Posted: Mon Aug 23, 2021 23:31 Post subject: SAD DNS !
I ran across an article about SAD DNS and it seem to be quiet a serious problem regardless of the O/S. The first weaponise network side channel attack that has serious security impacts. How does one defend against this on a router.
Test Result
Your DNS server IP is 19x.xx.xxx.xx
It seems your DNS server is running Linux > 3.18
Since it is running DNS software that uses sendto() on the outgoing socket, your DNS server is vulnerable regardless which OS it runs.
The test currently only takes the side channel port scanning vulnerability into consideration. A successful attack may also require other features in the server (e.g., supporting cache).
The test is conducted on 2021-08-23
EA8500 running r47225 is my main gateway router and your link tells me:
Your DNS server IP is 45.76.254.23
It seems your DNS server is running Linux > 3.18
Since it is running the vulnerable version of OS that has not been patched yet, your DNS server is vulnerable.
The test currently only takes the side channel port scanning vulnerability into consideration. A successful attack may also require other features in the server (e.g., supporting cache).
The test is conducted on 2021-08-23 23:57:16.723540685 UTC
Disclaimer: This test is not 100% accurate and is for test purposes only.
--------
enabled her 'Recursive DNS Resolving (Unbound)' and this is what it now says:
--------
Your DNS server IP is 96.46.xxx.xxx (that is my WAN IP)
Since it blocks outgoing ICMP packets, your DNS server is not vulnerable.
The test currently only takes the side channel port scanning vulnerability into consideration. A successful attack may also require other features in the server (e.g., supporting cache).
The test is conducted on 2021-08-24 00:05:10.159349107 UTC
Disclaimer: This test is not 100% accurate and is for test purposes only.
--------
I used to run unbound all time & don't really remember why I ever quit...guess we'll see how it does these days
EA8500 running r47225 is my main gateway router and your link tells me:
--------
enabled her 'Recursive DNS Resolving (Unbound)' and this is what it now says:
--------
Thanks, I'll give another go with unbound my self.