Cable Haunt and IPFire

A recent vulnerability impacts many cable modems:

In most instances, firmware updates will come from ISPs to correct the issue so there isn’t much end users can do in the interim regarding patching.

Questions in relation to IPFire:

There are some mentions of attacking via DNS rebind. I think I recall IPFire having some DNS rebind protections on by default. Is that still the case with unbound?

Secondly, based on a default IPFire install with a cable modem attached to the Red Network, I’d think that such attacks wouldn’t be able to get to the private IP address of the cable modem (via a browser attack by a malicious site of a user on the green network) as by default wouldn’t IPFire block such forwards?

Thanks for any light anyone can shed.

1 Like

The modem can probably be reached by a client from the GREEN or BLUE subnets.

If IPFire connects to the DNS service running on that modem, then this is always a danger. DNSSEC would protect you from accessing any malicious websites if the domain has it enabled. Most likely that is not the case.

So you will have to make sure your modem is updated with a fixed firmware.

Thank you for the response!

1 Like