After changing my GL.iNet White (GL-AR150 with firmware 3.201-release) into the mode ‘Cable LAN’ via the Web interface → More → Network Mode: Access Point, I still see
dnsmasq be offered on all interfaces, even public ones. I checked this with
netstat -tulpen on the SSH interface.
@GL.iNet, is it possible to disable that in the network mode Access Point? Or, if
dnsmasq is required internally, restrict it to the localhost interfaces? Currently, an attacker on the network could use that DNS proxy to cloak himself, because services exist which allow surfing via DNS.