Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Aug 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Open recursive DNS exploits: how to prevent?

    I am wrestling with a problem with my son's Windows 7 system and would appreciate advice. He has received the following message from his ISP:

    __________________________________
    Subject: Potential Security Problem Detected

    SECURITY NOTIFICATION
    =====================

    Hello Mr Paul Leyton,

    A sweep of customer's IP allocations has revealed the following IPs in your range are showing as susceptible to Open Recursive DNS exploits:

    82.xx.xxx.xxx

    The associated Zen username is: zen22xxxx@zen

    You can confirm this is the case using our recursive DNS tool - http://security.zensupport.co.uk/

    This particular type of vulerability is viewed as extremely serious, and we ask for your co-operation in removing it as a threat. Information on open recursive DNS exploits is available here -
    http://www.zensupport.co.uk/knowledg....aspx?id=10538 - which also includes some possible fixes for the problem.

    Please take action to secure your equipment.

    Note some models of Draytek router have a firmware bug that turns on ODR. If you have a Draytek router you may need to speak to Draytek to obtain a new firmware.

    Best regards

    ---------------------------------------------------------
    Technical Support - Abuse Department
    Zen Internet Ltd.
    E: abuse@zen.co.uk
    W: http://www.zensupport.co.uk/

    Zen Internet Limited is registered in England No. 03101568, VAT Reg No. 686
    0495 01.
    ____________________________________

    We have run a full virus check and malware check - with no problem being reported. So we assume that the reported behaviour is not due to any obvious kind of software intrusion.

    He is using an Addon NWAR3650 router. We cannot see anything in the documentation that can be set/unset to cause this problem. The ISP is unable/unwilling to help.

    Any advice on solving this would be much appreciated, as would opinions on whether this is an important issue or could we simply ignore it (without serious consequences)?

    Richard

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Did you check using the recursive DNS tool?

    Have you contacted Addon support or checked for a firmware update for the router?

  3. #3
    New Lounger
    Join Date
    Aug 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    We checked using the DNS tool mentioned in the Zen email - I think this is a standard one: is there an alternative available?

    We have updated the firmware: talking to Addon support may be the next thing - we held off doing this because of the suggestion that this could be a virus type problem.

  4. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    So the tool confirmed the problem, yes? And the firmware update for your son's router, that was upgraded since the email and still tested positive?

  5. #5
    New Lounger
    Join Date
    Aug 2011
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The tool confirmed a problem AFTER the firmware update - yes, sorry if I did not make that clear.

  6. #6
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    A sweep of customer's IP allocations has revealed the following IPs in your range are showing as susceptible to Open Recursive DNS exploits:

    82.xx.xxx.xxx

    The associated Zen username is: zen22xxxx@zen
    Double check the highlighted items above refer to you and your IP address. Do you have a static IP address? If not, it is possible Zen may have discovered a vulnerability on somebody else's kit and not yours.

    To verify it's your kit. Check your public IP address using whatsmyip.org. Switch off the router, leave it 30 seconds, then switch back on. Verify you have a new IP address using the same web based tool, then run the exploit checker from Zen once more using the new IP address obtained after the router reboot. Do you still have an issue? If not you can sleep tight.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •