|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Tue, 12 Nov 2013 15:57:20 +0000 (UTC) From: Matthew Galgoci <mgalgoci@redhat.com> To: "Dobbins, Roland" <rdobbins@arbor.net> In-Reply-To: <8A641596-C43E-497C-B736-C794C3250930@arbor.net> Cc: NANOG list <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org > Date: Tue, 12 Nov 2013 06:35:51 +0000 > From: "Dobbins, Roland" <rdobbins@arbor.net> > To: NANOG list <nanog@nanog.org> > Subject: Re: CPE dns hijacking malware > > > On Nov 12, 2013, at 1:17 PM, Jeff Kell <jeff-kell@utc.edu> wrote: > > > (2) DHCP hijacking daemon installed on the client, supplying the hijacker's DNS servers on a DHCP renewal. Have seen both, the latter being more > > common, and the latter will expand across the entire home subnet in time (based on your lease interval) > > I'd (perhaps wrongly) assumed that this probably wasn't the case, as the OP referred to the CPE devices themselves as being malconfigured; it would be helpful to know if the OP can supply more information, and whether or not he'd a chance to examine the affected CPE/end-customer setups. > I have encountered a family members provider supplied CPE that had the web server exposed on the public interface with default credentials still in place. It's probably more common than one would expect. -- Matthew Galgoci Network Operations Red Hat, Inc 919.754.3700 x44155 ------------------------------ "It's not whether you get knocked down, it's whether you get up." - Vince Lombardi
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |