On Wed, 16 Jan 2019 20:20:04 -0800 Adam McKenna <a...@flounder.net> wrote: > I was hit by this bug last night. After plugging a new Internet provider > into my local network, my Debian router automatically added an IP address > and default route to the new device. This resulted in my entire home's > Internet access being disrupted as the router tried to route traffic via > the new device. What's worse is that when the default route is removed > it's automatically added back.
Hi Adam,
Thanks for the report.
Do I understand correctly that you plugged some kind of USB modem into
your router which was running dhcpcd, so that the modem showed up as a
new network interface?
In that situation, as you found, dhcpcd will run in master mode by
default - see the manpage for what that means.
> dhcpcd is STILL bringing up this interface even after disabling the DHCP
> server on the AT&T device. The IP address that dhcpcd added is not visible
> in ifconfig. It only shows up when you run 'ip addr list'.
Yes, ifconfig is deprecated - please only use `ip ...`.
> This is very serious security bug. This bug could easily be exploited by
> an attacker to force routing of traffic via the attacker's device.
>
> Relevant logs/config files:
>
> Jan 17 03:56:32 raspberrypi dhcpcd[16922]: eth0: Router Advertisement from
> fe80:[removed]
> Jan 17 03:56:32 raspberrypi dhcpcd[16922]: eth0: adding address [removed
> ipv6 address]
> Jan 17 03:56:32 raspberrypi dhcpcd[16922]: eth0: soliciting a DHCPv6 lease
> Jan 17 03:56:35 raspberrypi dhcpcd[16922]: eth0: leased 192.168.1.67 for
> 86400 seconds
> Jan 17 03:56:35 raspberrypi dhcpcd[16922]: eth0: adding route to
> 192.168.1.0/24
> Jan 17 03:56:35 raspberrypi dhcpcd[16922]: eth0: adding default route via
> 192.168.1.254
>
> /etc/network/interfaces.d/eth0
> ==============================
> auto eth0
> iface eth0 inet static
> address [removed]
> netmask 255.255.255.0
>
> auto eth0:0
> allow-hotplug eth0:0
> iface eth0:0 inet static
> address 192.168.1.1
> netmask 255.255.255.0
>
>
> /etc/dhcpcd.conf
> ===============
> ddns-update-style none;
> default-lease-time 600;
> max-lease-time 7200;
> authoritative;
> log-facility local7;
>
> subnet [removed] netmask 255.255.255.0 {
> range [removed] [removed];
> option broadcast-address [removed];
> option routers [removed];
> default-lease-time 600;
> max-lease-time 7200;
> option domain-name "local-network";
You can avoid this issue by adding `allowinterfaces ...` or
`denyinterfaces ...` as appropriate to the /etc/dhcpcd.conf file.
--
Regards,
Scott Leggett.
signature.asc
Description: PGP signature
