Re: [pfSense-discussion] article: Millions of Home Routers at Risk
On Tue, Aug 3, 2010 at 3:25 AM, Tortise wrote: > > - Original Message - From: "John Dakos" > To: > Sent: Tuesday, August 03, 2010 6:57 PM > Subject: RE: [pfSense-discussion] article: Millions of Home Routers at Risk > > > Re pf.jpg can someone clarify what a Yes in the right column represents > please: > > a) Yes the router was successful in preventing the attack > b) Yes the attack was shown to succeed > c) Something else (just in case...) > > Obviously if it is b) then that is different to the quoted article pfSense 1.2.3 does not protect against DNS rebind attacks. The vulnerability does not imply that the firewall(s)/routers themselves are open for compromise, only that they don't help protect against the attack (which potentially allows for external access of _any_ web server, not just the firewall). pfSense 2.0 uses a newer version of dnsmasq that allows us to help protect the network (_IF_ pfSense is the DNS server for your network, if it's not, this protection is up to your DNS server to provide). Further, we also detect the hostname used to connect to the web interface and if it's not a previously known name, you will be notified that something is amiss. Again, to be clear. What this attack allows is an outside attacker to gain the ability to access an internally available web site - it does not itself grant the ability to login to the site. Compromise of the web site/application would require other pre-existing vulnerabilities (in application, browser, etc). An attack against the web interface of pfSense itself would have to include as of yet unknown web UI vulnerabilities. --Bill - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] article: Millions of Home Routers at Risk
- Original Message - From: "John Dakos" To: Sent: Tuesday, August 03, 2010 6:57 PM Subject: RE: [pfSense-discussion] article: Millions of Home Routers at Risk Re pf.jpg can someone clarify what a Yes in the right column represents please: a) Yes the router was successful in preventing the attack b) Yes the attack was shown to succeed c) Something else (just in case...) Obviously if it is b) then that is different to the quoted article - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] article: Millions of Home Routers at Risk
On Mon, Aug 2, 2010 at 3:53 AM, LM wrote: > What is the status of this? > A patch is going to be released or what? > I'll put up a blog post later - the just of it is use a strong password and you're fine. The protection we added simply protects from gross negligence (or future vulnerabilities in the web interface, of which none are known), there is no patch to fix anything as nothing in our code is a problem. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] article: Millions of Home Routers at Risk
The last 2 paragraphs: Heffner also called on router vendors to build in DNS Rebinding mitigations into their routers directly. "The only router software that I know of that does this now is pfsense," Heffner said. "They contacted me when my Black Hat talk abstract went up." pfsense rocks.. waiting impatiently for ver 2... :) On 2 August 2010 02:06, LM wrote: > not really xD > I just read it another one long time ago. > Taking note about your answer... I think I should read it... xD > > Let me see... > > Well, no news for me, I still don't know what is going on with PFSense... > (maybe it is clear in the article and maybe I need another coffee :D) > > > El 02/08/10 10:12, Peter van Arkel escribió: >> >> On Mon, 02 Aug 2010, LM wrote: >> >> >>> >>> What is the status of this? >>> A patch is going to be released or what? >>> >> >> Have you even read the article or what? :) >> >> > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] article: Millions of Home Routers at Risk
not really xD I just read it another one long time ago. Taking note about your answer... I think I should read it... xD Let me see... Well, no news for me, I still don't know what is going on with PFSense... (maybe it is clear in the article and maybe I need another coffee :D) El 02/08/10 10:12, Peter van Arkel escribió: On Mon, 02 Aug 2010, LM wrote: What is the status of this? A patch is going to be released or what? Have you even read the article or what? :) - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] article: Millions of Home Routers at Risk
On Mon, 02 Aug 2010, LM wrote: > What is the status of this? > A patch is going to be released or what? Have you even read the article or what? :) -- Peter van Arkel T: +31 623988844 | p.vanar...@gmail.com RIPE: PvA63-RIPE | PGP: 0xA0991D6B - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] article: Millions of Home Routers at Risk
What is the status of this? A patch is going to be released or what? El 31/07/10 20:51, Cristian Ionescu-Idbohrn escribió: "The only router software that I know of that does this now is pfsense," Heffner said. "They contacted me when my Black Hat talk abstract went up." http://www.esecurityplanet.com/features/article.php/3895851/Millions-of-Home-Routers-at-Risk.htm Cheers, - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense-discussion] article: Millions of Home Routers at Risk
"The only router software that I know of that does this now is pfsense," Heffner said. "They contacted me when my Black Hat talk abstract went up." http://www.esecurityplanet.com/features/article.php/3895851/Millions-of-Home-Routers-at-Risk.htm Cheers, -- Any kind of work is worth doing well. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org