in that post.
Click to expand...


This is good info. I'd like to hear from Bug_Checker how he came up with the IP's to block (not the DNS hostnames). The issue with DNS is that it's purpose is to resolve name's to IP's. So in order to adequately block those IP's I'd need to know what the hosts were before they were resolved to IP's. Hopefully that makes some sense...

What i essentially did, was create a few fake zones on this DNS server, 'nintendo.net' 'nintendowifi.net' and 'akamaitechnologies.com'.

As of today, here are all of the DNS queries that have come through my DNS server. This forum is the only place I've posted the IP, so I assume this is only traffic from WiiU's. What we need to do is identify the particular hosts that the WiiU is querying for updates, and block those only.

Code: 
(0-edge-chat.facebook.com):
(1-edge-chat.facebook.com):
(3-edge-chat.facebook.com):
(7f0d03ab.openresolverproject.org):
(a184-50-227-137.deploy.static.akamaitechnologies.com):
(a184-50-229-158.deploy.static.akamaitechnologies.com):
(a96-17-161-145.deploy.akamaitechnologies.com):
(aax.amazon-adsystem.com):
(about):
(account.nintendo.net):
(accounts.google.com):
(accounts.google.fr):
(accounts.youtube.com):
(ad.doubleclick.net):
(adserver.exoticads.com):
(ads.yahoo.com):
(api-eu.olv.nintendo.net):
(api.flattr.com):
(apis.google.com):
(api.soundcloud.com):
(api-v2.soundcloud.com):
(as.casalemedia.com):
(a-v2.sndcdn.com):
(bcp.crwdcntrl.net):
(bid.g.doubleclick.net):
(books.google.it):
(button.flattr.com):
(c.amazon-adsystem.com):
(c.betrad.com):
(cbphotovideo.s3.amazonaws.com):
(cbsi.demdex.net):
(ccs.c.shop.nintendowifi.net):
(cdm.cursecdn.com):
(cdn02.nintendo-europe.com):
(cdn.content.exoticads.com):
(cdn.syndication.twitter.com):
(cfg-loader-mod.googlecode.com):
(cgi2.nintendo.co.jp):
(chaturbate.com):
(clients1.google.com):
(clients1.google.fi):
(clients1.google.fr):
(clients1.google.it):
(cm.g.doubleclick.net):
(com):
(conjurorthegame.com):
(connect.facebook.net):
(conntest.nintendowifi.net):
(csi.gstatic.com):
(cx.atdmt.com):
(d3rqsl5z8ym7ju.cloudfront.net):
(d7zqwa95stc72.cloudfront.net):
(d.adroll.com):
(db.gamefaqs.com):
(de.chaturbate.com):
(defcon.org):
(developers.pinterest.com):
(dhrt.e24a4436.wc.syssec-research.mmci.uni-saarland.de):
(dl.dropboxusercontent.com):
(dnsscan.shadowserver.org):
(docs.google.com):
(drive.google.com):
(dw.cbsi.com):
(ecs.c.shop.nintendowifi.net):
(ecs.wup.shop.nintendo.net):
(edge.quantserve.com):
(encrypted-tbn0.gstatic.com):
(encrypted-tbn1.gstatic.com):
(encrypted-tbn3.gstatic.com):
(eventlogger.soundcloud.com):
(facebook.com):
(farm8.staticflickr.com):
(farm9.staticflickr.com):
(fbcdn-dragon-a.akamaihd.net):
(fbcdn-photos-f-a.akamaihd.net):
(fbcdn-profile-a.akamaihd.net):
(fbcdn-sphotos-a-a.akamaihd.net):
(fbcdn-sphotos-b-a.akamaihd.net):
(fbcdn-sphotos-c-a.akamaihd.net):
(fbcdn-sphotos-d-a.akamaihd.net):
(fbcdn-sphotos-e-a.akamaihd.net):
(fbcdn-sphotos-f-a.akamaihd.net):
