Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: jraju on May 20, 2017, 07:31:36 am
-
Hi, Scan with avast wifi inspector. If i use router dns, ie , obtain dns server address automatically, i get vulnerability of dns hijack in the router , by the scan. They give solution to change the dns in change adopter settings. I changed the dns to google and next to open dns . when i scanned the same pc again, the results show no vulnerability. How, what does that mean? The avast wifi scans the computer and connected device. My pc and other devices are shown as having no vulnerabilites.
Can you say, how , the scan results differ? Moreover, i was shown, hijacked domain as vk.com and yandex.ru, which i never visited in my life time. would expert say something on this
-
Hi J, first off I have been following your thread on the Avast forum. I think that you have been badly treated by some of the folks over there :shocked:
I use an old version of Avast (without the wifi scanner), but I'll try and help.
Here is a good article on DNS hijacking.
http://www.thewindowsclub.com/what-is-dns-hijacking-prevention
As for the entries for yandex.ru and VK.com, it may be that your ISP is using these as their default DNS servers, check the details that appear in your adapter settings with those on this page when you channge to "obtain automatically".
https://dns.yandex.com/
Those in the Avast forum are "fanboys" of Avast and may not be willing to accept that Avast maybe giving a false positive result, so try another scanner, here.
https://campaigns.f-secure.com/router-checker/en_global/
Personally I use OpenDNS.
-
Hi, Samson, glad that you say that.
There are persons who do not know how to reply to pertinent query.EVen staff there does not seem to have any clue . But i admit the wonderful people , who makes the application .
They are all senior people there and so i just watch whether any expert replies from avast. because, it is their product. i will deeply read your solution now and then reply. Thanks for your considered reply and i was expecting it from you
-
Hi, I already checked that site. I got a different result in the morning,
Everything appears to be fine, but the check was incomplete
I raised a query to the email address of fesure, and expecting reply
What is the meaning of this status. Is my router could not be checked? or the dns server does not allow router checker to check the router? is the dns server having vulnerabilities of dns hijack. What is the fix
Now when i check the same site, i get green tick mark with the router dns settings.no issues found.
expecting reply
-
Hi, Samson, i noticed no change in the adapter settings , when i click yandex site. But i do know that the dns server that is in the router belongs to my Service Provider ip. But i do not know, whether this server address is used by those yandex.ru or vk.com. But funny that i could not see anything inside the router entries that would suggest the hijacking of router. If i use open dns, then avast gives no vulnerability.
Would the service provider use another service provider service for its users. strange
-
What I meant was....Compare your ISP DNS server addresses in your router with those on the Yandex site, this will establish if your ISP is using its own DNS or Yandex :wink:
As for the F Secure scan, wait and see what they come up with, maybe just busy and unable to complete the scan?
If OpenDNS works for you, then stick with it, like I said it is my personal choice, fast, reliable, offers a degree of protection from phishing and maliciou s websites. I won't touch anything to do with Google myself :wink:
PS each time that you change DNS servers you may want to clear your DNS cache, open a CMD prompt and enter " ipconfig /flushdns" (without the "s).
-
Hi, There was no changein the dns server settings, which is my ISP, probably the server in router is compromized.I did find out the hns.log and it contains so much com, including yandex.ru, and vk.com, yahoo.com,etc etc. i only copy here the 5 entries i found in the hns.log, could you make anything out of it. It is too technical, but this is the alert, i am getting, i will copy both the prscreen and log of selected lines in hns.log
the log extract;
2017-05-21 07:49:22.278] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]
-
can i pm with you, hi, samson, with notepad enclosure ,so that i could send the whole log, which contains so many com. It is a page attachement. I do not know how to send emails to the particular user in this forum. is it permissible? if yes, please say, what is the way
-
J, that log means nothing to me.
