Abuse of CPE Devices and Recommended Fixes
August 2014 • Presentation
Paul Vixie, Chris Hallenbeck, Jonathan Spring
In this Black Hat 2014 presentation, the authors provide recommendations for addressing problems related to poor management of Consumer Premise Equipment (CPE).
Software Engineering Institute
Customer Premise Equipment (CPE) connects the customer's network to the service provider. This used to be as simple as a Bell Atlantic telephone, but in the modern age it includes many device types. Focusing on home Internet routers, we demonstrate some of the present dangers of the current CPE environment and possible solutions.
Namely, CPE can be used by adversaries to amplify and anonymize their denial of service (DoS) attacks, and the CPE itself can be compromised as part of an attack to redirect the customer's Internet traffic for illicit gains. The scope of this problem is large: Of the 22 million open domain name system (DNS) resolvers connected to the Internet as of May 2014, the majority are on connections indicative of home Internet users.
Misconfigured or outdated routers and CPE present essentially a public health hazard to the Internet. The poor digital hygiene of these devices (relatively few in the scope of the Internet) threatens the general enjoyment of the resource for any given Internet user, given the ease with which the misconfigured CPE can be abused to amplify attacks.
In order to counter this threat, we present three recommendations: (1) provide for continuous software upgrades of CPE, (2) implement source address validation (i.e., Best Current Practices document 38 and/or 84), and (3) encourage the community to incentivize manufacturers and providers to take responsibility for the results of poor configuration and design choices.
In this presentation, given at Black Hat USA 2014, the authors provide recommendations for addressing problems related to poor management of Consumer Premise Equipment (CPE).