Why would a CPE have an open DNS resolver from the WAN side? Gary Baribault
On 03/14/2014 12:45 PM, Livingood, Jason wrote: > Well, at least all this CPE checks in for security updates every night so > this should be fixable. Oh wait, no, nevermind, they don't. :-( > > > This is getting to be the vulnerability of the week club for home gateway > devices - quite concerning. > > JL > > On 3/14/14, 12:05 PM, "Merike Kaeo" <mer...@doubleshotsecurity.com> wrote: > >> On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer <bortzme...@nic.fr> >> wrote: >> >>> On Fri, Mar 14, 2014 at 01:59:27PM +0000, >>> Nick Hilliard <n...@foobar.org> wrote >>> a message of 10 lines which said: >>> >>>> did you characterise what dns servers / embedded kit were >>>> vulnerable? >>> He said "We have not been able to nail this vulnerability down to a >>> single box or manufacturer" so it seems the answer is No. >> >> >> It is my understanding that many CPEs work off of same reference >> implementation(s). I haven't >> had any cycles for this but with all the CPE issues out there it would be >> interesting to have >> a matrix of which CPEs utilize which reference implementation. That may >> start giving some clues. >> >> Has someone / is someone doing this? >> >> - merike >> > >