[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new DNS forwarder vulnerability

Subject: new DNS forwarder vulnerability
From: jgreco at ns.sol.net (Joe Greco)
Date: Sat, 15 Mar 2014 07:36:34 -0500 (CDT)
In-reply-to: <[email protected]>

> Why would a CPE have an open DNS resolver from the WAN side?

Honest to god, are you new to computers or something?

People have been writing "just good enough" code since the beginning.

A resolver package binds to *:53 by default.  Some poor firmware guys
with no security experience, deadlines, and too few bytes for code
storage don't notice or don't know or don't care and install the 
resolver feature on the firmware that they're designing, then promptly
never think about it again "because that feature works and is therefore
done."

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

References:
- new DNS forwarder vulnerability
  - From: gary at baribault.net (Gary Baribault)

Prev by Date: new DNS forwarder vulnerability
Next by Date: US to relinquish control of Internet
Previous by thread: new DNS forwarder vulnerability
Next by thread: new DNS forwarder vulnerability
Index(es):
- Date
- Thread