Author Topic: how change of dns, nullifies the vulnerability  (Read 12711 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
how change of dns, nullifies the vulnerability
« on: May 20, 2017, 07:31:36 AM »
Hi, Scan with avast wifi inspector. If i use router dns, ie , obtain dns server address automatically, i get vulnerability of dns hijack  in the router , by the scan. They give solution to change the dns in change adopter settings. I changed the dns to google and next to open dns . when i scanned the same pc again, the results show no vulnerability. How, what does that mean? The avast wifi scans the computer and connected device. My pc and other devices are shown as having no vulnerabilites.
Can you say, how , the scan results differ? Moreover, i was shown, hijacked domain as vk.com and yandex.ru, which i never visited in my life time. would expert say something on this
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 886
  • Location: London
  • Karma: 34
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #1 on: May 20, 2017, 08:47:25 AM »
Hi J, first off I have been following your thread on the Avast forum. I think that you have been badly treated by some of the folks over there  :shocked:

I use an old version of Avast (without the wifi scanner), but I'll try and help.

Here is a good article on DNS hijacking.
http://www.thewindowsclub.com/what-is-dns-hijacking-prevention

As for the entries for yandex.ru and VK.com, it may be that your ISP is using these as their default DNS servers, check the details that appear in your adapter settings with those on this page when you channge to "obtain automatically".
https://dns.yandex.com/

Those in the Avast forum are "fanboys" of Avast and may not be willing to accept that Avast maybe giving a false positive result, so try another scanner, here.
https://campaigns.f-secure.com/router-checker/en_global/

Personally I use OpenDNS.
« Last Edit: May 20, 2017, 08:50:02 AM by Samson »

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #2 on: May 20, 2017, 08:54:36 AM »
Hi, Samson, glad that you say that.
                      There are persons who do not know how to reply to pertinent query.EVen staff there does not seem to have any clue . But i admit the wonderful people , who makes the application .
                       They are all senior people there and so i just watch whether any expert replies from avast. because, it is their product. i will deeply read your solution now and then reply. Thanks for your considered reply and i was expecting it from you
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #3 on: May 20, 2017, 09:02:05 AM »
Hi, I already checked that site. I got a different result in the morning,
Everything appears to be fine, but the check was incomplete
I raised a query to the email address of fesure, and expecting reply

What is the meaning of this status. Is my router could not be checked? or the dns server does not allow router checker to check the router? is the dns server having vulnerabilities of dns hijack. What is the fix
Now when i check the same site, i get green tick mark with the router dns settings.no issues found.
expecting reply
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #4 on: May 20, 2017, 09:09:38 AM »
Hi, Samson, i noticed no change in the adapter settings , when i click yandex site. But i do know that the dns server that is in the router belongs to my Service Provider ip. But i do not know, whether this server address is used by those yandex.ru or vk.com.  But funny that i could not see anything inside the router entries that would suggest the hijacking of router. If i use open dns, then avast gives no vulnerability.
                       Would the service provider use another service provider service for its users. strange
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 886
  • Location: London
  • Karma: 34
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #5 on: May 20, 2017, 09:34:52 AM »
What I meant was....Compare your ISP DNS server addresses in your router with those on the Yandex site, this will establish if your ISP is using its own DNS or Yandex  :wink:

As for the F Secure scan, wait and see what they come up with, maybe just busy and unable to complete the scan?

If OpenDNS works for you, then stick with it, like I said it is my personal choice, fast, reliable, offers a degree of protection from phishing and maliciou s websites. I won't touch anything to do with Google myself  :wink:

PS each time that you change DNS servers you may want to clear your DNS cache, open a CMD prompt and enter " ipconfig /flushdns" (without the "s).

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #6 on: May 21, 2017, 01:25:04 AM »
Hi, There was no changein the dns server settings, which is my ISP, probably the server in router is compromized.I did find out the hns.log and it contains so much com, including yandex.ru, and vk.com, yahoo.com,etc etc. i only copy here the 5 entries i found in the hns.log, could you make anything out of it. It is too technical, but this is the alert, i am getting, i will copy both the prscreen and log of selected lines in hns.log
the log extract;

2017-05-21 07:49:22.278] [info   ] [ares_scan  ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info   ] [ares_scan  ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info   ] [ares_scan  ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info   ] [ares_scan  ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info   ] [ares_scan  ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info   ] [ares_scan  ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #7 on: May 21, 2017, 01:28:36 AM »
can i pm with you, hi, samson,  with notepad enclosure ,so that i could send the whole log, which contains so many com. It is a page attachement. I do not know how to send emails to the particular user in this forum. is it permissible? if yes, please say, what is the way
« Last Edit: May 21, 2017, 01:32:55 AM by jraju »
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 886
  • Location: London
  • Karma: 34
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #8 on: May 21, 2017, 03:18:46 AM »
J, that log means nothing to me.

I would ask that you set your NIC adapter settings to obtain dns addresses automatically and then open a CMD prompt and enter "ipconfig /all" (without the "s and post the result. So that I can compare your ISP's default DNS servers to see if they are using Yandex DNS as per the yandex DNS site that I linked to. If OpenDNS or Google works, why not just do that?

