Diffrent DNS vulnerabilities and DNS amplification attacks have been on network security news lately. Yesterday I got e-mail from my ISP Elisa that I had an open DNS server running on my Internet connection, and it should be immediately disabled (someone had reported on problems with this). I was wondering what was happening, because none of my devices should have such such service running.
I asked for some more information on them (for example IP address of the server) so I could sort out that when I got home. I was wondering what could it be, because I had only two devices directly connected to Internet: Elisa viihde IPTV set-to-box and D-link DIR-100 router/firewall. All the computers were behind that router/firewall in a way they can’t act like servers to Internet.
It turned out that the D-link DIR-100 router was acting as publicly accessible DNS server on the network. I checked manuals, reconfigured it and everything, but the problem did not go away. I checked also if there was a firmware update available for my device, but according the check I already had the newest firmware available on my device (from year 2008) installed on my device. What a stupid that this device has a public DNS server functionality running on it’s WAN port (should be only accessible in LAN port) and it does not seem to have any way to disable that (no control to turn it off and firewall rule configuration tool so stupid that I can’t write suitable rule to block that.
D-link still has DIR-100 router available, so I am wondering if it still has years old firmware on it. Or is that newer device based on different hardware and firmware but still carries that same name (often happens on consumer devices), and I am left out of updates for my older model. My router/firewall had been running years without problems (at least me not knowing that anything was wring), but now overnight it turned to be of not use.
I changed the firewall device to another (older) model and the problem was solved for now. I used Open Resolver Project on-line tool DNS Check to verify that the problem existed and was solved after the firewall device change.
What we can learn on this? You can’t trust your firewall software to be OK. These embedded computers are riddled with vulnerabilities, and there’s no good way to patch them.