6
edits
IPv6 Routers: Difference between revisions
→Other Settings & Config info
|
Disabling the firewall also exposes the DNS forwarder (whose software seems to have NO restrictions on the client-IP used!).
===Getting rid of Open DNS Forwarder===
Once the firewall is 'actually' disabled, there is now the problem that the DNS Forwarding function is now open-access to the world! This is bad because small spoofed-source UDP-packets can be sent to the router, resulting it a *large* UDP reply of the attackers' choice, a bandwidth-multiplication attack.
This can be resolved by:-
(a) On any machines with a static-IP-configuration, set their nameservers to go directly to AAISP (217.169.20.20 217.169.20.21) and do not try to use the routers' LAN IP address.
(b) Telnet into the Router, logon to Administrator, then enter commands:-
dhcp server config state=disabled
dhcp server pool config name LAN_custom localdns=disabled
dhcp server pool config name LAN_custom primdns=217.169.20.20
dhcp server pool config name LAN_custom secdns=217.169.20.21
dhcp server config state=enabled
dns server config state=disabled
saveall
What this does, is tells the DHCPv4 server to directly give out the addresses of AAISP's recursive DNS servers and not its, own, and then completely disable the integral DNS server (notice the DHCP server can only be reconfigured while disabled).
NB: You can check if Legacy IP addresses are running an Open Recursive server using the website:-
http://security.zensupport.co.uk/recdns/
===Problems connection to PPTP Servers===
| |||