(fbcdn-sphotos-g-a.akamaihd.net):
(fbcdn-sphotos-h-a.akamaihd.net):
(fbcdn-vthumb-a.akamaihd.net):
(fbexternal-a.akamaihd.net):
(fbstatic-a.akamaihd.net):
(feed43.com):
(filetrip.net):
(flattr.com):
(fonts.adobe.com):
(fonts.googleapis.com):
(fonts.gstatic.com):
(fpdownload.macromedia.com):
(fuck.app.nintendowifi.net):
(g2.symcb.com):
(gbatemp.net):
(g.engagelab.com):
(geo2.adobe.com):
(geoservice.curse.com):
(get3.adobe.com):
(get.adobe.com):
(gn.symcd.com):
(go.gateway-3ds.com):
(googleads.g.doubleclick.net):
(graph.facebook.com):
(g.symcd.com):
(gtssl2-ocsp.geotrust.com):
(gu.symcd.com):
(gv.symcd.com):
(hackmii.com):
(hbc.hackmii.com):
(i1338.photobucket.com):
(i1.sndcdn.com):
(i1.ytimg.com):
(i33.photobucket.com):
(i46.photobucket.com):
(i57.tinypic.com):
(i58.tinypic.com):
(i59.tinypic.com):
(i60.tinypic.com):
(i62.tinypic.com):
(ib.adnxs.com):
(i.imgur.com):
(images.dmca.com):
(images.google.com):
(imageshack.com):
(imagizer.imageshack.us):
(img.youtube.com):
(i.nintendo.net):
(it.chaturbate.com):
(it-it.facebook.com):
(it.pinterest.com):
(i.w55c.net):
(i.ytimg.com):
(jobs.nintendo.de):
(js.indexww.com):
(js.revsci.net):
(l.betrad.com):
(lh3.googleusercontent.com):
(lh4.googleusercontent.com):
(lh5.googleusercontent.com):
(lh6.googleusercontent.com):
(l-npns.app.nintendo.net):
(mail.google.com):
(maps.google.fi):
(maps.google.fr):
(maps.google.it):
(microsite.nintendo-europe.com):
(miiverse.nintendo.net):
(m.neogaf.com):
(ms.nintendo-europe.com):
(nasc.nintendowifi.net):
(news.google.it):
(ninja.wup.shop.nintendo.net):
(nncs1.app.nintendowifi.net):
(nncs2.app.nintendowifi.net):
(nos.nintendo-europe.com):
(nppl.app.nintendo.net):
(nppl.c.app.nintendowifi.net):
(nus.cdn.c.shop.nintendowifi.net):
(nus.c.shop.nintendowifi.net):
(nus.wup.shop.nintendo.net):
(oauth.googleusercontent.com):
(ocsp2.globalsign.com):
(ocsp.digicert.com):
(ocsp.geotrust.com):
(ocsp.globalsign.com):
(ocsp.godaddy.com):
(ocsp.omniroot.com):
(ocsp.starfieldtech.com):
(ocsp.thawte.com):
(ocsp.verisign.com):
(origin11.stream.highwebmedia.com):
(origin12.stream.highwebmedia.com):
(origin13.stream.highwebmedia.com):
(origin14.stream.highwebmedia.com):
(origin15.stream.highwebmedia.com):
(origin16.stream.highwebmedia.com):
(origin2.stream.highwebmedia.com):
(origin3.stream.highwebmedia.com):
(origin5.stream.highwebmedia.com):
(origin7.stream.highwebmedia.com):
(ox-d.adobe.com):
(ox-d.curse.servedbyopenx.com):
(p4-dqyohtrkwtr4e-5mmwre4hsg4qsgdm-551121-i1-v6exp3-v4.metric.gstatic.com):
(p4-dqyohtrkwtr4e-5mmwre4hsg4qsgdm-551121-i2-v6exp3-ds.metric.gstatic.com):
(p4-dqyohtrkwtr4e-5mmwre4hsg4qsgdm-551121-s1-v6exp3-v4.metric.gstatic.com):
(p4-dqyohtrkwtr4e-5mmwre4hsg4qsgdm-if-v6exp3-v4.metric.gstatic.com):
(p4-g456vqnaoooge-yfntoqf2c5nvpveb-601312-i1-v6exp3-ds.metric.gstatic.com):
(p4-g456vqnaoooge-yfntoqf2c5nvpveb-601312-i2-v6exp3-v4.metric.gstatic.com):
(p4-g456vqnaoooge-yfntoqf2c5nvpveb-if-v6exp3-v4.metric.gstatic.com):
(pagead2.googlesyndication.com):
(partner.googleadservices.com):
