Cable Haunt and IPFire

ipfire_user · 17 January 2020 12:36

A recent vulnerability impacts many cable modems: https://cablehaunt.com/

In most instances, firmware updates will come from ISPs to correct the issue so there isn’t much end users can do in the interim regarding patching.

Questions in relation to IPFire:

There are some mentions of attacking via DNS rebind. I think I recall IPFire having some DNS rebind protections on by default. Is that still the case with unbound?

Secondly, based on a default IPFire install with a cable modem attached to the Red Network, I’d think that such attacks wouldn’t be able to get to the private IP address of the cable modem (via a browser attack by a malicious site of a user on the green network) as by default wouldn’t IPFire block such forwards?

Thanks for any light anyone can shed.

ms · 19 January 2020 18:01

The modem can probably be reached by a client from the GREEN or BLUE subnets.

If IPFire connects to the DNS service running on that modem, then this is always a danger. DNSSEC would protect you from accessing any malicious websites if the domain has it enabled. Most likely that is not the case.

So you will have to make sure your modem is updated with a fixed firmware.

ipfire_user · 20 January 2020 13:05

Thank you for the response!