Check your routers DNS IP address
Discussion
After some internet access problems this morning I noticed the DNS server IP address in my router didn't look right. A reverse look up showed it was a Russian IP address, for a Swiss company whose mailing address was in Saudi. It should have been a BT DNS. How this was possible I don't know. I've set all my PCs DNS IPs to fixed ones now, just in case it happens again.
Which make / model of router?
There was a well publicised backdoor router vulnerability last year which affected brands such as linksys, netgear etc whereby an attacker could just send unauthenticated admin commands to the router and perform a factory reset, which allows the attacker into the admin pages and can then set the DNS etc to whatever they like.
It wouldn't surprise me if there was a worm doing the rounds which performed such actions automatically.
There was a well publicised backdoor router vulnerability last year which affected brands such as linksys, netgear etc whereby an attacker could just send unauthenticated admin commands to the router and perform a factory reset, which allows the attacker into the admin pages and can then set the DNS etc to whatever they like.
It wouldn't surprise me if there was a worm doing the rounds which performed such actions automatically.
GreigM said:
Big. Could redirect you to phising/fake sites. Start changing your passwords.
+1 DNS tells your computer that when you want to go to www.natwest.com that it is located at 155.136.80.213. A dodgy DNS server could send you elsewhere, most likely to a copy of the banks website and you enter your details.
If you can't get the correct DNS settings you can either do a factory reset and immediately change the password, or in a pinch change the DNS to a known public one, such as googles 8.8.8.8 or 8.8.4.4
Edited by SmithyAG on Monday 30th March 23:52
CloudScout and CloudGuard.exe Removal Instructions
The post is about an adware called CloudGuard or CloudScout. If the CloudGuard adware is running on your system, you will see CloudGuard.exe in the Windows Task Manager, a new service called CloudScout starting the CloudGuard.exe process and name servers changed to 31.168.224.100 and 5.135.12.56. The software appears as CloudScout Parental Control in the Add/Remove programs dialog.
The post is about an adware called CloudGuard or CloudScout. If the CloudGuard adware is running on your system, you will see CloudGuard.exe in the Windows Task Manager, a new service called CloudScout starting the CloudGuard.exe process and name servers changed to 31.168.224.100 and 5.135.12.56. The software appears as CloudScout Parental Control in the Add/Remove programs dialog.
SmithyAG said:
If you can't get the correct DNS settings you can either do a factory reset and immediately change the password, or in a pinch change the DNS to a known public one, such as googles 8.8.8.8 or 8.8.4.4
Thats what I did, just fixed the router and all the PCs to Googles. Its also how I noticed the problem, because my PC was already set to Google and the only one with internet access that day. All our PCs appear clean, it was just the router affected. Its a TP-Link TD-W8901G. Thinking about it, we have had a couple of 2nd hand laptops and friends/families PCs on the network recently, whilst trying to solve problems for them. I think I should put a ban on that.
drew.h said:
Thats what I did, just fixed the router and all the PCs to Googles. Its also how I noticed the problem, because my PC was already set to Google and the only one with internet access that day.
All our PCs appear clean, it was just the router affected. Its a TP-Link TD-W8901G. Thinking about it, we have had a couple of 2nd hand laptops and friends/families PCs on the network recently, whilst trying to solve problems for them. I think I should put a ban on that.
maybe?All our PCs appear clean, it was just the router affected. Its a TP-Link TD-W8901G. Thinking about it, we have had a couple of 2nd hand laptops and friends/families PCs on the network recently, whilst trying to solve problems for them. I think I should put a ban on that.
http://piotrbania.com/all/articles/tplink_patch/
https://rootatnasro.wordpress.com/2014/01/11/how-i...
I would see what the latest firmware patch is for the router
Seems to be adware related on my system.
Interestingly it is only my Playbook that has had the DNS changed.
All PCs and router are clean.
Not sure how this has happened - possibly via the Opera browser.
I've fixed the DNS IPs on the PB now and I'll keep checking they are correct.
Fecking adware is getting pretty malignant these days.
No way is it acceptable to go changing DNS IP.
Interestingly it is only my Playbook that has had the DNS changed.
All PCs and router are clean.
Not sure how this has happened - possibly via the Opera browser.
I've fixed the DNS IPs on the PB now and I'll keep checking they are correct.
Fecking adware is getting pretty malignant these days.
No way is it acceptable to go changing DNS IP.
lestag said:
maybe?
http://piotrbania.com/all/articles/tplink_patch/
https://rootatnasro.wordpress.com/2014/01/11/how-i...
I would see what the latest firmware patch is for the router
Looks like that may be it, I can download the rom-0 without being logged in. Router is getting replaced and a hammer put through the TP-Link.http://piotrbania.com/all/articles/tplink_patch/
https://rootatnasro.wordpress.com/2014/01/11/how-i...
I would see what the latest firmware patch is for the router
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff