×

Switch Account

DNS DoS

SOLVED
Reply
Highlighted
Contributor Just1n
Contributor
Posts: 3
Registered: ‎09-24-2019
Message 1 of 4
(514 Views)

Hello Community,

 

My customer has Verizon DSL using the Actiontec GT784WN modem router.  I maintain my customer's information systems, network, and security.  The modem has a denial of service (DoS) vulnerability (CVE-2004-0789) were a ping-pong attack could occur between two vulnerable servers, causing a DoS. 

 

Greenbone, the vulnerability scanner, states that there is a vulnerability fix, but it has the latest firmware at dot 22 released from Verizon.  I am afraid to install the Actiontec update as that may prevent the device from working with Verizon and I am not sure if that will actually fix the problem. 

 

The best thing to do is turn off the DNS server in the device, but there is no option for that in the GUI.  We do not need that since there is an alternate DHCP and DNS server on the network.  Is there a way to disable DNS on the GT784WN?

 

Justin

3 REPLIES 3
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 5,739
Registered: ‎09-24-2008
Message 2 of 4
(467 Views)

This is one way to do that. There might be another way.

 

#1 Get a seperate NAT router (RJ-45 WAN port).

 

Note: This could be a hardware device (like a Linksys) or DIY.

 

REF for DIY include but is not limited to the following:

 

a) https://www.dslreports.com/shownews/118897

 

b) http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/

 

c) http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/

 

d) https://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-c...

 

#2 Make sure that the WAN port of the seperate NAT router with the RJ-45 WAN port works.

 

#3 Put the modem into bridge mode.

 

#4 Reconfigure your seperate NAT router with the RJ-45 WAN port, for the type of connection that your have.

 

#5 Profit Smiley Happy

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

Contributor Just1n
Contributor
Posts: 3
Registered: ‎09-24-2019
Message 3 of 4
(458 Views)

Thank you for the reply.   I thought about that and that would definitely fix the vulnerability my scanner found.  Unfortunately, my customer is just not that into security and I do not see the need for the additional equipment for that business.  Just hoping Verizon or Actiontec could release an update with controls that most other developers offer.  Thanks for the thoughts.

 

 

Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 5,739
Registered: ‎09-24-2008
Message 4 of 4
(337 Views)

@Just1n wrote:

Thank you for the reply.   I thought about that and that would definitely fix the vulnerability my scanner found.  Unfortunately, my customer is just not that into security and I do not see the need for the additional equipment for that business.  Just hoping Verizon or Actiontec could release an update with controls that most other developers offer.  Thanks for the thoughts.

 

 

Points to https://www.routersecurity.org/ISProuters.php

 

That is not say that you can not use the ISP's provided modem. It means my suggestion about what to do in the ISP's provided modem.

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.