Last week, I faced a weird problem with my internet connection. Whenever I tried to search something on google, it took me to a google page which said your flash player is outdated, download and upgrade it. I found it unusual for google, to ask users to upgrade their flash player before it showed the search result.
I ran nslookup command for google, which resulted in a IP address of google. I tried to access google webserver using IP, hmm...same problem!!
I ran google search on my android tablet still it asked me to upgrade flash player. Strangely, on Android tablet also, it asked me to download setup.exe.( Google is smart enough to detect android and would not have asked for setup.exe, it should have taken me to the play store) . It took me a while to grasp that some very skillful hacker found a poor person like me, to be worthy enough for hacking. What would he gain anyway, there is nothing on my computers except for some pirated movies. Perhaps, something more valuable which I do not know about :P
Well well well..I rubbed my hands together. Curious to find out what was wrong I logged into my router to find out, which DNS server, my router was pointing to. One DNS IP was 8.8.8.8 and another was I don't remember what , but it was the culprit DNS. Btw both the IP's were not setup by me, they were hacked. This DNS gave my devices wrong IP of google servers and asked me to download flashplayer.
I called up my ISP and asked for the correct DNS. Later on I came to know that this is a common problem faced by many customers as well.
Ok! So I changed the DNS on my Router. Restarted my Wi-Fi access point ( since my router and Wi-Fi are two different devices, this was to ensure that my Wi-Fi now gets the correct DNS from the router, else it would use the cached DNS ) and reconnected all my wifi connected devices, phone, laptop etc. ( for the same reason as above)
Few days later, just curious to check the DNS, I logged in to the router and saw that my DNS has been hijacked again...boohooo...why me?? I thought CIA is after me, who else??...could be MI6??..
Hooray!! I am again the lucky winner!! Thank you !!somebody thinks I am important ?? :P
Again I had to change the DNS and restart /reconnect all my devices.
I googled, if anyone else is also facing similar issue, it turns out, this is a result of a bug in the router software, read more about the bug here - misfortune cookie and 12million + devices have been affected OMG...where is Snowden? More over there is no patch(firmware) available to fix this in the router.
I tried these steps to resolve the problem -
1. Since I have separate router and a Wi-Fi access point. I have manually setup correct DNS in my Wi-Fi access point, so no matter how many times my router DNS is hijacked my laptop and mobile would always pickup the correct DNS from my Wi-Fi access point.
2. Disabled DHCP on router , gave static IP to my Wi-Fi access point.( I think this was not important for this issue, but I still did it , because if someone gets IP via dhcp they get root access to the router)
3. Changed password on router ( I think , this is not useful for this issue)
4. Enable firewall, this wouldn't help either, but it is a good practice to enable fire if it is not enabled already.
5. This is the most important one, disable remote access on WAN via ftp,telnet,tftp,icmp . See the screenshot.
My DNS has not changed for some time now. Another way, is obviously to buy a new router.
Disclaimer - This will probably help in thwarting DNS hack to some extent but we CAN NOT call it 100% safe from hackers. Respect hackers, they are very knowledgeable and skillful. If they want they can do a personalized attack and get what they want.
We are on the internet, it is very important to believe that we do not have anything safe :)
Screen shot - Step by step setup instructions -
##Important Step3 :- Disable all the access via WAN and, for LAN enable HTTP and ICMP.
Was this article helpful? Please leave a comment.
I ran nslookup command for google, which resulted in a IP address of google. I tried to access google webserver using IP, hmm...same problem!!
I ran google search on my android tablet still it asked me to upgrade flash player. Strangely, on Android tablet also, it asked me to download setup.exe.( Google is smart enough to detect android and would not have asked for setup.exe, it should have taken me to the play store) . It took me a while to grasp that some very skillful hacker found a poor person like me, to be worthy enough for hacking. What would he gain anyway, there is nothing on my computers except for some pirated movies. Perhaps, something more valuable which I do not know about :P
Well well well..I rubbed my hands together. Curious to find out what was wrong I logged into my router to find out, which DNS server, my router was pointing to. One DNS IP was 8.8.8.8 and another was I don't remember what , but it was the culprit DNS. Btw both the IP's were not setup by me, they were hacked. This DNS gave my devices wrong IP of google servers and asked me to download flashplayer.
I called up my ISP and asked for the correct DNS. Later on I came to know that this is a common problem faced by many customers as well.
Ok! So I changed the DNS on my Router. Restarted my Wi-Fi access point ( since my router and Wi-Fi are two different devices, this was to ensure that my Wi-Fi now gets the correct DNS from the router, else it would use the cached DNS ) and reconnected all my wifi connected devices, phone, laptop etc. ( for the same reason as above)
Few days later, just curious to check the DNS, I logged in to the router and saw that my DNS has been hijacked again...boohooo...why me?? I thought CIA is after me, who else??...could be MI6??..
Hooray!! I am again the lucky winner!! Thank you !!somebody thinks I am important ?? :P
Again I had to change the DNS and restart /reconnect all my devices.
I googled, if anyone else is also facing similar issue, it turns out, this is a result of a bug in the router software, read more about the bug here - misfortune cookie and 12million + devices have been affected OMG...where is Snowden? More over there is no patch(firmware) available to fix this in the router.
I tried these steps to resolve the problem -
1. Since I have separate router and a Wi-Fi access point. I have manually setup correct DNS in my Wi-Fi access point, so no matter how many times my router DNS is hijacked my laptop and mobile would always pickup the correct DNS from my Wi-Fi access point.
2. Disabled DHCP on router , gave static IP to my Wi-Fi access point.( I think this was not important for this issue, but I still did it , because if someone gets IP via dhcp they get root access to the router)
3. Changed password on router ( I think , this is not useful for this issue)
4. Enable firewall, this wouldn't help either, but it is a good practice to enable fire if it is not enabled already.
5. This is the most important one, disable remote access on WAN via ftp,telnet,tftp,icmp . See the screenshot.
My DNS has not changed for some time now. Another way, is obviously to buy a new router.
Disclaimer - This will probably help in thwarting DNS hack to some extent but we CAN NOT call it 100% safe from hackers. Respect hackers, they are very knowledgeable and skillful. If they want they can do a personalized attack and get what they want.
We are on the internet, it is very important to believe that we do not have anything safe :)
Screen shot - Step by step setup instructions -
Was this article helpful? Please leave a comment.
