A question about router infections

[Dirk41]

Hi everyone !

As you can imagine I open this thread to discuss about my curiosities :

This time I wonder : let's suppose your router get infected and its DNS change into malicious DNS .

But..

You previously set manually on your PC norton DNS ( or someone else DNS )

Or you set ,on your PC ,norton DNS even after the infection .

In these two scenarios who would win?
DNS on PC or DNS on router ?

I know that router DNS are not ok and should be fixed , but I am asking if you would get pop ups/ redirects / slow downs / etc

Looking forward to hearing from you


Thank you for reading

 

[tim one]

By setting the DNS on the PC you get a filtering that can prevent a good portion of the unwanted sites, according to certain categories but only on that PC. A better solution is enable the DNS on the router, so the filtering is applied to all devices on your network.
I am using Google DNS (not for security reasons) at router level and no issues for me.

 

[Dirk41]

So even with norton DNS ( or others ) on that PC I could probably get some spam websites surfing the net if routed infected .

Thank you

 

[uncle bill]

knowing how protocol routing works i assume that a bad guy can force a router to do whatever he wants, so i guess that once your router is pawned your traffic can be (easily?) redirected wherever he wants to.

 

[Wave]

So even with norton DNS ( or others ) on that PC I could probably get some spam websites surfing the net if routed infected .

Thank you

It doesn't matter what DNS you use, there will always be malicious websites which can get by... It doesn't fully eliminate all access to every malicious website.

If your router is infected then you'll need to reinstall the latest firmware for your router; removing the malware which had been installed onto it, thus ridding of the infection (similar to a BIOS infection and therefore you flash the BIOS to rid of the infection). If this doesn't work then just get a new router... It can always be handy to have a spare router stored somewhere in the case of your existing one becoming infected/breaking anyway.

 

[509322]

What the man is asking is whether or not the router DNS will override the local (host) system DNS settings.

The answer is "No" - unless the system is set to automatically detect and use the router DNS.

Once you set the local system to use a specific DNS, then it will use that DNS regardless of the DNS set in the router. If that were not the case then everybody would be stuck using the router DNS - and proxies, VPNs, setting a local DNS such as Norton ConnectSafe, etc would not work.

In other words, the DNS settings of the end device (local system) override the router DNS settings.

There's a difference between a malware that modifies the DNS on the local system and one that changes the router DNS. He's asking about the second case.

AnDNSChanger infection is typically the result of weak configurations of both the router and system networking - and most of all - launching unknown\untrusted files on your system.

 

[Dirk41]

What the man is asking is whether or not the router DNS will override the local (host) system DNS settings.

The answer is "No" - unless the system is set to automatically detect and use the router DNS.

Once you set the local system to use a specific DNS, then it will use that DNS regardless of the DNS set in the router. If that were not the case then everybody would be stuck using the router DNS - and proxies, VPNs, setting a local DNS such as Norton ConnectSafe, etc would not work.

There's a difference between a malware that modifies the DNS on the local system and one that changes the router DNS. He's asking about the second case.

Thank you everyone ! Yes I am exactly asking that : if there would be a perfect override

 

[509322]

Thank you everyone ! Yes I am exactly asking that : if there would be a perfect override

Well, you know how it is. Despite all the built-in protections - and even if a user utilizes each one of them - there is always some possibility - even if it is a very small probability - that some malc0der will discover and exploit some vulnerability. Router vulnerabilities are quite notorious. Insecure system networking configuration is a problem as well.

Harden your router following online guides. Harden your local system security, then immediately lock it down. Best protection.

 

[Dirk41]

May I ask one last question?
Let's suppose I set PC DNS on automatic .
And a malware has changed my router DNS ..
Using nslookup command , I would find an incorrect ip for every website ?
Thank you

( I mean.. You know typing in prompt window "nslookup facebook.com " -> it should give you an incorrect / correct ip )

 

[tim one]

May I ask one last question?
Let's suppose I set PC DNS on automatic .
And a malware has changed my router DNS ..
Using nslookup command , I would find an incorrect ip for every website ?
Thank you

( I mean.. You know typing in prompt window "nslookup facebook.com " -> it should give you an incorrect / correct ip )

Something here could be interesting.

DNS change/malicious pages redirect, understanding & troubleshooting

 

[Dirk41]

Something here could be interesting.

DNS change/malicious pages redirect, understanding & troubleshooting

Thank you . So in your guide you say " probably " . That means at least some ip could be resolved correctly

 

[tim one]

Thank you . So in your guide you say " probably " . That means at least some ip could be resolved correctly

Yes, I said "probably" because the variables involved are many and you don't never know for sure that, but you have the reasonable certainty that an event can occur.

As for rom-0 test as I said "It can detect the IP address that in 99% of the cases (except that you have to use applications for the masking of IP) is the address assigned by the ISP to your router, at the time of the connection."

 

[uncle bill]

What the man is asking is whether or not the router DNS will override the local (host) system DNS settings.

The answer is "No" - unless the system is set to automatically detect and use the router DNS.

the answer is YES if an attacker pawned your device. here's a screenshot of my firewall tracerouting a google dns to itself (i've not been hacked, it's just a proof of concept.. )

 

[Dirk41]

the answer is YES if an attacker pawned your device. here's a screenshot of my firewall tracerouting a google dns to itself (i've not been hacked, it's just a proof of concept.. )

Sorry but I don't get your picture ( I don't know Linux even if sometimes I tried xubunto or others )

Have you manually set DNS in you PC ?

And what you did to your router ?


And what kind of attacker? I don't mean a Russian hacker crew


Thank you for your interest

 

[uncle bill]

To make it simple i instructed my router/firewall to:
1) resolve google.it to a specific address which is different from the real ones;
2) redirect all kind of data traffic directed to 8.8.8.8 to another ip.
In other words, if i get access to your router i can change the real ip address for every domains in the world and can route traffic to a specific ip address to another ip address.
Do you feel a little less safer now?

 

[Dirk41]

To make it simple i instructed my router/firewall to:
1) resolve google.it to a specific address which is different from the real ones;
2) redirect all kind of data traffic directed to 8.8.8.8 to another ip.
In other words, if i get access to your router i can change the real ip address for every domains in the world and can route traffic to a specific ip address to another ip address.
Do you feel a little less safer now?

Ok I got thank you , but

How are set DNS on your PC ? Automatic or you set norton ( or what you want) manually ? I don't know how to do it on Linux , but I can on Windows

 

[Dirk41]

furthermore it would be even simply to try: just set some dns in the router and other on the pc..but unfortunately my stupid router does not let me change its dns in its UI

well thank you for your replies

 

[tim one]

furthermore it would be even simply to try: just set some dns in the router and other on the pc..but unfortunately my stupid router does not let me change its dns in its UI

well thank you for your replies

Well at the end I can tell you do not worry about it too much, in many years I have never had problems a router level.

Stay safe Dirk41