nanog mailing list archives
Re: new DNS forwarder vulnerability
From: Joe Greco <jgreco () ns sol net>
Date: Sat, 15 Mar 2014 07:36:34 -0500 (CDT)
Why would a CPE have an open DNS resolver from the WAN side?
Honest to god, are you new to computers or something? People have been writing "just good enough" code since the beginning. A resolver package binds to *:53 by default. Some poor firmware guys with no security experience, deadlines, and too few bytes for code storage don't notice or don't know or don't care and install the resolver feature on the firmware that they're designing, then promptly never think about it again "because that feature works and is therefore done." ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- new DNS forwarder vulnerability Mark Allman (Mar 14)
- Re: new DNS forwarder vulnerability Nick Hilliard (Mar 14)
- Re: new DNS forwarder vulnerability Stephane Bortzmeyer (Mar 14)
- Re: new DNS forwarder vulnerability Merike Kaeo (Mar 14)
- Re: new DNS forwarder vulnerability Nick Hilliard (Mar 14)
- Re: new DNS forwarder vulnerability Livingood, Jason (Mar 14)
- Re: new DNS forwarder vulnerability Gary Baribault (Mar 15)
- Re: new DNS forwarder vulnerability Joe Greco (Mar 15)
- Re: new DNS forwarder vulnerability Laszlo Hanyecz (Mar 15)
- Re: new DNS forwarder vulnerability Paul Ferguson (Mar 15)
- Re: new DNS forwarder vulnerability Stephane Bortzmeyer (Mar 14)
- Re: new DNS forwarder vulnerability Wayne E Bouchard (Mar 14)
- Re: new DNS forwarder vulnerability Jimmy Hess (Mar 15)
- Re: new DNS forwarder vulnerability Nick Hilliard (Mar 14)