Slashdot ran a thread about a Linksys DOS vulnerability last week (http://slashdot.org/article.pl?sid=02/11/07/0324213&mode=thread&tid=172), so I decided to update the firmware in my Linksys BEFSR81 to the latest, even though the '81 wasn't specifically mentioned as being vulnerable.

However, after updating my Linksys BEFSR81 firmware from version 2.40.2 to version 2.42.7.1, the router no longer processes DNS queries.

My ISP gives out IP data via DHCP. On my small LAN, I use DHCP for all clients except for my server (file server, not web server). For the server I permanently assigned IP address (192.168.x.x, not interfering with the addresses the router's DHCP gives out), mask, and DNS data. For DNS IP address(es), I used the address of the router as if it were a DNS server. This worked fine under 2.40.2 - the router passed on DNS queries to the DNS server it was given by the ISP's DHCP, and passed answers back. No problems.

When I updated the firmware to version 2.42.7.1, however, this DNS processing was broken. Trying to get to a web page from the server using, for example, "http://www.google.com" would hang and eventually get a "page not available" error. Trying a google IP address, "http://216.239.51.101", worked fine. (This only affects the server; on my client machines, either way works fine. The clients, of course, query the DNS servers the ISP's DHCP gave out directly.)

Since I don't want to have to watch the ISP's DNS address and change the server's setup data whenever it changes, is there anything else I can do? Other than going back to 2.40.2, which I assume is vulnerable to the DOS problem?

A couple of comments.

1. The article says an attacker would normally have to already be on your LAN or get into the remote access to the router (so change the router admin name and password) - maybe you can disable remote admin access?. You could ask Linksys to comment. Also log your DNS fault with them.

2. If you want to keep the latest version cannot you manually input the DNS addresses. It is quite rare that they change. Not ideal but its all I can think of.

Thanks for your prompt reply.

I've emailed Linksys, but haven't received a response from them (which I gather isn't unusual). I'll post a reply if I get any better answer from them.

I'd manually input the DNS addresses as they change except this is for a small non-profit office that I'm just helping out as a volunteer, I only go in occasionally, and they don't know enough to do it themselves. I may have to write up a tutorial for them to do it, I suppose.

Anyway, thanks again.

try accessing the web based utility of your router and go to the advance. scroll down and look if your MTU is disabled. if it is disabled enable the MTU and on the size type 1492 and enable the Multi-cast past through. after that do a power cycle by powering off everything

computer -->router -->modem
after 1 minute power on the modem make sure that you get a stable lights from the modem before powering on the rest. and try accessing any site and see if your computer still locks up