DNS Hijacked Router - TechRepublic
TechRepublic | Forums | Networks
Networks
Question
January 31, 2008 at 02:43 PM
#2231160
jim

DNS Hijacked Router

by jim . Updated 15 years, 7 months ago

have been experiencing major problems with a DNS hijack situation on my Friends Verizon DSL Service (In MD).

When surfing the network I am getting unreliable connections to various Web Sites (* see example below). In verifying the IP address of these Web Sites using NSlookup, I get one IP address for all inquires including Googel.com. The problem is happening on all machines on his network including an Apple MAC. I have made many attempts to look for malware and viruses but cannot resolve the problem.

I was able to do something to prove that only when the Verizon Modem -or network- gets a DNS request I see this problem. On one of my computers I can use a VPN to my Verizon network in NJ. This network does not have this problem. After connecting a VPN to this network, I then configure my adapter to a fixed IP address. The IP and gateway are fixed to operate on the local (MD) network, However, I use the remote network for the fixed DNS address. The Local Verizon Modem does not see this as a DNS Request because it is in the VPN tunnel. Once I get the correct IP from the NJ DNS everything works fine. NSlookup gives the correct addresses and surfing sites that did not work are now working fine.
Notes:
NSlookup on all sites= 206.207.85.33 (for all Web sites)

Conditions:

Local Network?Router 192.168.1.1 DNS 192.168.1.1 (71.232.0.12?Verizon DNS MD)

Remote VPN Network -192.168.100.1 DNS 192.168.100.1 (71.250.0.12 ? Verizon DNS NJ)

Static setting in Adapter properties:

IP / Gateway/ DNS

192.168.1.12/ 192.168.1.1/ 192.168.1.1 Bad * Local Router/Modem gets request

192.168.1.12/ 192.168.1.1/ 71.252.0.12 – Bad * Local Modem/ Router gets or hijacks request

192.168.1.12 /192.168.1.1/71.250.0.12 ? Bad * Local Modem/Router gets or hijacks request or I can not use DNS Server in NJ via MD Net

192.168.1.12/192.168.1.1/192.168.100.1 – Good * Local Router does not see DNS request

If the computers were all infected with somthing than it should not work with the VPN DNS Spoof

It Looks like Verizon modem/router is Hacked?

If Verizon is hacked then they will not have a clue how to fix it (already talked to the clueless).

This discussion is locked

All Comments