EDIT J, If you are unhappy with the help, or lack of it on the Avast forum, then you can request help directly on your DNS hijacking issue with Avast by raisng a support ticket. Click on "support" in the Avast GUI and select "request support", here you will be able to upload scan logs too. Screenshot is of an older version of Avast, but likely to be similar.
« Last Edit: May 21, 2017, 04:01:02 AM by Samson, Reason: Spelling AAAARGH! »

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 7089
  • Location: UK
  • Karma: 106
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #9 on: May 21, 2017, 03:35:04 AM »
Your router will be set to your ISP default DNS settings but they will be overridden when you change them in the adapter DNS settings.

They take precedence.

However, you can change them to your choice in the router.

While I leave my router's settings to default, I have the adapters settings changed to Google's 8.8.8.8 / 8.8.4.4

Download MiniToolBox and check all of the boxes down to List Winsock Entries.

http://www.majorgeeks.com/files/details/farbar_minitoolbox.html

You can copy & paste its report to the reply box, but see if Avast's scan still picks up those hijacks.

If you select Save for the download, you'll be able to use it as and when from your Downloads folder.




« Last Edit: May 21, 2017, 03:37:25 AM by Boggin »

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #10 on: May 21, 2017, 06:50:44 AM »
hi, regarding support, they only support premium versions and for free, only source is community forum, which i already addressed. i will try to send the details of mini tool box in my next post.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 7089
  • Location: UK
  • Karma: 106
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #11 on: May 21, 2017, 07:03:38 AM »
It displays in Notepad so just right click in the text area and click on Select all - right click again and select Copy then right click in the reply box and select Paste.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #12 on: May 22, 2017, 05:36:45 AM »
Hi, Boggins here is my log
pl kindly see that my server is shown as unknown. Even in nslookup www.google.com command it shows the same. is that command only works for server version of OS from microsoft. Is there a fix? I heard about reverse dns to fix that . but i do not know , how to do. can i do that in my windows 7 stand alone machine.
MiniToolBox by Farbar  Version: 17-06-2016
Ran by intel (administrator) on 22-05-2017 at 17:55:29
Running from "C:\Users\intel\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: D865GRH_ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 6 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : intel-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
   Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 22, 2017 5:19:25 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 5:18:59 PM
   Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234886774
   DHCPv6 Client DUID. . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4007:805::200e
     216.58.220.46


Pinging google.com [216.58.220.46] with 32 bytes of data:
Reply from 216.58.220.46: bytes=32 time=25ms TTL=56
Reply from 216.58.220.46: bytes=32 time=26ms TTL=56

Ping statistics for 216.58.220.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
     2001:4998:58:c02::a9
     2001:4998:44:204::a7
     98.138.253.109
     98.139.183.24
     206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=269ms TTL=49
Reply from 206.190.36.45: bytes=32 time=274ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 269ms, Maximum = 274ms, Average = 271ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 27...00 1b 10 00 2a ec ......Bluetooth Device (Personal Area Network) #6
 10...00 16 76 94 db 5f ......Realtek RTL8139/810x Family Fast Ethernet NIC
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    276
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::1e5f:2bff:fe54:8f5
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::7593:3539:2801:5955/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 7089
  • Location: UK
  • Karma: 106
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #13 on: May 22, 2017, 07:08:52 AM »
I've never seen that before - you also seem to have quite a large winsock compared to mine.

Run a cmd prompt as an admin and enter netsh winsock reset catalog

Then shutdown /r /t 00 to effect an immediate reboot.

Can you go Start - type ncpa.cpl - right click on the Ethernet adapter and select Properties - click on (TCP/IPv4) - Properties and tell us which of the bottom buttons are checked.

This is mine using Google's DNS servers.

You can change yours to mine then run MiniToolBox again, checking the boxes for List IP configuration and Winsock to compare.

« Last Edit: May 22, 2017, 07:13:58 AM by Boggin »

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2175
  • Location: india
  • Karma: 17
    • View Profile
Re: how change of dns, nullifies the vulnerability
« Reply #14 on: May 22, 2017, 07:53:07 AM »
Pl see the logs
MiniToolBox by Farbar  Version: 17-06-2016
Ran by intel (administrator) on 22-05-2017 at 20:14:41
Running from "C:\Users\intel\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: D865GRH_ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 6 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : intel-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
   Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
   Physical Address. . . . . . . . . : i have deleted
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, May 22, 2017 8:04:15 PM
   Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 8:04:15 PM
   Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234886774
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-78-CE-68-00-16-76-94-DB-5F
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  2404:6800:4007:800::200e


Pinging google.com [216.58.197.78] with 32 bytes of data:
Reply from 216.58.197.78: bytes=32 time=32ms TTL=56
Reply from 216.58.197.78: bytes=32 time=31ms TTL=56

Ping statistics for 216.58.197.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
     2001:4998:58:c02::a9
     2001:4998:44:204::a7
     98.139.183.24
     98.138.253.109
     206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=259ms TTL=49
Reply from 98.139.183.24: bytes=32 time=258ms TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 258ms, Maximum = 259ms, Average = 258ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 27...00 1b 10 00 2a ec ......Bluetooth Device (Personal Area Network) #6
 10...00 16 76 94 db 5f ......Realtek RTL8139/810x Family Fast Ethernet NIC
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    276
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::1e5f:2bff:fe54:8f5
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::7593:3539:2801:5955/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
i also noted the server name is now shown as some google name. pl say why it is not at first instance, when it takes obtain dns server automatically
The Bottom line is "Check your hardware first if it supports the task you try".