Open recursive DNS exploits: how to prevent?

Topic

New Reply

I am wrestling with a problem with my son’s Windows 7 system and would appreciate advice. He has received the following message from his ISP:

__________________________________
Subject: Potential Security Problem Detected

SECURITY NOTIFICATION
=====================

Hello Mr Paul Leyton,

A sweep of customer’s IP allocations has revealed the following IPs in your range are showing as susceptible to Open Recursive DNS exploits:

82.xx.xxx.xxx

The associated Zen username is: zen22xxxx@zen

You can confirm this is the case using our recursive DNS tool – http://security.zensupport.co.uk/

This particular type of vulerability is viewed as extremely serious, and we ask for your co-operation in removing it as a threat. Information on open recursive DNS exploits is available here –
http://www.zensupport.co.uk/knowledgebase/article.aspx?id=10538 – which also includes some possible fixes for the problem.

Please take action to secure your equipment.

Note some models of Draytek router have a firmware bug that turns on ODR. If you have a Draytek router you may need to speak to Draytek to obtain a new firmware.

Best regards

———————————————————
Technical Support – Abuse Department
Zen Internet Ltd.
E: abuse@zen.co.uk
W: http://www.zensupport.co.uk/

Zen Internet Limited is registered in England No. 03101568, VAT Reg No. 686
0495 01.
____________________________________

We have run a full virus check and malware check – with no problem being reported. So we assume that the reported behaviour is not due to any obvious kind of software intrusion.

He is using an Addon NWAR3650 router. We cannot see anything in the documentation that can be set/unset to cause this problem. The ISP is unable/unwilling to help.

Any advice on solving this would be much appreciated, as would opinions on whether this is an important issue or could we simply ignore it (without serious consequences)?

Richard

Reply | Quote

Replies

Did you check using the recursive DNS tool?

Have you contacted Addon support or checked for a firmware update for the router?

Reply | Quote

We checked using the DNS tool mentioned in the Zen email – I think this is a standard one: is there an alternative available?

We have updated the firmware: talking to Addon support may be the next thing – we held off doing this because of the suggestion that this could be a virus type problem.

Reply | Quote

So the tool confirmed the problem, yes? And the firmware update for your son’s router, that was upgraded since the email and still tested positive?

Reply | Quote

The tool confirmed a problem AFTER the firmware update – yes, sorry if I did not make that clear.

Reply | Quote

A sweep of customer’s IP allocations has revealed the following IPs in your range are showing as susceptible to Open Recursive DNS exploits:

82.xx.xxx.xxx

The associated Zen username is: zen22xxxx@zen

Double check the highlighted items above refer to you and your IP address. Do you have a static IP address? If not, it is possible Zen may have discovered a vulnerability on somebody else’s kit and not yours.

To verify it’s your kit. Check your public IP address using whatsmyip.org. Switch off the router, leave it 30 seconds, then switch back on. Verify you have a new IP address using the same web based tool, then run the exploit checker from Zen once more using the new IP address obtained after the router reboot. Do you still have an issue? If not you can sleep tight.

Reply | Quote