Do Comcast DNS Servers Have a Security Problem?

Is that a Comcast DNS server connecting to my instance over RDP?

Teri Radichel

--

See the issues in this blog post:

I think I’m seeing that but perhaps someone can explain otherwise.

Note that I’ve written before about the insecurity of the certs used by xrdp. That should be fixed.

I also recently noted the problems I had with the Let’s Encrypt validation process (I don’t like the random IP addresses connecting to my system) and the fact that AWS TLS certificates cannot terminate on an EC2 instance so your traffic is only encrypted from the client to the AWS service, not from the AWS service to your host — with a TLS certificate that you own and control — unless you take additional steps.

Everyone’s using encryption but do they really understand what’s going on and how it works?

So if xrdp encryption or the Let’s encrypt process is not secure does that lead to a potential MITM involving a Comcast DNS server? I don’t know. I’ll let Comcast figure that out. I locked out that server from my network. It was locked out to begin with but I temporarily “just for a minute” unlocked it to try to test out the Let’s Encrypt validation process …and that’s how misconfigurations and other security problems occur.

The other problem is that I have to open up a separate network to get to GitHub with random CIDRs to download code. I wrote about how to create a prefix list but that only works in your AWS security groups not NACLs.

So many overly complicated and esoteric things to fix in what should be a more straightforward way to configure secure solutions.

More posts on network security:

More posts on encryption:

--

--

Teri Radichel

CEO 2nd Sight Lab | Penetration Testing & Assessments | AWS Hero | Masters of Infosec & Software Engineering | GSE, etc. | IANS | SANS Difference Makers Award