I would ask that you set your NIC adapter settings to obtain dns addresses automatically and then open a CMD prompt and enter "ipconfig /all" (without the "s and post the result. So that I can compare your ISP's default DNS servers to see if they are using Yandex DNS as per the yandex DNS site that I linked to. If OpenDNS or Google works, why not just do that?
EDIT J, If you are unhappy with the help, or lack of it on the Avast forum, then you can request help directly on your DNS hijacking issue with Avast by raisng a support ticket. Click on "support" in the Avast GUI and select "request support", here you will be able to upload scan logs too. Screenshot is of an older version of Avast, but likely to be similar.
-
Your router will be set to your ISP default DNS settings but they will be overridden when you change them in the adapter DNS settings.
They take precedence.
However, you can change them to your choice in the router.
While I leave my router's settings to default, I have the adapters settings changed to Google's 8.8.8.8 / 8.8.4.4
Download MiniToolBox and check all of the boxes down to List Winsock Entries.
http://www.majorgeeks.com/files/details/farbar_minitoolbox.html
You can copy & paste its report to the reply box, but see if Avast's scan still picks up those hijacks.
If you select Save for the download, you'll be able to use it as and when from your Downloads folder.
-
hi, regarding support, they only support premium versions and for free, only source is community forum, which i already addressed. i will try to send the details of mini tool box in my next post.
-
It displays in Notepad so just right click in the text area and click on Select all - right click again and select Copy then right click in the reply box and select Paste.
-
Hi, Boggins here is my log
pl kindly see that my server is shown as unknown. Even in nslookup www.google.com command it shows the same. is that command only works for server version of OS from microsoft. Is there a fix? I heard about reverse dns to fix that . but i do not know , how to do. can i do that in my windows 7 stand alone machine.
MiniToolBox by Farbar Version: 17-06-2016
Ran by intel (administrator) on 22-05-2017 at 17:55:29
Running from "C:\Users\intel\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Model: D865GRH_ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 6 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name
Ethernet adapter Bluetooth Network Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 22, 2017 5:19:25 PM
Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 5:18:59 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 2404:6800:4007:805::200e
216.58.220.46
Pinging google.com [216.58.220.46] with 32 bytes of data:
Reply from 216.58.220.46: bytes=32 time=25ms TTL=56
Reply from 216.58.220.46: bytes=32 time=26ms TTL=56
Ping statistics for 216.58.220.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
98.138.253.109
98.139.183.24
206.190.36.45
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=269ms TTL=49
Reply from 206.190.36.45: bytes=32 time=274ms TTL=49
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 269ms, Maximum = 274ms, Average = 271ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
27...00 1b 10 00 2a ec ......Bluetooth Device (Personal Area Network) #6
10...00 16 76 94 db 5f ......Realtek RTL8139/810x Family Fast Ethernet NIC
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::1e5f:2bff:fe54:8f5
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::7593:3539:2801:5955/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
**** End of log ****
-
I've never seen that before - you also seem to have quite a large winsock compared to mine.
Run a cmd prompt as an admin and enter netsh winsock reset catalog
Then shutdown /r /t 00 to effect an immediate reboot.
Can you go Start - type ncpa.cpl - right click on the Ethernet adapter and select Properties - click on (TCP/IPv4) - Properties and tell us which of the bottom buttons are checked.
This is mine using Google's DNS servers.
You can change yours to mine then run MiniToolBox again, checking the boxes for List IP configuration and Winsock to compare.
-
Pl see the logs
MiniToolBox by Farbar Version: 17-06-2016
Ran by intel (administrator) on 22-05-2017 at 20:14:41
Running from "C:\Users\intel\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Model: D865GRH_ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 6 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name
Ethernet adapter Bluetooth Network Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : i have deleted
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 22, 2017 8:04:15 PM
Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 8:04:15 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-78-CE-68-00-16-76-94-DB-5F
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 2404:6800:4007:800::200e
Pinging google.com [216.58.197.78] with 32 bytes of data:
Reply from 216.58.197.78: bytes=32 time=32ms TTL=56
Reply from 216.58.197.78: bytes=32 time=31ms TTL=56
Ping statistics for 216.58.197.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
98.139.183.24
98.138.253.109
206.190.36.45
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=259ms TTL=49
Reply from 98.139.183.24: bytes=32 time=258ms TTL=49
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 258ms, Maximum = 259ms, Average = 258ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
27...00 1b 10 00 2a ec ......Bluetooth Device (Personal Area Network) #6
10...00 16 76 94 db 5f ......Realtek RTL8139/810x Family Fast Ethernet NIC
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::1e5f:2bff:fe54:8f5
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::7593:3539:2801:5955/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
**** End of log ****
i also noted the server name is now shown as some google name. pl say why it is not at first instance, when it takes obtain dns server automatically
-
The same entries , when i changed the dns server to google dns in avast hns.logs
please
2017-05-22 14:06:25.625] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=2001499800580c0200000000000000a9 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.648] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=200149980044020400000000000000a7 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.669] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=20014998000c0a060000000000024008 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.703] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=4d583758 ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.731] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=05ffff4d ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.758] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=4d58374d ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.781] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=05ffff58 ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.803] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=vk.com ip=5fd50bb4 ttl=658 flags=17 type=1 data=""
[2017-05-22 14:06:25.825] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=vk.com ip=57f0a552 ttl=658 flags=17 type=1 data=""
[2017-05-22 14:06:25.858] [info ] [ares_scan ] [ 1380: 3652] AresScanner: no data name=vk.com class=1 type=28 abuf=0x123ee458 alen=80
[2017-05-22 14:06:25.881] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=2a0206b8000a0000000000000000000a ttl=237 flags=17 type=28 data=""
[2017-05-22 14:06:25.958] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=icicibank.com ip=cb1beb19 ttl=432 flags=17 type=1 data=""
[2017-05-22 14:06:25.992] [info
This log was taken when i get no vulnerability of any kind
so, i now know that same set of coms are being analysed to get the results by wifi inspector, but i could not infer the log results or results therein.
please also say, why my dns server is shown as unknown
-
I don't know why it's showing as unknown but that yandex.ru is a Russian IP address.
vk.com is also Russian based, but do you download music or anything from there - it's also a social networking site.
yandex and vt.com could be related.
Do you use yahoo.com as your home page ?
Can you go to www.speedtest.net and make a note of your external IP address - it will be down on the left along with your ISP name.
You can change your external IP address by switching off your router, disconnecting all cables and leave it off for 30 mins.
If you do that, then go to www.speedtest.net again to see what your ext. IP address is then and run an Avast scan to see what it reports.
-
Ofcourse, i get yahoo.mail imapped thro, gmail.com.
I would have downloaded videos, but i do not know the vk.com and yandex.ru russian search engine.
what i doubt is the same set of coms are checked by the avast in each home network security, shortly , hns scan and based upon the logs , it gives result of vulnerability. Whenever, i enabled dhcp, to obtain automatically, then scan get the result of vulnerability and changing the dns to google , nullifies this vulnerability.. Ofcourse, i do have a ip range from my bsnl service provider in the router. it gives the server ip in the router status page. i checked and found that it belongs to my service provider in router checker fsecure.
i do not think that it is anything to do with the external ips, because, if i change the dns in session, the first result shows vulnerability and the change of dns, shows direct opposite result. Anyhow, i will check as you say.
why my dns server is unknown? is it because of the reverse dns point is not done by my service provider? how to correct it?
could you see any differrence in the same lines of two scan logs i enclosed?
-
Download Netalyzr to see what it makes of your Internet connection - it requires Java and for it to be enabled in browsers.
However, if you and Avast are happy using other than your ISP's default severs then just leave things at that and get on with life.
http://netalyzr.icsi.berkeley.edu/
When you change to Google's DNS servers, that should show as mine but yours looks a bit different to mine and only lists the Primary 8.8.8.8
I also noticed you had a time out on what appeared to be Google but the ping test succeeded later.
