-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 That's a good question, but I know that during the ongoing survey within the Open Resolver Project [http://openresolverproject.org/], Jared found thousands of CPE devices which responded as resolvers. Further work needs to go into fingerprinting these devices to determine the vendor, version, etc., but it is disturbing to see such brokenness. :-/ - - ferg On 3/15/2014 9:26 AM, Gary Baribault wrote:
Why would a CPE have an open DNS resolver from the WAN side?
Gary Baribault
On 03/14/2014 12:45 PM, Livingood, Jason wrote:
Well, at least all this CPE checks in for security updates every night so this should be fixable. Oh wait, no, nevermind, they don't. :-(
This is getting to be the vulnerability of the week club for home gateway devices - quite concerning.
JL
On 3/14/14, 12:05 PM, "Merike Kaeo" <merike@doubleshotsecurity.com> wrote:
On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Fri, Mar 14, 2014 at 01:59:27PM +0000, Nick Hilliard <nick@foobar.org> wrote a message of 10 lines which said:
did you characterise what dns servers / embedded kit were vulnerable? He said "We have not been able to nail this vulnerability down to a single box or manufacturer" so it seems the answer is No.
It is my understanding that many CPEs work off of same reference implementation(s). I haven't had any cycles for this but with all the CPE issues out there it would be interesting to have a matrix of which CPEs utilize which reference implementation. That may start giving some clues.
Has someone / is someone doing this?
- merike
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlMkgYQACgkQKJasdVTchbLR1AD9Ey+ISQtaVoJKReLZ6ZzHI7/4 91h+HIQgvazMAne+NMsA/3CCQVw9KG1U6oZdouKexi8ycVw1Y4d4poH+7Yfh4zEh =bFpE -----END PGP SIGNATURE-----