skip to Main Content

m0n0wall & DNS Vulnerability

It appears that Dan Kaminsky’s DNS vulnerability is now out in the open. Or maybe it isn’t. Who knows. There was a lot of noise about vendors and ISPs dealing with patches, etc.

Happily, it appears that m0n0wall is not significantly affected. Manuel Kasper made a post on the user mailing list some time ago announcing v1.3b13-pre with an update to Dnsmasq. I installed this today without incident.

Words cannot express how much I appreciate m0n0wall. It’s simply fantastic for SOHO situations like my office.

This Post Has 2 Comments
  1. A related note, with the new DNS port randomization some people are having problems with SIP/RTP configurations and wide UDP port forwardings, like asterisk’s default of 10000-20000.

    The results is random DNS failures when it collides with the wide RTP port forwards.

    A solution is to reduce the size of your RTP port range in rtp.conf (rtpstart and rtpend) and your inbound NAT forwarding settings in m0n0wall.

    Lonnie

Comments are closed.

Back To Top