This is my ipconfig /all running on Ethernet -
Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : KAM4-TOSH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan
Wireless LAN adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 74-DE-2B-CA-4E-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : DC-0E-A1-34-09-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 May 2017 16:56:53
Lease Expires . . . . . . . . . . : 23 May 2017 16:56:53
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 74-DE-2B-CA-4E-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 May 2017 16:06:25
Lease Expires . . . . . . . . . . : 23 May 2017 16:06:24
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:105b:7d3:3f57:fef9(Preferred)
Link-local IPv6 Address . . . . . : fe80::105b:7d3:3f57:fef9%11(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 436207616
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-98-CD-AE-74-DE-2B-CA-4E-D8
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\WINDOWS\system32>
-
Hi, please see . mine also has shown two dns servers
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name
Ethernet adapter Bluetooth Network Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-16-76-94-DB-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 23, 2017 4:12:30 PM
Lease Expires . . . . . . . . . . : Wednesday, May 24, 2017 4:12:30 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-78-CE-68-00-16-76-94-DB-5F
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Windows\system32>
-
Hi, please see the test results of netanlyser
pl also see connection specific dns...yours list lan, where as mine shown as domain.name why?
-
Have you set up a Domain with the other machines in your home - I haven't.
The Proxies that Netalyzr has found could be what your ISP uses.
The Packet loss could be due to the distance to their servers, although no Packet loss is recorded for my connection and I'm in the UK.
Computers are usually default set to a MTU of 1500 but some ISPs pre-set their routers to a different setting which may not be a one size fits all.
Can you check to see what the MTU setting in your router is.
It was interesting to note that it reported an intermittent Internet connection loss.
Not sure if you have line issues or a poor ISP, but switching off computers, the router and disconnect its cables for a couple of mins can refresh its connection.
This would include a modem if a separate one is used, then after the couple of mins, connect the cables and switch just the modem on if applicable and when all of its lights are on, do the same for the router and then switch the computer on.
This is called a power cycle.
-
Have you set up a Domain with the other machines in your home - I haven't.
Please say clearly how to find. I have not made . If , how to remove that. pl
I have done that process of power cycling and other things noted in your reply.
My mtu in router is 1492
expecting reply
t was interesting to note that it reported an intermittent Internet connection loss.
please say where to look in the log by netalyer
-
Hi, Boggins do you mean to say the dns server written on the router dns, which is automatic . But i do hear that the proxy server would be override by the outside settings in the change adopter settings.
Is that means, that eventhough, i changed the dns server, every request thro the outside dns, say google also has to pass thro the hidden proxy server, ie, the router server.
can i access the router and change the dns server ips also to google dns safely. I am afraid that i will not get internet access if i do that.
-
If you log into your router and make a note of the DNS servers it uses - which will be your ISP's, then open a cmd prompt and do a tracert on them.
The cmd is entered the same as a ping but you use tracert instead.
The computer's settings if different from the router will override the router, but I don't know how your ISP works.
I think initially the router uses the router's default to connect but when it comes to resolving an URL then the computer overrides.
Avast obviously doesn't like what it finds in your ISP's.
You can set your router to use Google's DNS servers and leave the computer at auto - I have in the past.
This is a tracert using my ISP's Fibre Primary DNS of 79.79.79.79 - yours may have a longer hop.
Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>tracert 79.79.79.79
Tracing route to public-dns-a.as9105.net [79.79.79.79]
over a maximum of 30 hops:
1 1 ms 2 ms 1 ms 192.168.1.1
2 11 ms 7 ms 7 ms 88-109-96-1.dynamic.dsl.as9105.com [88.109.96.1]
3 7 ms 9 ms 11 ms public-dns-a.as9105.net [79.79.79.79]
Trace complete.
