NAME:WRECK is a collection of vulnerabilities in DNS implementations, discovered by Forescout and JSOF Research. This body of research can be seen as a continuation of Ripple20 and AMNESIA:33, as it builds on a class of vulnerability discovered in other network stacks, problems with DNS message compression.
Their PDF Whitepaper contains a brief primer on the DNS message format, which is useful for understanding the class of problem. In such a message, a DNS name is encoded with a length-value scheme, with each full name ending in a null byte. So in a DNS Request, Hackaday.com would get represented as
[0x08]Hackaday[0x03]com[0x00]. The dots get replaced by these length values, and it makes for an easily parsable format.
Very early on, it was decided that continually repeating the same host names in a DNS message was wasteful of space, so a compression scheme was devised. DNS compression takes advantage of the maximum host/domain length of 63 characters. This max size means that the binary representation of that length value will never contain “1”s in the first two digits. Since it can never be used, length values starting with a binary “11” are used to point to a previously occurring domain name. The 14 bits that follow this two bit flag are known as a compression pointer, and represent a byte offset from the beginning of the message. The DNS message parser pulls the intended value from that location, and then continues parsing.
The problems found were generally based around improper validation. For example, the NetX stack doesn’t check whether the compression pointer points at itself. This scenario leads to a tight infinite loop, a classic DoS attack. Other systems don’t properly validate the location being referenced, leading to data copy past the allocated buffer, leading to remote code execution (RCE). FreeBSD has this issue, but because it’s tied to DHCP packets, the vulnerability can only be exploited by a device on the local network. While looking for message compression issues, they also found a handful of vulnerabilities in DNS response parsing that aren’t directly related to compression. The most notable here being an RCE in Seimens’ Nucleus Net stack. Continue reading “This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More”
Internet connections continue to increase in speed, and for a lucky few, it’s possible to get a Gigabit fibre connection at home. However, if you’re intending to use this connection to its fullest, you might find that your off-the-shelf router has become a bit of a bottleneck. [Wes Fenlon] of PC Gamer had this very problem, and found the perfect workaround – building a custom router instead!
The main problem with commodity routers is a lack of processing power. With networks growing ever faster, the hardware in routers hasn’t kept up with the needs of demanding power users. To solve this, [Wes] grabbed an old PC he had lying around, packing a quad-core i5 CPU and 16 GB of RAM. Fitted with an enterprise-grade 4-port Gigabit LAN card, and running
Netgear’s (Sorry commenteers!) Netgate’s pfSense routing software, the old machine has enough power to be complete overkill for the application.
The side benefit of this method is configurability. pfSense has a far more powerful set of options than most common routers. It’s config page also runs far more smoothly, too. There’s also the possibility to run all sorts of useful plugins, like router-level ad blockers and traffic monitoring utilities.
Overall, it’s a great way to repurpose a surplus machine and improve your network performance on the cheap. Others have tried similar builds, too. It has us contemplating the possibilities for our own networks at home!
It seems the older I get, the density of broken and/or old laptops on my garage grows. That’s one of the reasons it’s interesting to know which projects are being made to bring back to life these things. [zigzagjoe] sent us an interesting project he made out of a Lenovo Yoga 2 motherboard: a pfsense router/firewall.
The laptop was damaged, but the main board was functioning just fine. What started as adding an old Pentium heatsink to it and see how good it would work, escalated to a fully working, WiFi, 4 port gigabyte NIC, 3D printed case firewall. The board had PCI-E via an M.2 A/E key slot for the WiFi module but [zigzagjoe] need a normal PCI-E slot to connect the quad-port NIC. He decided to hand solder the M.2 A/E (WiFi card) to have a PCI-E 1x breakout since his searches for an adapter came out empty or too expensive. For storage, he chose 16GB SanDisk U100 Server half-slim SSD for its power efficiency. Once again, the SSD cable had to be hacked as the laptop originally used a super-slim HDD with a non-standard connector. The enclosure was then designed and 3D printed.
But [zigzagjoe] went further to optimize his brand new router/firewall. On the project documentation, we can see a lot of different modifications went into building it, such as bios modification for new WiFi modules to work, an Attiny85 fan driver for extra cooling, a 45W PSU inside the case and other interesting hacks.
This is not your typical laptop to firewall hack, that’s for sure.
Continue reading “Broken Yoga Becomes Firewall”