…they tell you that you have a security hole that you weren’t aware of. I just received an email which said:
“It has been identified that your internet connection is acting as an open recursive DNS server. This means that your connection could contribute to a DDoS (Distributed Denial of Service) attack resulting in your and other people’s connections becoming unusable.”
This confused me, as although the IP given was in my range, I was sure I didn’t have anything on that number. A quick check later and it turns out that I do have equipment there: my Zyxel ADSL router. A play with
host confirms that they are 100% right and I can lookup DNS via my router, despite the fact that I don’t use it for DNS – it just gets the settings when it DHCP’s the ISP after startup, and there are no DNS settings in the device.
It took just a few moments to fix with an explicit deny of all incoming DNS requests to that IP, but it’s a worrying thought that I would not have found this hole as I never considered the box capable of DNS as I hadn’t set it up to serve any: spending time making sure my DNS server has correct views could have been pointless.
So, thank you Zen, and a warning to everyone out there who has Zyxel Prestige 630-H in static IP no-NAT routing mode. Oh, and the reason this is praise and not a rant at my ISP is that they not only inform, but treat me as an adult too:
“At this point we are only informing you of a potential security vulnerability on your network. However, if we receive abuse reports about your connection contributing to a DoS/DDoS attack, your connection may be suspended until such time that this security hole is closed.”
Can’t argue with that at all; it’s just a pity that not all home ISP’s did this, or ‘bot armies would be on the decline.