DNS DoS
Just1n1
Enthusiast - Level 1

Hello Community,

My customer has Verizon DSL using the Actiontec GT784WN modem router.  I maintain my customer's information systems, network, and security.  The modem has a denial of service (DoS) vulnerability (CVE-2004-0789) were a ping-pong attack could occur between two vulnerable servers, causing a DoS. 

Greenbone, the vulnerability scanner, states that there is a vulnerability fix, but it has the latest firmware at dot 22 released from Verizon.  I am afraid to install the Actiontec update as that may prevent the device from working with Verizon and I am not sure if that will actually fix the problem. 

The best thing to do is turn off the DNS server in the device, but there is no option for that in the GUI.  We do not need that since there is an alternate DHCP and DNS server on the network.  Is there a way to disable DNS on the GT784WN?

Justin

Tags (3)
0 Likes
1 Solution

Correct answers
Re: DNS DoS
dslr595148
Community Leader
Community Leader

This is one way to do that. There might be another way.

#1 Get a seperate NAT router (RJ-45 WAN port).

Note: This could be a hardware device (like a Linksys) or DIY.

REF for DIY include but is not limited to the following:

a) https://www.dslreports.com/shownews/118897

b) http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/

c) http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/

d) https://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-c...

#2 Make sure that the WAN port of the seperate NAT router with the RJ-45 WAN port works.

#3 Put the modem into bridge mode.

#4 Reconfigure your seperate NAT router with the RJ-45 WAN port, for the type of connection that your have.

#5 Profit 🙂

View solution in original post

Re: DNS DoS
dslr595148
Community Leader
Community Leader

This is one way to do that. There might be another way.

#1 Get a seperate NAT router (RJ-45 WAN port).

Note: This could be a hardware device (like a Linksys) or DIY.

REF for DIY include but is not limited to the following:

a) https://www.dslreports.com/shownews/118897

b) http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/

c) http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/

d) https://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-c...

#2 Make sure that the WAN port of the seperate NAT router with the RJ-45 WAN port works.

#3 Put the modem into bridge mode.

#4 Reconfigure your seperate NAT router with the RJ-45 WAN port, for the type of connection that your have.

#5 Profit 🙂

Re: DNS DoS
Just1n1
Enthusiast - Level 1

Thank you for the reply.   I thought about that and that would definitely fix the vulnerability my scanner found.  Unfortunately, my customer is just not that into security and I do not see the need for the additional equipment for that business.  Just hoping Verizon or Actiontec could release an update with controls that most other developers offer.  Thanks for the thoughts.

Re: DNS DoS
dslr595148
Community Leader
Community Leader

@Just1n wrote:

Thank you for the reply.   I thought about that and that would definitely fix the vulnerability my scanner found.  Unfortunately, my customer is just not that into security and I do not see the need for the additional equipment for that business.  Just hoping Verizon or Actiontec could release an update with controls that most other developers offer.  Thanks for the thoughts.

Points to https://www.routersecurity.org/ISProuters.php

That is not say that you can not use the ISP's provided modem. It means my suggestion about what to do in the ISP's provided modem.

0 Likes