Anyone having a similar issue, please download the firmware from https://drive.google.com/file/d/0B6cFyWWSXjqEUGI2SjNLeG9hZVk/view?usp=sharing and update your Almond. Following are the instructions, how to update it.
(1) Please download the firmware and save it on a laptop/computer.
(2) Connect this laptop/computer wired or wireless to Almond. Tap on "More" on the LCD screen and then tap on "Web Administer". Note down the URL and put the same on your browser to access the Web UI of the Almond. (URL/IP:10.10.10.254, Username: admin, Password: admin). Now you should be accessing the Web user interface of Almond, select "Software" on the Web UI and then upload the saved file from your computer. Please do not unplug Almond from power socket during the update process. This should resolve the issue!
(3) Once the software update is over, check the "Status" icon and see whether it is connected or not. If not connected with a green square box, tap on "Wizard" and set it up as router again.
(4) Just for your information, you can cross-check the resolution from http://www.thinkbroadband.com/tools/dnscheck.html and it should show you, "Success! We detected your IP address as xxx.xxx.xxx.xxx and did not find an open DNS resolver running"
Thank you for the fix. It seems to be working correctly after application.
However, one thing I would mention is that because the Almond and Almond+ are so easy to use and are, thus, being sold primarily by users who are not in any way technical (which is the whole premise of the interface design and the touch screen), it is, therefore, the responsibility and burden of Securifi to push mainline security fixes to the device as soon as they are detected and corrected. Should the Almond or Almond+ become vulnerable to an attack vector, your security team should be the first to determine the vulnerability of the Almond and Almond+ devices and push out a mainline firmware release as soon as possible.
Withholding a firmware release that patches a critical security flaw to 'special circumstance cases' which requires the user to go Google this patch is never a good idea. In other words, since every Almond device that
does not have this patch applied is clearly vulnerable to DNS amplification attacks, this means that there are likely a fair number of these devices in service that could be used in an attack. Since the Almond device also supports updates from within the device, this is where the patch should appear. Not on this forum as a separate install procedure. Users won't know to go looking here for such a patch.
For this reason, the burden falls to Securifi to GA this patch to the general population of devices so that these devices are no longer vulnerable. If a large scale DDoS attack were launched as a result of your unpatched devices, a lot of people are going to come looking at you for answers as to why your team didn't send out this patch as GA (especially when you have a fix available as documented in this thread).
I would highly recommend that you GA this patch pronto and push it out so that device owners will see the update and eliminate this vulnerability from their device.
The issue is less about nasty grams from ISPs and more about patching critical security vulnerabilities timely and through regular channels. Every company producing devices like this needs to take security patching seriously and push patches as soon as they are aware and corrected through the normal update channels.
Thanks.