CPE dns hijacking malware

• Previous message (by thread): CPE dns hijacking malware
• Next message (by thread): CPE dns hijacking malware
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Date: Tue, 12 Nov 2013 06:35:51 +0000
> From: "Dobbins, Roland" <rdobbins at arbor.net>
> To: NANOG list <nanog at nanog.org>
> Subject: Re: CPE  dns hijacking malware
>
>
> On Nov 12, 2013, at 1:17 PM, Jeff Kell <jeff-kell at utc.edu> wrote:
>
> > (2) DHCP hijacking daemon installed on the client, supplying the hijacker's DNS servers on a DHCP renewal.  Have seen both, the latter being more
> > common, and the latter will expand across the entire home subnet in time (based on your lease interval)
>
> I'd (perhaps wrongly) assumed that this probably wasn't the case, as the OP referred to the CPE devices themselves as being malconfigured; it would be helpful to know if the OP can supply more information, and whether or not he'd a chance to examine the affected CPE/end-customer setups.
>

I have encountered a family members provider supplied CPE that had the
web server exposed on the public interface with default credentials still
in place. It's probably more common than one would expect.

-- 
Matthew Galgoci
Network Operations
Red Hat, Inc
919.754.3700 x44155
------------------------------
"It's not whether you get knocked down, it's whether you get up." - Vince Lombardi

• Previous message (by thread): CPE dns hijacking malware
• Next message (by thread): CPE dns hijacking malware
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]