Reply

dns hijacked

jw_mo
Aspirant

dns hijacked

Today I have had 2 customers with WGR614 routers that have had internet problems. Turns out both had exactly the same problem - the numbers in the primary and secondary DNS server on the routers had been changed to 70.38.38.4 and 67.205.67.10. I was able to change the numbers to usable numbers, but they should be set to automatically get the servers. Neither router would let me check the radio button to do that. One router was v9 and one was v10. I am sure that neither one of the users made the changes themselves.

Is there a virus or worm going around that can affect router settings? Has anyone seen these symptoms and if so, does a reset to defaults re-enable the radio button to automatically get dns settings?
thanks
jim
Message 1 of 5
jw_mo
Aspirant

Re: dns hijacked

Update:
It looks like all the customers affected have remote management enabled and haven't changed their passwords. Somebody has hacked in and changed their IP address to static at the same address and rerouted the DNS. I've taken care of their issues, but it's something to keep an eye out for.

jim
Message 2 of 5
jmalone
Aspirant

Re: dns hijacked

I've seen that it is not just default passwords that are being hijacked. some of my customers did not have default passwords originally, however they had been reset to the default password but all other settings (with the exception of the DNS) were the same.
Message 3 of 5
jmizoguchi
Virtuoso

Re: dns hijacked

Is there a virus or worm going around that can affect router settings? Has anyone seen these symptoms and if so, does a reset to defaults re-enable the radio button to automatically get dns settings?


there were recently with malware that changed the DNS on PC setting that will go to fake DNS that will spread the malware.

getting router setting changed can be from remote management where these router are using http and not https so possible exploits to again back in
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 4 of 5
neojick
Aspirant

Re: dns hijacked

@jmalone, you're customers affected have remote management enabled before DNS change ?
Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 4823 views
  • 0 kudos
  • 4 in conversation
Announcements