Do Comcast DNS Servers Have a Security Problem?

Is that a Comcast DNS server connecting to my instance over RDP?

Teri Radichel

--

See the issues in this blog post:

I think I’m seeing that but perhaps someone can explain otherwise.

Note that I’ve written before about the insecurity of the certs used by xrdp. That should be fixed.

I also recently noted the problems I had with the Let’s Encrypt validation process (I don’t like the random IP addresses connecting to my system) and the fact that AWS TLS certificates cannot terminate on an EC2 instance so your traffic is only encrypted from the client to the AWS service, not from the AWS service to your host — with a TLS certificate that you own and control — unless you take additional steps.

Everyone’s using encryption but do they really understand what’s going on and how it works?

So if xrdp encryption or the Let’s encrypt process is not secure does that lead to a potential MITM involving a Comcast DNS server? I don’t know. I’ll let Comcast figure that out. I locked out that server from my network. It was locked out to begin with but I temporarily “just for a minute” unlocked it to try to test out the Let’s Encrypt…

--

--

Teri Radichel

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE 240 etc | IANS | SANS Difference Makers Award