nanog mailing list archives
Re: new DNS forwarder vulnerability
From: Gary Baribault <gary () baribault net>
Date: Sat, 15 Mar 2014 12:26:02 -0400
Why would a CPE have an open DNS resolver from the WAN side? Gary Baribault On 03/14/2014 12:45 PM, Livingood, Jason wrote:
Well, at least all this CPE checks in for security updates every night so this should be fixable. Oh wait, no, nevermind, they don't. :-( This is getting to be the vulnerability of the week club for home gateway devices - quite concerning. JL On 3/14/14, 12:05 PM, "Merike Kaeo" <merike () doubleshotsecurity com> wrote:On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer <bortzmeyer () nic fr> wrote:On Fri, Mar 14, 2014 at 01:59:27PM +0000, Nick Hilliard <nick () foobar org> wrote a message of 10 lines which said:did you characterise what dns servers / embedded kit were vulnerable?He said "We have not been able to nail this vulnerability down to a single box or manufacturer" so it seems the answer is No.It is my understanding that many CPEs work off of same reference implementation(s). I haven't had any cycles for this but with all the CPE issues out there it would be interesting to have a matrix of which CPEs utilize which reference implementation. That may start giving some clues. Has someone / is someone doing this? - merike
Current thread:
- new DNS forwarder vulnerability Mark Allman (Mar 14)
- Re: new DNS forwarder vulnerability Nick Hilliard (Mar 14)
- Re: new DNS forwarder vulnerability Stephane Bortzmeyer (Mar 14)
- Re: new DNS forwarder vulnerability Merike Kaeo (Mar 14)
- Re: new DNS forwarder vulnerability Nick Hilliard (Mar 14)
- Re: new DNS forwarder vulnerability Livingood, Jason (Mar 14)
- Re: new DNS forwarder vulnerability Gary Baribault (Mar 15)
- Re: new DNS forwarder vulnerability Joe Greco (Mar 15)
- Re: new DNS forwarder vulnerability Laszlo Hanyecz (Mar 15)
- Re: new DNS forwarder vulnerability Paul Ferguson (Mar 15)
- Re: new DNS forwarder vulnerability Stephane Bortzmeyer (Mar 14)
- Re: new DNS forwarder vulnerability Wayne E Bouchard (Mar 14)
- Re: new DNS forwarder vulnerability Jimmy Hess (Mar 15)
- Re: new DNS forwarder vulnerability Nick Hilliard (Mar 14)