Receive up to $504 promo credit ($180 w/Welcome Unlimited, $360 w/ 5G Start, or $504 w/5G Do More, 5G Play More, 5G Get More or One Unlimited for iPhone plan (Welcome Unlimited and One Unlimited for iPhone plans can't be mixed w/other Unlimited plans; all lines on the account req'd on respective plans)) when you add a new smartphone line with your own 4G/5G smartphone on an eligible postpaid plan between 2/10/23 and 4/5/23. Promo credit applied over 36 months; promo credits end if eligibility requirements are no longer met.
$699.99 (128 GB only) device payment purchase or full retail purchase w/ new smartphone line on One Unlimited for iPhone (all lines on account req'd on plan), 5G Start, 5G Do More, 5G Play More or 5G Get More plan req'd. Less $699.99 promo credit applied over 36 mos.; promo credit ends if eligibility req’s are no longer met; 0% APR.
Hard to say.
But this is a Linux bug. Not sure how that affects the router.
Most home routers are based on the Linux kernel (certainly the Actiontecs are) and usually use a lot of the GNU infrastructure, too. The real question is are they using glibc or something else like uclibc.
It may be possible to filter using iptable rules according to the announcement:
Mitigating factors for UDP include:
- A firewall that drops UDP DNS packets > 512 bytes.
Mitigating factors for TCP include:
- Limit all replies to 1024 bytes.
This should catch any serious stack overflowing cracking attempts. If would good for Verizon to tell their customers how to implement such rules. Of course, they could add such rules to their customer-facing routers as an alternative, I expect, but they should tell us if they are.
The problem with those suggested mitigations is that they're essentially requiring the user to avoid any DNS resolvers that provide responses using the Extension Mechanisms for DNS, which translates to pretty much any of those that are useful for zones protected with DNSsec signatures.
It may be moot for many FiOS users, as it appears that VZ's name servers don't properly handle large replies right now anyway. You can see for yourself if you check them with OARC's DNS Reply Size Test Server.
So basically the user's choice is to either use resolvers that allow zones to be spoofed or to use resolvers that might send an answer that overflows a buffer.
Dang. Well, maybe Verizon will chime in here. Thank you, Cherokee commander.
Verizon will never chime in.
I was given the number for expert service to inquire if glibc is deployed, but I'm not certain it's worth the time.