#14951: Configure dnsmasq to NOT be an open resolver
------------------------+-----------------------------------------
Reporter: anonymous | Owner: developers
Type: defect | Status: reopened
Priority: high | Milestone: Attitude Adjustment 12.09.1
Component: packages | Version: Trunk
Resolution: | Keywords:
------------------------+-----------------------------------------
Comment (by anonymous):
i'm using default configuration in latest trunk and this still isn't
fixed.
i don't care much if it will accept requests from lan only hosts or from
all hosts, the main issue here is it is listening on wwan interface and a
simple nmap scan from wan/wwan side reveals exact dnsmasq version used:
{{{
Starting Nmap 5.00 ( http://nmap.org ) at 2015-09-05 14:45 CEST
NSE: Loaded 30 scripts for scanning.
Initiating Ping Scan at 14:45
Scanning 192.168.0.42 [2 ports]
Completed Ping Scan at 14:45, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:45
Completed Parallel DNS resolution of 1 host. at 14:45, 0.02s elapsed
Initiating Connect Scan at 14:45
Scanning 192.168.0.42 [1000 ports]
Discovered open port 53/tcp on 192.168.0.42
Increasing send delay for 192.168.0.42 from 0 to 5 due to 41 out of 136
dropped probes since last increase.
Increasing send delay for 192.168.0.42 from 5 to 10 due to 25 out of 81
dropped probes since last increase.
Increasing send delay for 192.168.0.42 from 10 to 20 due to 11 out of 18
dropped probes since last increase.
Increasing send delay for 192.168.0.42 from 20 to 40 due to 11 out of 27
dropped probes since last increase.
Completed Connect Scan at 14:45, 38.15s elapsed (1000 total ports)
Initiating Service scan at 14:45
Scanning 1 service on 192.168.0.42
Completed Service scan at 14:46, 6.01s elapsed (1 service on 1 host)
NSE: Script scanning 192.168.0.42.
NSE: Starting runlevel 1 scan
Initiating NSE at 14:46
Completed NSE at 14:46, 0.00s elapsed
NSE: Script Scanning completed.
Host 192.168.0.42 is up (0.00057s latency).
Interesting ports on 192.168.0.42:
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
'''53/tcp open domain dnsmasq 2.75
'''
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 44.35 seconds
ubuntu@ubuntu:~$
}}}
--
Ticket URL: <https://dev.openwrt.org/ticket/14951#comment:17>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
