I have lived in my home for over 5 years and have not had an issue before but I have received two messages from ATT in two weeks. I had a hidden network, WPA2, and complex password. received the 1st message, verified that ATT was correct (See note and test from my IT Department at the end of the message), reset the DSL modem, changed and hid the network name again, and changed password to more complex password. I reran the test to verify the Open DNS was gone. a week later I got the message again from ATT.
I recently connected my Tesla MS to my wifi which is why I am asking the group if they have seen this on their wifi. perhaps it is something else but seem odd to me since I just connected the MS. I will reset again and not connect the MS to see if comes back next week or not.
AT&T has determined that a device using your Internet connection is configured to run an open Domain Name System (DNS) resolver. A DNS resolver was observed answering public queries at Jan 17, 2014 at 2:28 PM EST at the IP address 98.85.104.160. Our records indicate that this IP address was assigned to you at this time.
Open DNS resolvers can be used for network attacks, presenting additional load on your Internet access and resulting in unreliable service.
An open DNS resolver allows users on the Internet to perform DNS requests on your server. This is considered an insecure configuration and in the majority of cases, Internet subscribers should not operate an open DNS resolver. The open DNS resolver may be present due to a default operating system installation or system configuration issue. In some cases, network devices such as home wireless routers have flaws that expose DNS service to the Internet.
To address this problem we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
- If you use a wireless network, ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). In addition, ensure that the router is not configured to provide open DNS services (consult the manual for your specific hardware). Check the connections to the router and ensure that you recognize all connected devices.
- If your environment requires you to run an open DNS resolver, please limit access via an ACL, rate limiting, or another method to minimize abuse of your server. Visit http://www.team-cymru.org/Services/Resolvers/instructions.html for additional technical information on preventing abuse.
Regards,
AT&T Internet Services Security Center
Open DNS test results for 98.85.104.160:
Port: 53
Protocol: udp
Logs:
; <<>> Net:NS:ig 0.07 <<>> -t a openrelaytest.abuse-att.net.
;;
;; Got answer.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23837
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;openrelaytest.abuse-att.net. IN A
;; ANSWER SECTION:
openrelaytest.abuse-att.net. 10 IN A 127.0.0.2
;; Query time: 69 ms
;; SERVER: 98.85.104.160# 53(98.85.104.160)
;; WHEN: Fri Jan 17 14:28:11 2014
;; MSG SIZE rcvd: 61 -- XFR size: 2 records
From my IT Department:
You could also try to do some proactive searching to see if you can find the open resolver (if it actively exists at this point). You can find you current IP address in your router or by using a site such as this (http://whatismyipaddress.com/). Once you have that you could use a tool such as this (http://www.openresolver.com/ or this http://www.thinkbroadband.com/tools/dnscheck.html) to test for open DNS resolvers.