Latest revision as of 09:22, 25 February 2015

Billion

Billion routers appear to have a built-in DNS resolver, and answer queries on the WAN interface by default, so is vulnerable to taking part in DDoS attacks by replying to spoofed dns queries. Screenshot below shows how to block this in filters.

This was tested on Firmware Version : 2.7.0.23(UE0.C2C)3.5.10.1

Then re-test from the Control Pages: https://clueless.aa.net.uk/dnsresolvers.cgi

Please note that on these routers this does not prevent the router's internal resolver from doing the DNS lookup itself. This isn't usually a problem, but due to recent DNS amplification attacks sometimes lookups have continued after fixing the original problem. To prevent this add a rule blocking DNS *from* the router's WAN IP *to* port 53. This will prevent usage of the router as the LAN's DNS resolver.

@@ Line 6: / Line 6: @@
 [[File:Billion_dns_filter1.jpg|400px]]
+*Then re-test from the Control Pages: https://clueless.aa.net.uk/dnsresolvers.cgi
 Please note that on these routers this does not prevent the router's internal resolver from doing the DNS lookup itself. This isn't usually a problem, but due to recent DNS amplification attacks sometimes lookups have continued after fixing the original problem. To prevent this add a rule blocking DNS *from* the router's WAN IP *to* port 53. This will prevent usage of the router as the LAN's DNS resolver.
 [[Category:Open DNS Resolvers]]
-[[Category:Router]]
+[[Category:3rd Party Routers]]