C:\WINDOWS\system32>
-
Hi, i am enclosing the result of the tracert command on the router dns, which is set to auto. There are two server ips, i have given two times the command . pl say. Moreover, i have to use ipconfig /fllushdns to get the internet access . otherwise, am getting , modem is experiencing connectivity issues error. once flushdns, ip release, ipconfig renew, i am getting . how can i avoid this manual flushing of dns always. please.
Also say, what does not liked by avast. From the whole log, why they pick up only two sites? pl educate me.
what is called hijacked domain. i do not have any domain setting. i asked you how to find and remove pl
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\intel>tracert 218.248.255.147
Tracing route to 218.248.255.147 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.1
2 27 ms 26 ms 27 ms 117.194.136.1
3 28 ms 27 ms 27 ms static.ill.218.248.61.134/24.bsnl.in [218.248.61
.134]
4 28 ms 27 ms 29 ms 218.248.255.150
5 27 ms 28 ms 28 ms 218.248.255.147
Trace complete.
C:\Users\intel>tracert 218.248.255.147
Tracing route to 218.248.255.147 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.1
2 25 ms 26 ms 26 ms 117.194.136.1
3 28 ms 27 ms 28 ms static.ill.218.248.61.134/24.bsnl.in [218.248.61
.134]
4 27 ms 28 ms 28 ms 218.248.255.150
5 27 ms 28 ms 27 ms 218.248.255.147
Trace complete.
C:\Users\intel>tracert 218.248.245.12
Tracing route to 218.248.245.12 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.1
2 27 ms 26 ms 27 ms 117.194.136.1
3 28 ms 28 ms 28 ms static.ill.218.248.61.122/24.bsnl.in [218.248.61
.122]
4 48 ms 47 ms 48 ms 218.248.245.14
5 48 ms 48 ms 48 ms 218.248.245.12
Trace complete.
C:\Users\intel>tracert 218.248.245.12
Tracing route to 218.248.245.12 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.1
2 26 ms 27 ms 26 ms 117.194.136.1
3 28 ms 28 ms 29 ms static.ill.218.248.61.122/24.bsnl.in [218.248.61
.122]
4 47 ms 47 ms 48 ms 218.248.245.14
5 48 ms 48 ms 48 ms 218.248.245.12
Trace complete.
C:\Users\intel>
-
I can't find now where the Netalyzr report mentions the intermittent disconnect.
When you have the DNS Servers set to auto, Avast is picking up yandex etc. but not when you use either Google's or Open DNS Servers.
That's what I meant by Avast not being happy, but I'm not sure why that is happening.
With the router and your computer set to default do you still need to run those ipconfig cmds ?
It may not be so much the flushdns cmd but the release and renew IP address cmds.
These relate to the router's DHCP assigning an internal IP address to your Ethernet adapter.
It could also be Avast blocking your connection.
Can you run the computer in Safe Mode with Networking for a while to see if you still get the disconnects and if so, have a look in Event Viewer.
They could be listed as DHCP events.
You could also reinstall/update your Ethernet adapter driver.
The difference between your router MTU being set to 1492 and your computer default set to 1500 will be negligible.
-
J, As this is a hardwired desktop PC, consider setting a static IP address for it on your LAN, avoids any DHCP issues :wink:
Shane's tool, Simple Static IP v.1.3.0 makes it a breeze to do :smiley:
http://www.pcwintech.com/simple-static-ip
And Tweaking.com - Change DNS Servers makes changing your DNS equally simple too :smiley:
http://www.tweaking.com/content/page/tweaking_com_change_dns_servers.html
-
Hi, Samson, i have power cuts and so , i think , my ip will be changing on every log on, as provided by the service provider. Do this tool, also changes dns server ip in router also.
Actually i do not have static ip for my pc. Will this tool change the dns in router also. please.
To boggins:
i have tried all the tricks. Has my traceroute tell something wrong. Outsourced ip check only catches the external ip allotted to you on log on. is it not?
-
Depending upon how long the power cut lasts, that could change your external IP address and sometimes when you log on, it could give you a different DHCP IP address.
