On Tue, Aug 3, 2010 at 3:25 AM, Tortise <tort...@paradise.net.nz> wrote: > > ----- Original Message ----- From: "John Dakos" <gda...@enovation.gr> > To: <discussion@pfsense.com> > Sent: Tuesday, August 03, 2010 6:57 PM > Subject: RE: [pfSense-discussion] article: Millions of Home Routers at Risk > > > Re pf.jpg can someone clarify what a Yes in the right column represents > please: > > a) Yes the router was successful in preventing the attack > b) Yes the attack was shown to succeed > c) Something else (just in case...) > > Obviously if it is b) then that is different to the quoted article....
pfSense 1.2.3 does not protect against DNS rebind attacks. The vulnerability does not imply that the firewall(s)/routers themselves are open for compromise, only that they don't help protect against the attack (which potentially allows for external access of _any_ web server, not just the firewall). pfSense 2.0 uses a newer version of dnsmasq that allows us to help protect the network (_IF_ pfSense is the DNS server for your network, if it's not, this protection is up to your DNS server to provide). Further, we also detect the hostname used to connect to the web interface and if it's not a previously known name, you will be notified that something is amiss. Again, to be clear. What this attack allows is an outside attacker to gain the ability to access an internally available web site - it does not itself grant the ability to login to the site. Compromise of the web site/application would require other pre-existing vulnerabilities (in application, browser, etc). An attack against the web interface of pfSense itself would have to include as of yet unknown web UI vulnerabilities. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org