(pix04.revsci.net):
(pixel.facebook.com):
(pixel.quantserve.com):
(platform.twitter.com):
(play.google.com):
(plus.google.com):
(p.nintendo.net):
(p.rfihub.com):
(promoted.soundcloud.com):
(p.typekit.net):
(pubads.g.doubleclick.net):
(pushmore.wup.shop.nintendo.net):
(r2---sn-fpoq-hm2l.googlevideo.com):
(rp.gwallet.com):
(s0.2mdn.net):
(s10.flagcounter.com):
(s1.2mdn.net):
(s.adroll.com):
(sb.scorecardresearch.com):
(scontent-a-mxp.xx.fbcdn.net):
(scontent-b-mxp.xx.fbcdn.net):
(sd.symcd.com):
(secure.adnxs.com):
(secure.gravatar.com):
(secure.quantserve.com):
(se.symcd.com):
(shoptemp.net):
(s-media-cache-ak0.pinimg.com):
(snes9x-gx.googlecode.com):
(soundcloud.com):
(s-passets-cache-ak0.pinimg.com):
(ssl-ccstatic.highwebmedia.com):
(ssl-cdn.highwebmedia.com):
(ssl.google-analytics.com):
(ssl.gstatic.com):
(s-static.ak.facebook.com):
(stars.nintendo-europe.com):
(static2.flattr.net):
(static3.flattr.net):
(static4.flattr.net):
(static.ak.facebook.com):
(static.gamefaqs.com):
(stats.adobe.com):
(stats.g.doubleclick.net):
(store1.adobe.com):
(store.nintendo.co.uk):
(sync.tidaltv.com):
(syndication.twitter.com):
(s.youtube.com):
(s.ytimg.com):
(t0.gstatic.com):
(t1.gstatic.com):
(t2.gstatic.com):
(t3.gstatic.com):
(tagaya.wup.shop.nintendo.net):
(tags.bkrtx.com):
(tpc.googlesyndication.com):
(translate.google.fi):
(translate.google.fr):
(translate.google.it):
(twitter.com):
(um.simpli.fi):
(u.openx.net):
(us-u.openx.net):
(va.sndcdn.com):
(vassg141.ocsp.omniroot.com):
(version.bind):
(VERSION.BIND):
(video.google.it):
(vlch.net):
(webmetrics.nintendo-europe.com):
(wiiubrew.org):
(wiki.gbatemp.net):
(wis.sndcdn.com):
(www.adobe.com):
(www.adobetag.com):
(www.baidu.com):
(www.blogger.com):
(www.camfolk.info):
(www.codemii.com):
(www.exroxy.com):
(www.facebook.com):
(www.freeproxy.ru):
(www.gamefaqs.com):
(www.gc-forever.com):
(www.googleadservices.com):
(www.google-analytics.com):
(www.google.com):
(www.google.com.dnstest.nys.nyenet):
(www.google.fi):
(www.google.fr):
(www.google.it):
(www.googletagmanager.com):
(www.googletagservices.com):
(www.gravatar.com):
(www.gstatic.com):
(wwwimages2.adobe.com):
(wwwimages.adobe.com):
(www.mediawiki.org):
(www.nds-card.com):
(www.neogaf.com):
(www.nintendo.at):
(www.nintendo.be):
(www.nintendo.ch):
(www.nintendo.co.jp):
(www.nintendo.com):
(www.nintendo.co.uk):
(www.nintendo.co.za):
(www.nintendo.de):
(www.nintendo.es):
(www.nintendo-europe.com):
(www.nintendo.fr):
(www.nintendo.it):
(www.nintendokidsclub.co.uk):
(www.nintendolandia.it):
(www.nintendo.nl):
(www.nintendo.pt):
(www.nintendo.ru):
(www.phpbb.com):
(www.pinterest.com):
(www.pokemon.com):
(www.pokemonrubysapphire.com):
(www.proxy4free.com):
(www.proxylists.net):
(www.proxysolutions.net):
(www.proxywiki.org):
(www.proxz.com):
(www.speedtest.net):
(www.stsoftware.biz):
(www.thommysplace.com):
(www.twitter-button.net):
(www.twitter.com):
(www.xroxy.com):
(www.youtube.com):
(www.youtube-nocookie.com):
(xenforo.com):
 