There are two ways to assign a static IP address to a device - as a reserved DHCP IP address in the router or as a static IP address in one or more of the adapters in the computer.
In either case, you need to know what the DHCP range in the router is, although you could assign the reserved IP address in the router to how it is now when you do an ipconfig /all
When assigning a static IP address in the computer, it's best to do it outside of the DHCP range as the router can still assign that IP address to another device and that would cause an IP address conflict where neither device would be able to connect.
The router wouldn't know you had assigned that DHCP range address.
The latency on the tracert for your Secondary ISP DNS Server address is high compared to the Primary.
Do a tracert on Google's and then one on Open DNS and compare all three.
One other thing to check in the router is to see what the channel setting is.
If it's set to Automatic that could change at any time and while it wouldn't cause a disconnect, it could cause a blip in the connection which would be noticeable if you were streaming any music or videos.
In the computer/Device Manager/View/Show hidden devices/Network adapters - right click on the Family Controller and select Properties.
Under the Power Management tab uncheck the box to Allow the computer to turn off this device to save power - OK
-
Hi, Samson, i have power cuts and so , i think , my ip will be changing on every log on, as provided by the service provider. Do this tool, also changes dns server ip in router also.
Simple static IP changer changes your LOCAL IP address NOT that assigned by your ISP.
The DNS changer program changes the DNS on selected adapter, NOT the router.
When assigning a static IP address in the computer, it's best to do it outside of the DHCP range as the router can still assign that IP address to another device and that would cause an IP address conflict where neither device would be able to connect.
"Under normal setups going through all the trouble is a waste of time.
Most routers start giving out IPs at .100 or .1 depending on the router. By always doing the higher end such as .200 or higher it is 99% safe to do. In 17 years of setting up networks I have never seen enough devices hooked up to a home router that I have ever seen the dhcp get past .200 on handing out IPs. That would be over 100 devices hooked up, home routers can only handle so many connections before you have to upgrade to a business grade router to handle so many connections.
While there is a small chance certain routers may be set to give IPs starting that high there is a 99% chance most routers don't. I have yet to run into a single IP conflicted using the higher ranges.
So save the user a unneeded step and just use the higher ranger of .200 and above.
Your choice :-)
Shane" http://forums.pcwintech.com/index.php/topic,4114.msg32059.html#msg32059
I can only confirm what Shane has written, and his 2 programs that I have linked to are by far and away the easiest way to do both, ie set a static IP address on the local network and change DNS on network adapters.
-
I agree that DHCP usually uses the lower end but the way I've described it is the correct way and will avoid any possible conflicts.
-
Hi, Boggin, we can continue this interesting discussion.
Please say, solution to my post 22 in this thread. What is a domain name set with other machines. I never did anything like that. How to know, which domain i would have created without my knowledge. These technical terms really conveys too technical meanings, but i want a simple understanding of what is meant by domain. name. and other query in that post
-
It could be just how your computer configures it.
I believe you have other machines - can you do an ipconfig on those to compare ?
-
After replying to you , i just looked at the network and it showed joined in the home group. I just went to computer properties and found that some shared folders . I enabled some videos from pc to laptop to play there . Only selected 10 videos are shard, but any how, to remove the hg, i just selected the home group and selectd leave the group, without knowing what it will do. It just makes the joined hg as ready to create.
But what is domain.name. I did find the computer name and domain name. The domain name is left blank and in the work group, there was workgroup written. May be i would have opted, when i tried to share some videos to laptop to play there. what should be the entry in domain name. There was blank and i give some name which my pc would not accept. it rejected with error message, that the said domain name cannot be created. What is the domain name , is it a auto fill item or we need to fill. What is the primary dns suffix pl. My nslookup google.com results in unknown server still
-
There are a number of articles that come up when you Google what is primary dns suffix which you can read.
While I haven't read all of them, some are above my pay grade as I'm not that deep into it.
Have you checked your other computer(s) to see what they display as ?
