Received email about open Domain Name System (DNS) resolver

Tutor

Received email about open Domain Name System (DNS) resolver

I have received the following email from AT&T twice now, about a month apart.  I have no idea what it means or what I should do about it.  Any help would be appreciated.   I have removed any personally identifiable information from the email, including the IP address.  I am using WPA2-Personal security and it is password protected.

 

Important computer safety notice from AT&T Internet Services Security Center - Open DNS Resolver Detected
SBC Account Number: ******** Primary Account Holder: *******
Dear ******** (Primary Account Holder),
AT&T has determined that a device using your Internet connection is configured to run an open Domain Name System (DNS) resolver. A DNS resolver was observed answering public queries at Jan 17, 2014 at 12:00 PM EST at the IP address 76.***.**.***. Our records indicate that this IP address was assigned to you at this time.
Open DNS resolvers can be used for network attacks, presenting additional load on your Internet access and resulting in unreliable service.
An open DNS resolver allows users on the Internet to perform DNS requests on your server. This is considered an insecure configuration and in the majority of cases, Internet subscribers should not operate an open DNS resolver. The open DNS resolver may be present due to a default operating system installation or system configuration issue. In some cases, network devices such as home wireless routers have flaws that expose DNS service to the Internet.
To address this problem we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
  1. If you use a wireless network, ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). In addition, ensure that the router is not configured to provide open DNS services(consult the manual for your specific hardware). Check the connections to the router and ensure that you recognize all connected devices.
  2. If your environment requires you to run an open DNS resolver, please limit access via an ACL, rate limiting, or another method to minimize abuse of your server. Visit http://www.team-cymru.org/Services/Resolvers/instructions.html for additional technical information on preventing abuse.
Thank you for your prompt attention to this matter. We welcome your feedback and questions on this matter. Please contact us at abuse@att.net with any questions you may have.

Regards,

AT&T Internet Services Security Center

Message 1 of 11 (1,809 Views)

Re: Received email about open Domain Name System (DNS) resolver

What type of devices do you have on your network?

 

Any home based webservers, FTP servers, game servers?

 

Do you have sufficient anti-virus/anti-malware software?

 

What model modem and/or router are you using?

 

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 2 of 11 (1,766 Views)
Tutor

Re: Received email about open Domain Name System (DNS) resolver

I have the following connected: 

 

1 desktop PC

2 laptops

Galaxy S-IV, 

2 Samsung smart TVs

PS3

2 Samsung Blu Ray players. 

 

As far as I know I do not have any servers of any kind connected. 

 

I am running Microsoft Security Essentials on the desktopn an both Laptops.  I also periodically run Avast on all 3 since thing are sometimes missed on one program but picked up on others.

 

My router/modem is an ActionTec  6T784WN

 

WIth all of my Samsung devices I also have AllShare installed.  I do not give permission to share content unless I am wanting to view something specific though.  I have not done this in months.

Message 3 of 11 (1,753 Views)

Re: Received email about open Domain Name System (DNS) resolver

I have received a similar email from AT&T. 

 

I reformatted my hard drive and reset my Actiontec modem (same model as yours) to factory settings.

 

Lo and behold I got another email from ATT saying the same thing! So obviously the problem wasn't fixed.

 

I now disconnected all the decices attached to the Actiontec - PC, laptops, video streamers, direct TV boxes, dvd, smartphones, etc. etc. 14 in all. So it was just the Actiontec connected to the net. I asked a tec friend to check and sure enough he said my system was sending out my IP address. 

 

So I wrote to ActionTec asking for suggestions - no response. I wrote to ATT@abuse.net telling them what I had done and asking for advice. 

 

No response. 

 

I dont know what the problem really is. Or what the risks are. Nor do I how to fix the problem. Would welcome help from this community.

 

Thank you.

 

  

Message 4 of 11 (1,725 Views)
Tutor

Re: Received email about open Domain Name System (DNS) resolver

Onespiceman,

 

Hopefully we will both get an answer to this here....

Message 5 of 11 (1,722 Views)

Re: Received email about open Domain Name System (DNS) resolver

Well it appears that several ISPs (not just AT&T) have issues with ActionTec modem/routers as a lot of people using them gets the scary letter about an open DNS resolver.

 

According to ActionTec they do not use an open resolver on their modems, but the ISPs send those letters to everyone using their modems.

 

Must just be picking on them.

 

As there are no manuals available from ActionTec, I can't tell you what settings in the modem could be causing this.

 

 


My suggestion is to ditch the ActionTec.

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 6 of 11 (1,711 Views)
Tutor

Re: Received email about open Domain Name System (DNS) resolver

Hmmm...not really an option for me right now as I am off on disablity and my income is down right now.  I will definitely put it on the list for replacement though.  Any suggestions for good ones that are pretty easy to set up? 

Message 7 of 11 (1,703 Views)
Highlighted

Re: Received email about open Domain Name System (DNS) resolver


audio51 wrote:

Hmmm...not really an option for me right now as I am off on disablity and my income is down right now.  I will definitely put it on the list for replacement though.  Any suggestions for good ones that are pretty easy to set up? 


 

Let me see if I can get you some help on that.

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 8 of 11 (1,696 Views)
Tutor

Re: Received email about open Domain Name System (DNS) resolver

Thanks!  Smiley Happy

Message 9 of 11 (1,687 Views)

Re: Received email about open Domain Name System (DNS) resolver

An update to my earlier posting.

 

I hired a Network Technician - Cost me $100. He did the following:

 

  • He brought a One Touch Network Analyzer with him and attached it to the Actiontec.
  • He brought network analysis software called Cascade Pilot. 
  • Changed a number of Actiontec settings to make it more secure:
  • Turned off WPS and DMZ
  • Changed the ATT DNS servers to Google servers: 8.8.8.8 and 8.8.4.4
  • I was forwarding my IP using "changeip.com" - deleted it.
  • Turned off DDNS 
  • Turned off IGMP proxy
  • Addred Modem/Router Admin password 

His software indicated a high volume of traffic on Ipv6. Apparently that is Direct TV connections to the router for the Whole House Direct TV.

 

  • Disconected everything from the router
  • Closed two ports that were open for remote desktop access.
  • No solution to the issue.
  • Disbled NAT - this stopped the internet.

Pulled out the modem router substituted it with a Mororola Modem/router - PROBLEM SOLVED!

 

There is no manual so I and the tech are forced to speculate. This is a China build modem. Could it b e that there is an issue with the firmware - either by mistake or delibrately to leave a backdoor open? 

 

Message 10 of 11 (1,659 Views)

Re: Received email about open Domain Name System (DNS) resolver


audio51 wrote:

Thanks!  Smiley Happy


 

 

@audio51  I sent you a message, click blue envelope to read it.  List Private Messages

 

 

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                              

Message 11 of 11 (1,628 Views)