Anyone familiar with the Efficient Networks 5681 router? - query on DNS relay

Hi Folks,

Have been on Zen Internet for almost 4 years now with no problems. I
recently received a security email from their abuse department to the effect
that they had identified a _potential_ security exploit in that my internet
connection was acting as an open recursive DNS server; The email went on to
say that this could be used to launch a denial of service attack as the DNS
server was accepting queries from any Internet address. The IP addresses
identified were my network address, broadcast address and router address.

My router is an Efficient Networks 5681 which has a DNS relay feature common
to most broadband routers, where it relays queries to Zen's DNS servers and
returns the responses.

Today at work I used Nslookup on a computer connected to an ADSL circuit and
was indeed able to perform DNS queries after specifying my router's address
as the DNS server. I guess Zen is running some type of script which scans
their IP ranges.

The general advice given in the Zen email was to reconfigure the DNS server
on the router if possible so that it only accepts DNS queries from local
addresses or known sources. They also mentioned they were unable to give
specific advice on router configuration.

I have never come across such an option in the 5681's setup. Can anyone
using this type of router (they were extremely popular a few years back)
advise whether this is possible?

tia

--
Peter <X-Files Fan>
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam




Trust No One®

"Trust No One®" <(E-Mail Removed)> wrote in message
news:44341e78$0$23296$(E-Mail Removed)...
> Hi Folks,
>
> Have been on Zen Internet for almost 4 years now with no problems. I
> recently received a security email from their abuse department to the
> effect that they had identified a _potential_ security exploit in that my
> internet connection was acting as an open recursive DNS server; The email
> went on to say that this could be used to launch a denial of service
> attack as the DNS server was accepting queries from any Internet address.
> The IP addresses identified were my network address, broadcast address and
> router address.
>
> My router is an Efficient Networks 5681 which has a DNS relay feature
> common to most broadband routers, where it relays queries to Zen's DNS
> servers and returns the responses.
>
> Today at work I used Nslookup on a computer connected to an ADSL circuit
> and was indeed able to perform DNS queries after specifying my router's
> address as the DNS server. I guess Zen is running some type of script
> which scans their IP ranges.
>
> The general advice given in the Zen email was to reconfigure the DNS
> server on the router if possible so that it only accepts DNS queries from
> local addresses or known sources. They also mentioned they were unable to
> give specific advice on router configuration.
>
> I have never come across such an option in the 5681's setup. Can anyone
> using this type of router (they were extremely popular a few years back)
> advise whether this is possible?
>
> tia
>
> --
> Peter <X-Files Fan>
> Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
> auto-binned as spam
>

Check out this thread on ADSLGuide. Seems a few people have had the emails.
Also some suggestions on how to sort which are fairly generic so should work
for most routers

http://bbs.adslguide.org.uk/showthre...=&view=&sb=&o=

Nicola Redwood wrote:

>>
>
> Check out this thread on ADSLGuide. Seems a few people have had the
> emails. Also some suggestions on how to sort which are fairly generic
> so should work for most routers
>
> http://bbs.adslguide.org.uk/showthre...=&view=&sb=&o=

Thank you for the link.

Looks like I need to do some playing with firewall rules. Unfortunately it
is a manual process with the 5681


--
Peter <X-Files Fan>
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam