DNS Hacked in Router

Sushubh

Administrator
Oct 29, 2004
418,253
13,009
Gurugram
BSNL has capabilities to do that. 🦅
 
  • Like
Reactions: ijsa

Jay

Regulars
Sep 4, 2014
319
91
when I was accessing the sites on android in browser.... it was redirecting me to download/ update facebook.
Sounds exactly like Crooks Hijack Router DNS Settings to Redirect Users to Android Malware

For these attacks, crooks redirected users to pages peddling clones of Android apps like Google Chrome for Android (chrome.apk) and Facebook (facebook.apk). These apps used excessive permissions, allowing them total access to the users' smartphones. The apps' main purpose was to overlay login screens on top of various apps.
Sounds like spyware. Check if any app has device-admin permission now.
 


  • Like
Reactions: ijsa

alphago

Regulars
Sep 24, 2018
51
23
I remember my friend having a TP link router. The router had telnet access in it(most good routers have telnet access). So one could control it from the PC using command line and tinker around with it. Try to check, telnet 192.168.1.1(or router ip address) in command line @ijsa
 
  • Like
Reactions: ijsa

vishalrao

The Global Village Idiot
Regulars
Jan 21, 2005
4,680
282
Pune
Well I'll be damned. My BSNL FTTH connection was not working right now (sites not opening) so when I checked the modem settings there is a DNS server 87.x.x.x along with 8.8.8.8 as 2nd entry. I am on Airtel 4G backup right now.

Will look up that DNS IP and see if it belongs somewhere suspicious :D I don't remember if the LCO configured that DNS IP or it came on its own when I checked.
 

pothi

Regulars
Aug 5, 2008
528
147
Srivilliputhur / Madurai (TN)
The router is of little help if the hack has happened using an app in our phone.

That said, I would invest in a router that provides regular security updates. For example, Netgear provides more regular firmware and security updates than some Chinese brands.

If you need more control than regular security updates, then you may choose a router from Mikrotik or Ubiquiti. For example, with Mikrotik, I connect all the wireless devices using a guest network where an additional firewall is in place between devices connected through guest network and wired devices. Also, even devices connected within the same guest network can't connect to each other without passing through the firewall. I am sure there must be a similar configuration in Ubiquiti routers as well.

I hope that helps. Good luck.
 


  • Like
Reactions: ijsa

vishalrao

The Global Village Idiot
Regulars
Jan 21, 2005
4,680
282
Pune
So the suspect DNS IP is 89.207.131.8 - any idea what/where this is? whois lookup says netherlands "server.inteltek.com".
 

vishalrao

The Global Village Idiot
Regulars
Jan 21, 2005
4,680
282
Pune
Damn. So I got rid of that IP. But at least I won't be affected since I don't connect any devices directly to my ftth modem, there is a netgear router which has google dns configured so mobile devices also should be safe from this attack.
 

Similar threads