  • Like
Reactions: Margen67
Ninja_Carver

Ninja_Carver

Well-Known Member
OP
Member
Level 5
Joined
Dec 27, 2012
Messages
364
Trophies
0
Age
39
XP
652
Country
United States
I received an e-mail at 5:30 this morning from Amazon Web Services stating that there have been reports of my box being part of a DDoS (Distributed Denial of Service) attack.

The email reads as follows:

Code: 
Hello,
 
You have outstanding abuse reports against your EC2 instance(s) and we are notifying you that we have investigated and observed abuse activity. Please take corrective measures as soon as possible and notify us that you have done so. Your response is required and failure to respond within 48 hours may result in the isolation of your instance(s).
 
Please contact us at at [email protected] to notify us of your corrective actions, or if you believe that these findings are in error.
 
Instance ID: xxxxxxxxxx
 
Reason: DoS
 
If you are unaware of the source of the reported abuse, your instance(s) were most likely compromised by an external attacker. If you were compromised by an external attacker the best recourse is to back up your data, migrate your applications to a new instance, and terminate the old one.
 
Please be aware: According to the terms of the Web Services License Agreement (http://aws.amazon.com/agreement/), if your instance(s) continue abusive behavior in violation of the Acceptable Use Policy (http://aws.amazon.com/aup/), your instances and account may be subject to termination.
 
Please remember that you are responsible for ensuring that your instances and all applications are properly secured. For more information on security best practices please review the following resources:
 
Tips for Securing Your EC2 Instance:
http://aws.amazon.com/articles/Amazon-EC2/1233
Security Best Practices:
http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
AWS Security Center:
http://aws.amazon.com/security
 
Thank you,
The EC2 Abuse Team
________________________________________
After investigating, it appears that because my DNS server was an open resolver (available to the public), it was picked up by a subnet scan and used in a DNS Amplification attack against various websites. The resulting traffic from the above attack has also resulted in charges to my AWS account to the tune of $252. Needless to say, this project is terminated. Thanks
 
Ray Lewis

Ray Lewis

Banned!
Banned
Level 4
Joined
Dec 30, 2012
Messages
1,518
Trophies
0
XP
419
Country
United States
Ouch, see what happens when you try to be generous and/or give out any information? It is simple; block mac addresses. I have my phone and computer for anything else and really don't need anything online from the Wii U at this time. There are pages where people can find out how to block MANY Nintendo functions. With custom router firmware (DDWRT?) I literally went to one part and copy/pasted the firewall settings. Somebody could probably dig further into that.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Gaming  Online services for the 3DS and Wii U have been shutdown. Here is how to get back online!

Very annoying that Nintendo never fixed this bug

Pretendo not working with updated games?!

Can you hack your wii u with something other than sd card

Hacking Hardware  Broken WII U, MLC replaced with an SD card De_fuse 0.8 not working

Hacking Emulation Homebrew  Could you explain to me why there are no standalone emulators on Wiiu using aroma?

List of Pretendo Error Codes

Wii U (bricked) Mii Maker

General chit-chat
Help Users
    BigOnYa @ BigOnYa: This is how I have to do it w uremum... https://youtu.be/wV_BPDi8Ems?si=1UUzI1S7Rp6sujmq