My router passes the router checker, but other tools say dns hijack vulnerability

Scholar

Re: My router passes the router checker, but other tools say dns hijack vulnerability

can i expect a detailed reply from any one user or moderator

Superuser

Re: My router passes the router checker, but other tools say dns hijack vulnerability


jraju wrote:

Hi, I also want to mention about one strange scenario.

                   You have protected your router by changing the admin password and other enable protection from Denial of service attacks and other settings, so that you are safe.

                      Everybody knows that external ips are allocated to the users by their ISP for each log in, for dynamic ip address users. i do not go deep in to the allocation, but is it not that if a compromised computer user ip is given to you on your log on time, will the security settings work and can one say that he is safe from router and network attacks,  I raise this question, as no fault of a user, his computer is getting spam alert from some of the genuine sites he often visits to provide more capcha options, maths questions to gain access , or to log in after some time to get a different dynamic ip which is not affected by any attack like spammers etc.

                       Is my presumption correct?or the system has nothing to do with external ip login please any expert advice


 Hello,

 

If you mean your latest^ reply -> I able to think about it with next points:

 

--> probably compromised IP (dynamic) should not be with any result as network/router attacks; at least, with common configuration (?!);

 

--> also compromised IPs probably should be handled by ISP and with steps to 'fix';

 

But - maybe I wrong understand your ask;

Does there general ask or it based on certain tool (as there F-Secure Router Checker)?

And since "compromised" probably will trigger this points like you noted (with 'more attention' from services), but not sure if it should be as potential another step to perform any router/network troubles directly;

 

Maybe - there will be normal official response or from experienced users. After some time... while it not comes yet - I placed my reply (sorry for that);

 

Thanks!

Scholar

Re: My router passes the router checker, but other tools say dns hijack vulnerability

Hi, Infected ips, i mean, when you generally browse a site, you are not allowed by the site spam filters, which says that you are a spammer and ask you to provide more security checks before allowing, like doing maths, or some capcha checks. Some sites do say to log in after few minutes to log in to non affected ips. if this is the case, then  i have a doubt about all security features, when user do not have any control on the ips, he is externally allotted by the ISP.

                     Is my understanding not correct, in the sense, that no ip would be affected

Superuser

Re: My router passes the router checker, but other tools say dns hijack vulnerability

So, it likely that if there "compromised IP" (used for scam/rogue/spam previously and than you get it) -> websites will be with 'additional security checks' or block access; But it also can be with "shared IPs";

 

Generally (as I able to think) there some points:

 

--> ISP should control it;

--> Websites/services should do "blocking" more properly and avoid kind of 'false-positive' (it possible that some of them - able to use 'too much setting');

--> "Dynamic IP" can be compromised with different 'meanings';

 

I think - that it possible... that while your system is safe and with security-tweaks --> websites able to block access to their website (or give the double-checks) based on certain dynamic-IPs;

 

If you got such experience - good to contact ISP and ask them about this!

 

At least, there anyway possible troubles... and ISP should strongly monitor/check/inform (but did not always do that) such things as "their IPs" (potential "blocklists") and even more "antibot"-checks;

 

Usually current home security solutions also will provide "antibot"-checks - but not all of them able to be with "enough level"; And each situation should be with investigation - if based on your local steps (like "security settings" for your software/hardware; scanning system by security software) there can be "normal view" - good to contact ISP as trigger their own investigation if there something wrong with your configuration/system (as unusual traffic; or if there "compromised IPs" in use);

 

Sorry for my reply - since I maybe do not answer directly to your ask!

 

Thanks!

Scholar

Re: My router passes the router checker, but other tools say dns hijack vulnerability

Hi, I understand what you mean. But i want to know, is my presumption of user external ips getting infected correct? or that is wrong?

Superuser

Re: My router passes the router checker, but other tools say dns hijack vulnerability

 

-> not sure that there proper wording for such situation about "infected external IPs";

 

Probably there can be response (later) with proper words about your ask.

But just because there was small discussion already - I will place "my try" to do suggestion:

 

----> We talk about situation like (?):

- home user got certain IP from ISP ('dynamic IP');

- user tried to use some websites or services and it not possible (blocked access based on 'IP' or there more security-checks as captcha or so);

- it possible to meet this (and generally - it more as prevention against 'botnets' probably); if certain IP listed under blacklists or so;

 

----> Your ask can be about "does ISP do this specially?!":

- I think that it possible, but I not sure that it should be like that;

- ISP should monitor/check and prevent any 'not valid' actions under their "network" (and control their IPs for prevent any 'exploiting it'); AND, at least, to inform user if there detected something wrong with system (where not really "Dynamic IP" is trouble);

 

-----> Your ask can be about "does 'such situation' based on troubles with external IPs?!":

- I think that if there is dynamic IP it more likely to get such situation; based on some limitations with ISP;

- But anyway - good to be sure that system with all security options and there not required any 'fix'-steps;

 

-----> Your ask can be about "does it possible that known-trouble-dynamic-IP will hack something?!":

- I think it should not be valid... since with default configuration or things like NAT - there maybe missing some potential steps to perform some actions based on this point;

Such as "exploiting" this design under your device;

 

Generally for proper answer with certain situation - good to ask ISP ("there blocking access to websites based on IP", but "you perform all available security options under device; or ANY of devices with such IP will be with this view"); Maybe I else one time.. wrongly understand your main ask. Smiley Sad

 

Sorry for that. Most likely - there can be response later from experienced users

Or just re-ask it else one time and I will do not response to it (since required another response); Or just re-ask later (as 'up' this topic);

 

Thanks! Smiley Sad

Scholar

Re: My router passes the router checker, but other tools say dns hijack vulnerability

Hi, ukko, see for your self this link. There is some  point in my repeating about external ips . Just check that this site shows the affected ips, of spam or other things near your ips in any country.

https://www.projecthoneypot.org/home.php

and click dashboard and you see

Superuser

Re: My router passes the router checker, but other tools say dns hijack vulnerability

Hello,

 

So - it can be quite useful webpage/service for administrators/owners of website/server OR for users - who want to re-check 'status' of suspicious activities. Where they able to get some known 'triggers', rules and knowledge about spam/tricks/rogue actions; Practically as "traditional signature"-based design work.

 

But - if I normal understand - there just next meanings about IP/nicknames/other (if we talk about user's system IPs - but not like domain's IPs):

 

--> Or someone do this malicious/suspicious actions specially (under certain IP);

--> Or system of another users was with malware or 'hacked/hijacked' and there some actions based on this view (as part of botnets or 'malware'-activities); Under their certain IPs;

 

It can be that 'blacklisted' IP can be re-used by someone else (later); But -> it should be controlled by ISP;

Also -> probably there can be a lot of companies with their own "blacklists" (which will be more as "rogue"-company, than trusted one); So - quite likely that - such blaklists/spamlists not always properly show 'current information/status' of IP;

 

If  certain "dynamic IP" used by spammers/rogue-tricks previously - but on current time... not -> there just all common suggestions about security for user's own system.

Probably with default and common sense settings for things like user's routers/network -> "previously" spammed IP should not create something additional as troublepoint (except - that website able to think that there is "spam IP" and block-access based on this);

 

This situation also valid for websites/domains.

There can be good valid safe website. Then someone hack it and exploiting it for 'distribute' malware. Website can be marked as harmful by security companies. Then website fix this trouble... but it still can be marked as harmful (or even more - hacked by someone... else one time);  And usually - this is main reason for rogue/spam/scam activities ;

 

Sorry for my reply.

 

Thanks!