Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Web Feed] Blocking Cisco Umbrella Roaming Client from bypassing your pi-hole, on your o...
91 views
Skip to first unread message
Feed Supplier
Apr 14, 2021, 7:47:39 PM4/14/21
to
..wn network
The Cisco Umbrella Roaming Client is a Windows service installed on some enterprise-managed devices.
It sets the computer's DNS settings such that all queries are forcibly resolved by OpenDNS. It uses encrypted DNS (EDNS).
This allows that computer to bypass your pi-hole or other DNS filtering in place on your own network.
The
official documentation: https://docs.umbrella.com/deployment-umbrella/docs/appx-a-status-and-functionality
describes when the computer will use Umbrella and when it will use your router's DNS. It relies on probes to determine state.
Based on those documents, these actions can force the Umbrella Roaming Client to operate in the Open state which will avoid OpenDNS and continue to use your pi-hole or other DNS filtering in place on your network:
-On your router, add a firewall rule to block IPs: 208.67.222.222, 208.67.220.220, 2620:119:53::53, and 2620:119:35::35
-For more granularity, block only ports 443/udp and 53/udp for those IPs.
How to know if the computer uses Cisco Umbrella Roaming Client? Look for a running Windows process named "ERCService.exe".
As the computer with this service is probably installed by enterprise IT team, I will not talk about removing the service or modifying the computer. My instructions are at the network level - an enterprise device on your network should not be allowed to do whatever it wants.
--
Generated automatically from a Web feed
The Cisco Umbrella Roaming Client is a Windows service installed on some enterprise-managed devices.
It sets the computer's DNS settings such that all queries are forcibly resolved by OpenDNS. It uses encrypted DNS (EDNS).
This allows that computer to bypass your pi-hole or other DNS filtering in place on your own network.
The
official documentation: https://docs.umbrella.com/deployment-umbrella/docs/appx-a-status-and-functionality
describes when the computer will use Umbrella and when it will use your router's DNS. It relies on probes to determine state.
Based on those documents, these actions can force the Umbrella Roaming Client to operate in the Open state which will avoid OpenDNS and continue to use your pi-hole or other DNS filtering in place on your network:
-On your router, add a firewall rule to block IPs: 208.67.222.222, 208.67.220.220, 2620:119:53::53, and 2620:119:35::35
-For more granularity, block only ports 443/udp and 53/udp for those IPs.
How to know if the computer uses Cisco Umbrella Roaming Client? Look for a running Windows process named "ERCService.exe".
As the computer with this service is probably installed by enterprise IT team, I will not talk about removing the service or modifying the computer. My instructions are at the network level - an enterprise device on your network should not be allowed to do whatever it wants.
--
Generated automatically from a Web feed
0 new messages