Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

(resolved) WiFi breach from Tesla MS connection? (no)

This site may earn commission on affiliate links.

I have lived in my home for over 5 years and have not had an issue before but I have received two messages from ATT in two weeks. I had a hidden network, WPA2, and complex password. received the 1st message, verified that ATT was correct (See note and test from my IT Department at the end of the message), reset the DSL modem, changed and hid the network name again, and changed password to more complex password. I reran the test to verify the Open DNS was gone. a week later I got the message again from ATT.

I recently connected my Tesla MS to my wifi which is why I am asking the group if they have seen this on their wifi. perhaps it is something else but seem odd to me since I just connected the MS. I will reset again and not connect the MS to see if comes back next week or not.


AT&T has determined that a device using your Internet connection is configured to run an open Domain Name System (DNS) resolver. A DNS resolver was observed answering public queries at Jan 17, 2014 at 2:28 PM EST at the IP address 98.85.104.160. Our records indicate that this IP address was assigned to you at this time.

Open DNS resolvers can be used for network attacks, presenting additional load on your Internet access and resulting in unreliable service.

An open DNS resolver allows users on the Internet to perform DNS requests on your server. This is considered an insecure configuration and in the majority of cases, Internet subscribers should not operate an open DNS resolver. The open DNS resolver may be present due to a default operating system installation or system configuration issue. In some cases, network devices such as home wireless routers have flaws that expose DNS service to the Internet.

To address this problem we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

  1. If you use a wireless network, ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). In addition, ensure that the router is not configured to provide open DNS services (consult the manual for your specific hardware). Check the connections to the router and ensure that you recognize all connected devices.
  2. If your environment requires you to run an open DNS resolver, please limit access via an ACL, rate limiting, or another method to minimize abuse of your server. Visit http://www.team-cymru.org/Services/Resolvers/instructions.html for additional technical information on preventing abuse.
Thank you for your prompt attention to this matter. We welcome your feedback and questions on this matter. Please contact us at [email protected] with any questions you may have.
Regards,
AT&T Internet Services Security Center
Open DNS test results for 98.85.104.160:

Port: 53
Protocol: udp
Logs:
; <<>> Net::DNS::Dig 0.07 <<>> -t a openrelaytest.abuse-att.net.
;;
;; Got answer.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23837
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;openrelaytest.abuse-att.net. IN A

;; ANSWER SECTION:
openrelaytest.abuse-att.net. 10 IN A 127.0.0.2

;; Query time: 69 ms
;; SERVER: 98.85.104.160# 53(98.85.104.160)
;; WHEN: Fri Jan 17 14:28:11 2014
;; MSG SIZE rcvd: 61 -- XFR size: 2 records



From my IT Department:


You could also try to do some proactive searching to see if you can find the open resolver (if it actively exists at this point). You can find you current IP address in your router or by using a site such as this (http://whatismyipaddress.com/). Once you have that you could use a tool such as this (http://www.openresolver.com/ or this http://www.thinkbroadband.com/tools/dnscheck.html) to test for open DNS resolvers.
 
FWIW I just tested mine:

Recursive resolver is not detected on 173.163.11.166

IP address 173.163.11.166 is not vulnerable to DNS Amplification attacks.

Granted, my S is likely sleeping. I'll try again after waking.

*edit* woke the car and tried again, no issue. I'll try again later after being in the car and verifying it's on wifi.
 
A reverse IP lookup says that 98.85.104.160 is a Bell South ADSL address (given as Winter Park, which could just be Bell South's server location). It could simply be that your router is acting as an open dns resolver and they hadn't told you before.

Open DNS resolvers are used for DDOS attacks,
 
I assume your router is performing NAT for all of your devices. For an open DNS resolver to be reachable from the Internet your router would need to port forward UDP/53 to that device. Presuming that you haven't manually configured port forwarding, I would look to see if you have uPNP running. uPNP allows a device behind a NAT to ask your router to port forward. If this is the case, one of your machines likely has a virus.

Lastly, as someone else suggested, it could be the router itself that has an open DNS resolver. You should double check your config. Many routers intended for home use will act as an open resolver for the devices behind it. It's possible your router has been misconfigured to enable this service on the WAN port (i.e. the Internet.)
 
@andrewket - I was checking the other settings and found port forwarding on the UPnS was being done. I disabled UPnS and limited access to the to the wireless to MAC ids. I will run some test looking for a virus.

thanks for everyone troubleshooting help.
 
Looks like you have this sorted out, but just for your info - I have scanned for open ports on my car while it's on wifi and recorded all of the network traffic to and from it over long periods of time, including during software updates and there is nothing of any interest open to the network. The majority of the communications with Tesla happen over a VPN and there are no open ports other than one associated with DCHP. They seem to have the car locked down very well.