-
Hi please find mine properties.
If it is the same on your computer, please advise me the default values in every field
-
Mine is exactly the same as yours.
-
Hi, Today, i sent to the higher officials of my service provider BSNL. Let us wait for reply from them on ths issue. Meanwhile thanks for samson and boggins for all the tips.
-
Hi, I am continuing this thread for continuity. I have changed some settings in my router, like disabling ping , enabling Dos protection, Denial of Service protection and changing admin pw, but kept my ISP dns server. I scanned with wifi inspector. The pc, and connected device, router and mobile showed no vulnerability. The pc is ethernet connected and wired connection.
I updated xp updates for security in my laptop. There also i enabled auto obtain address , ie, my service provider dns. It is connected with wifi. I just thought of scanning the laptop. Here , comes the vulnerability alert of dns hijack. So, it is known that internet connection and wifi and entirely different.
After a thought, i again went to my router page, and then changed my dns to google and scanned the pc and laptop and no vulnerability.
So changing of dns to google dns in the router is the only solution that is good for security. If you change , the dns at adopter settings outside, then you have to go to each device and change the dns to google to get the security. In mobiles, it is very difficult to change the dns to google as there may be provision or absent of it.
CHANGING THE DNS TO GOOGLE IN ROUTER is the correct way,as i suppose, Is it correct? please
-
Yes, that's okay to do it that way.
-
Is the external ips allotted to you for all the devices as a whole or separate ips for external ips
-
The ext. IP address is assigned for your connection, regardless of how many devices you use.
-
Hi, Thanks for the apt reply. I had this doubt, because, the router allots ip to so much devices.
-
Hi, Boggins, one more related query,
If i have all the security settings in the router, if i logged in at a time, when an infected ips, (probably found by sites honeybot like software),will all security settings would not collapse? Is there any cure for that? Because, the external ips are randomly allocated with their users connection, would it not affect?
Is my presumption of infected IPs are not real?
-
Unless you have a router that is susceptible to being hacked, the external IP address comes down the line from your ISP's servers and the router's firewall is usually quite robust and therefore the DHCP IP internal IP addresses the router assigns to devices will equally be secure.
Does that answer your question ?
-
Hi, Persistently asking this , because, even for log in to this site, i was given maths and capcha to log in. This i raised to Shane and he says some technical terms which i was not aware of before, but slightly picking up now, that some honeybot.org has stopped my log in smooth process , as i logged on an infected ips.
So i raised the question of my presumption of infected ips . I also went to that site and noted that so much of infected ips list there. So, i had the doubt, if one logs in a infected ip, external ip allotted, then there is possibility of all the security settings vulnerable. I will try to get that link in my next post
http://www.tweaking.com/forums/index.php/topic,872.msg6089.html#msg6089
-
Hi, also see the ips near column near your ip .
My ip is given below, which i removed. That means my presumption of external ips influencing the safety of settings is then true. See for your self boggin
The link is
https://www.projecthoneypot.org/home.php
-
I don't know where the link you posted in Reply #46 was supposed to take me, but it just bounced me back to the forum index.
So have you installed Honeypot ?
I've found these two articles which may or not be of interest, but I've never come across this program as a means of detection.
https://en.wikipedia.org/wiki/Honeypot_(computing)
https://honeyscore.shodan.io/
-
Hi, Boggins, there is no problem in accessing the link The link was given in my previous posts 3 years back. Just go there and click dashboard and you will see the infected ips list spamming and etc.
-
When I've just clicked on the link again, it took me to your earlier thread, but I can't see where to view any IP address of a Poster - there's normally a small icon.
What more do you want from me on this ?
-
Hi, Boggins, i got the matter. I have signed in to the website. Then , when you log on, you see the menu dashboard and you click and it will show you the ips infected near your ip. My query is related to the security settings being compromized by this kind of infected external ip. Thats all
-
Still don't know what you mean.
