TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here:

(resolved) WiFi breach from Tesla MS connection? (no)

Discussion in 'Model S: User Interface' started by shawnbush12, Jan 18, 2014.

  1. shawnbush12

    shawnbush12 Member

    May 20, 2013

    I have lived in my home for over 5 years and have not had an issue before but I have received two messages from ATT in two weeks. I had a hidden network, WPA2, and complex password. received the 1st message, verified that ATT was correct (See note and test from my IT Department at the end of the message), reset the DSL modem, changed and hid the network name again, and changed password to more complex password. I reran the test to verify the Open DNS was gone. a week later I got the message again from ATT.

    I recently connected my Tesla MS to my wifi which is why I am asking the group if they have seen this on their wifi. perhaps it is something else but seem odd to me since I just connected the MS. I will reset again and not connect the MS to see if comes back next week or not.

    AT&T has determined that a device using your Internet connection is configured to run an open Domain Name System (DNS) resolver. A DNS resolver was observed answering public queries at Jan 17, 2014 at 2:28 PM EST at the IP address Our records indicate that this IP address was assigned to you at this time.

    Open DNS resolvers can be used for network attacks, presenting additional load on your Internet access and resulting in unreliable service.

    An open DNS resolver allows users on the Internet to perform DNS requests on your server. This is considered an insecure configuration and in the majority of cases, Internet subscribers should not operate an open DNS resolver. The open DNS resolver may be present due to a default operating system installation or system configuration issue. In some cases, network devices such as home wireless routers have flaws that expose DNS service to the Internet.

    To address this problem we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

    1. If you use a wireless network, ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). In addition, ensure that the router is not configured to provide open DNS services (consult the manual for your specific hardware). Check the connections to the router and ensure that you recognize all connected devices.
    2. If your environment requires you to run an open DNS resolver, please limit access via an ACL, rate limiting, or another method to minimize abuse of your server. Visit for additional technical information on preventing abuse.
    Thank you for your prompt attention to this matter. We welcome your feedback and questions on this matter. Please contact us at [email protected] with any questions you may have.
    AT&T Internet Services Security Center
    Open DNS test results for

    Port: 53
    Protocol: udp
    ; <<>> Net::DNS::Dig 0.07 <<>> -t a
    ;; Got answer.
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23837
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ; IN A


    ;; Query time: 69 ms
    ;; SERVER: 53(
    ;; WHEN: Fri Jan 17 14:28:11 2014
    ;; MSG SIZE rcvd: 61 -- XFR size: 2 records

    From my IT Department:

    You could also try to do some proactive searching to see if you can find the open resolver (if it actively exists at this point). You can find you current IP address in your router or by using a site such as this ( Once you have that you could use a tool such as this ( or this to test for open DNS resolvers.
  2. AnOutsider

    AnOutsider S532 # XS27

    Apr 3, 2009
    FWIW I just tested mine:

    Granted, my S is likely sleeping. I'll try again after waking.

    *edit* woke the car and tried again, no issue. I'll try again later after being in the car and verifying it's on wifi.
  3. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Mar 8, 2012
    No problem detected here, and the car was awake.
  4. ItsNotAboutTheMoney

    ItsNotAboutTheMoney Active Member

    Jul 12, 2012
    A reverse IP lookup says that is a Bell South ADSL address (given as Winter Park, which could just be Bell South's server location). It could simply be that your router is acting as an open dns resolver and they hadn't told you before.

    Open DNS resolvers are used for DDOS attacks,
  5. andrewket

    andrewket 2014 S P85DL, 2016 X P90DL (soon 100)

    Dec 20, 2012
    I assume your router is performing NAT for all of your devices. For an open DNS resolver to be reachable from the Internet your router would need to port forward UDP/53 to that device. Presuming that you haven't manually configured port forwarding, I would look to see if you have uPNP running. uPNP allows a device behind a NAT to ask your router to port forward. If this is the case, one of your machines likely has a virus.

    Lastly, as someone else suggested, it could be the router itself that has an open DNS resolver. You should double check your config. Many routers intended for home use will act as an open resolver for the devices behind it. It's possible your router has been misconfigured to enable this service on the WAN port (i.e. the Internet.)
  6. shawnbush12

    shawnbush12 Member

    May 20, 2013
    @andrewket - I was checking the other settings and found port forwarding on the UPnS was being done. I disabled UPnS and limited access to the to the wireless to MAC ids. I will run some test looking for a virus.

    thanks for everyone troubleshooting help.
  7. patn

    patn Member

    Sep 18, 2013
    Looks like you have this sorted out, but just for your info - I have scanned for open ports on my car while it's on wifi and recorded all of the network traffic to and from it over long periods of time, including during software updates and there is nothing of any interest open to the network. The majority of the communications with Tesla happen over a VPN and there are no open ports other than one associated with DCHP. They seem to have the car locked down very well.
  8. jhs_7645

    jhs_7645 VIN: #3305

    Jul 1, 2012
    Camas, WA

Share This Page