DNS Cache Poisoning....

[|tera|]

tera, just keep in mind that a router loses a lot of its "protective properties" if you are running bridge/half-bridge connections.

Not sure how the DNS attacks work from a technical perspective, so I don't know whether the router firewall/NAT will catch it.

The router usually runs in normal PPPoE mode set on the router itself. The times the attacks occurred I wasn't connected via half bridge either.

My logic says if a software firewall like zone alarm etc. can block the attack, so should the router. In actual fact, why pay thousands upon thousands of rands for pure hardware firewalls if the hardware isn't capable of protecting you?

 

[Amida]

SAIX were supposed to patch their servers, but many of them aren't.

Problem is though, companies like Billion just pass the buck and tell us to use a software firewall, which isn't the way it works.

As the internet shows, these DNS attacks didn't originate from 2008, it's been documented for a few years. Billion is just too lazy to update their firmware, thereby their firewall software on the router, so they tell me to use a static DNS or software firewall.

Stuff that man. I will use a software firewall, because at least those companies give a damn to stay up to times with the current threats, but this will be the last Billion router I buy ever, won't recommend them either.

These small sme routers like the Billions that you are using doesn't have a built in DNS server it only supports a DNS client. So all the router is doing is asking Telkom's DNS servers what the IP address is for a certain DNS name.

I don't see how that router can detect that the information it receives from the DNS server has been poisoned.

But maybe my understanding is wrong and you can give me a better idea of how this works?