-
Hi are you able to go to website and access dashboard. For accessing dashboard, you need to sign in to the website
-
I'm logged in but I don't know what you mean by the dashboard.
-
If you logged in, you will be shown the dashboard, which gives the infected ips near your place, as i enclosed in the picture. I think my query centred upon dns and network security. My query is if a ip you log in happens to be infected, are the secure settings you make becomes vulnerable, since the ip is already infected.
I raised this query when i had the problem of freely logging to this website and the rest of the story is given in my old thread link. Then, i did not know much about those things of external ips and all that .
-
So do you want me to install Honeypot ?
-
Hi, I have not downloaded any honeypot. I just registered in their message board. When i open it normally, i do not find the details.But when i registered and then logging on, i could see the details. Thats all. I do not want any one to download honeypot.
-
So where is this dashboard you're on about ?
-
Hi, Boggins, pl see the screenshot
-
I did but I don't particularly want to log into the site - so is your IP address in the same group as 117.193.241.### ?
-
Hi, No boggins. I only wish to point out that external ips if logged on by users on affected ips, would be security concern and want a kind of fix. Even when you change the dns to google in the router, this attack is not given thought. I think so. So, could i cometo the conclusion that even external ips are security concerns . It shows my ip as not affected, and in your case, it would have shown, your ip and near ips infected . Is that correct, boggin.
I am extremely thankful to you for your considered reply in a way to help the users to understand in tech details.
-
I'm not sure why it considers an IP suspicious as I've checked a couple near you on Clean Talk and nothing is known on them - try some for yourself.
https://cleantalk.org/blacklists?record=117.193.241.96
-
Hi, Thanks for your reply. Does this site now has this check on spam ?
Individual computers may be vulnerable, and so is the individual ips when allotted automatically to any users. if that user logs in to the time , when he is allotted the infected ips, then there is no escape from the vulnerability, as for that session, the user is using his computer on infected ip.
I also find that it is always best to have dynamic ips. I do not think , that ISPs are doing anything to correct the infected ips with their servers. Some ISPs are using other servers also to serve you.
This is the thing that i want to be safeguarded.
What is the button get clean.....in the bottom of your link referred?
-
I remember from your previous posts that you weren't getting any alerts when using Google's DNS servers and the alerts were only there when using your ISP's.
I think it would be prudent to continue using Google's servers.
I don't think your assigned ISP ext. IP address will be infected, but there seems to be something not right when using their DNS servers.
That website is what we use to check if an IP address of someone who has registered on the forum is a known spammer.
You can also enter their email address which may come up with more info.
Try it with your own and then see if anyone has spoofed it - that can happen and then your IP address gets blacklisted, so you would need to change yours which you can do by switching off and unplugging all of the cables from the router for about 30mins, as well as switching off your computer.
Then when you switch the router back on and all of its lights are on, switch the computer back on and www.speedtest.net will display your new one.
I wouldn't worry too much about your ext. IP address unless you end up blacklisted - that Honeypot website doesn't support what I've found when running those IP addresses with the (S) or the (SD) after them - no suspicious activity.
-
Hi, Thanks for the information Boggins.
i now use google dns server in the router settings, so i need not change the same in all the devices i use.
I do not understand what is meant by
You can also enter their email address which may come up with more info. from your quote
-
That's really more for Admins and Mods as we are normally the only ones who can see a member's email address which could come up as being when that person had used that email address to register on somewhere, using a different IP address.
-
Hi, for sake of clarity , i am continuing in this thread.
If a domain is hijacked in the provided DNS, how it is connected to user computer to show it as vulnerable. Does it mean that the said domain is weak and so attacked by a third party to direct the traffic to his malicious site?
How usually program finds hijacked domains in a connection? Is that meant, only the said DNS is hijacked. To me, that DNS only supplies the ip address for any given name address. Or shoud it be read as user computer is hijacked.I want to know something more on this.Does the domain hijack means that the DNS itself is hijacked?