Author Topic: can the router settings be changed by virus? If it is secured by ISP  (Read 48458 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #50 on: January 20, 2016, 06:50:38 am »
Hi,
              When you are logged on to another isp, when you start a new session, some results are same. But it differed from the first findings. What i did to save is , pr scrn by expanding the + marks in the link.
               I think that the server is redirected to some domain.error com, and it list as a commercial adware peeking site. I enclose the findings without the access points.
                One of the solution given is to change the dns server to 8888 and 8844. When i opt auto detect the internet access, then i do not have the option. Ok
                Or is it possible, that i use the following and entering the above 3 with my previous numbers and the last two dns and alte dns as 88888844. What this stand for , i do not know.
                    I remember Shane saying something about change to Google dns server in some other posts. Is that belong to google?Pl remove those findings , which is not decipherable
HI, boggins, what about the query on bold lines.

The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #51 on: January 20, 2016, 06:54:25 am »
Hi, boggins, Pl also remove the 1st link in your 44 post in this thread.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #52 on: January 20, 2016, 07:06:53 am »
Hi,
can i change the dns server to the 88888844, by use this following ip
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #53 on: January 20, 2016, 07:13:00 am »
To change the DNS server settings in your computer which will override the router's ISP DNS settings - go Start - type ncpa.cpl and press enter.

Right click on the adapter you are using and select Properties.

Click on (TCP/IPv4) then on Properties then click on the lower radio button for Use the following DNS server addresses.

8.8.8.8 / 8.8.4.4 are Googles primary and secondary DNS server addresses, but you can also use OpenDNS which are -

208.67.222.222 / 208.67.220.220

I use these and have changed them so the primary is 220.220 as Netalyzr found it to be fractionally quicker than 222.222 and also faster than Google's.

Below is what mine look like using OpenDNS and after changing them, check the box for Validate settings upon exit - OK - Close and that will invoke the trouble shooter which should report no problems found.

After changing the settings I run a cmd prompt as an admin and enter -

ipconfig /flushdns

ipconfig /registerdns

shutdown /r /t 00

EDIT - If you use 8.8.8.8 and 8.8.4.4 you will have each digit of 8 in the upper row of boxes and 8 8 4 4 in the lower row.




 
« Last Edit: January 20, 2016, 07:35:10 am by Boggin »

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #54 on: January 20, 2016, 07:20:57 am »
Hi, As in the post, i changed and tested . No problem in accessing . But the router settings in the router form is different, which is shown as vulnerability. It is said NAT vulnerability in configuration. I will again check tomorrow and report, if any improvement. I will give the results after analysing myself . Thanks .
 
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #55 on: January 20, 2016, 07:38:01 am »
Is that NAT vulnerability from the ROM 0 vulnerability ?

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #56 on: January 20, 2016, 07:40:34 am »
Hi, I do not know. May be . When scan by avast using smartphone , the rom0 vulnerablity shown.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #57 on: January 20, 2016, 08:03:15 am »
I think that is what I was referring to for my ISP's router - you could contact your ISP but I doubt if they would do anything about it as that is a money making thing for them - a bit like a browser hijack that sends you to adverts.

You can ignore that error - I do as I doubt TalkTalk's "techs" would know what I was talking about :)

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #58 on: January 20, 2016, 08:56:02 am »
I doubt TalkTalk's "techs" would know what I was talking about :)

 :cheesy: "Doubt"? Boggin, you KNOW that they would n't!  :cheesy:
(You have to be in the UK to get it  :wink:)

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #59 on: January 20, 2016, 09:03:14 am »
It probably wouldn't be in their script and once they have to go off that - they are screwed :D

I was talking to one "tech" about the hidden devices in Device Manager and he said I shouldn't go in there - I didn't stay on the phone much longer after that   :rolleyes:

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #60 on: January 20, 2016, 09:29:57 pm »
Hi, Samson, It seems from Boggins posting, that the config files could not be read easily in note pad. I take it , what you say may mean that you could save the cfg file in your computer as a file and if you want to restore , you could browse to the location from the router page. Is that correct?I will try that
         But accessing that page, and mere save would not , try to save the settings as was done by the configurer when he reset my modem and entered fresh entries . That was a query to you in my earlier post.
          Hi, boggin,
                      when i tried to test with the site, the tool ran but no results shown. Probably it would allow only once with the same ip number log in. I will try to day . I want to know, whether the settings of open google settings would show some improvement.
                       But one more query comes to my mind. Spam filter sites, show infected ips list . I think that i have seen in some site. If a person is logged to a ip infected , without his fault and his actual knowledge of ip he logs, then it may be possible to change the dns settings by virus attackers, though he is well protected, irrespective of whether he changed to secure dns google.
                         I also read that if it is shown as infected, then i could not log on to secured sites, like tweaking.com. It shows an alert that i am a spammer and alerts some maths calculation to enter in to this site.
                          when i log off and and log in in new ip, not infected ,this problem does not arise.
                         Even Panda says, that it expects attacks on router much more than pcs in this year 2016.
                         I also say that in these days of infected ips, by malicious sites adware and lottery softwares, one would not have enough security unless you change the security level of your firewall to not to allow anything. If you do that , you may not also wish genuine sites.
Hi, boggins your idea on that. My router settings has an option default secured
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #61 on: January 20, 2016, 10:56:34 pm »
Hi, Boggins, when the scan is being done by ntlyzer, i get windows firewall blocking message. I do allow for the session. But i am not getting the results after waiting. Should i change anything. I open the page with internet explorer, as firefox does not allow java
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #62 on: January 20, 2016, 11:59:01 pm »
Direct TCP connections to remote PPTP Control servers (port 1723) succeed, but do not receive the expected content.
The client received an empty response instead of our normal banner. This suggests that a firewall, proxy, or filter initially allowed the connection and then terminated it, either because it did not understand our server's reply or decided to block the service -I have given public access also in java to get the result
Your computer's clock is 6 seconds fast- what to do
Your host, NAT, or firewall acts as a DNS server or proxy. Requests sent to this server are eventually processed by 218.248.233.3*. Nb: i have changed to google dns and yet this alter dns is being accessed Why.

*This is probably a bug in your NAT's firmware, and represents a minor security vulnerability.

The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #63 on: January 21, 2016, 12:01:07 am »
Hi, I have seen only now about your cmd commands, boggin. should i do to correct those errors of having accessing 218.248.233.3. Shall i issue these commands.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #64 on: January 21, 2016, 12:45:13 am »
6 seconds isn't a lot of inaccuracy but check to see if your clock is being corrected by Internet time - set it back up if you have an accurate time source and then keep an eye on it.

218.248.233.3 is the ISP's IP address DNS server and the last digit could go all the way up to .255

The info in your post before last is what I get and is derived because of security settings in the router set up by your ISP - so nothing to worry about.

I don't have an answer as to why Windows Firewall should be blocking the report - I've never had that problem.
« Last Edit: January 21, 2016, 01:40:42 am by Boggin »

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #65 on: January 21, 2016, 12:54:49 am »
Hi, Boggin , glad that you are at your desk
                        Even if you buy new modem, the wan settings do not change, is that correct?
                        This program touches that access point, because it was the first modem configuration, i suppose, which i very well know that it is configured in that place.
                        But , why it is not touching the adapter settings ip4, which is to be checked, I forgot to click one box over there. I will do it now.
                       Should i do the command prompts you describe in your post , like flushdns etc. I will check box with exit down.
                         So, it becomes clear that the result of the test is depending upon the log in time and log in ip. Is that correct?
                         Then why the ISPs are allowing infected ips? Could not they cure the infection? please
I have this access point in the overview page of the router please clarify
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #66 on: January 21, 2016, 01:31:08 am »
The /flushdns and /registerdns cmds are optional - it's just something I do and the DNS resolver cache is cleared anyway when the machine is shutdown.

When you shutdown a machine and then reboot you can be given a new IP address, this is normal, but I'm not sure where you are getting the info that an IP address is infected.

Say if your email has been hacked and is being used to send out spam, then you would be identified by your IP address and possibly blacklisted as a spammer.

Changing your email password to something more secure would stop that.

I've just run Netalyzr again so that you can compare your report to mine - use the + signs to expand any section for more info.

http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-2725-386c20c5-e4f4-4adc-aef9

Have a run through these tests https://www.grc.com/x/ne.dll?bh0bkyd2 and this one will check your router's UPnP for vulnerability.

https://www.grc.com/su/upnp-rejected.htm




Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #67 on: January 21, 2016, 02:31:17 am »
Hi, I clicked that link and it shows no concern. You could not surely know that it is infected ip or not. I visited some spam filtering sites, where i found so much infected ips given in neighbouring ips. I forgot. Once upon, i logged and it would protect me from any spam. I also queried this with shane,  This was when i attempt to this link, i was alerted that i am a spammer and to get that link, i have to solve some simple additions. After that i queried about this and Shane has replied that he has a program, which would detect that it is blacklisted in those programs and advised me to start a new log in session , by closing the existing one. The next was without any problem.
                  If you do not know, which ips are infected with spammers, then how to get that information, except, trying thro netalyzer.
                   I do not have any email hack. I only open genuine email and panda would block any thing suspicious.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #68 on: January 21, 2016, 02:37:00 am »
Hi, Please see the pst
particularly 9 onwards
http://www.tweaking.com/forums/index.php/topic,872.0.html
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #69 on: January 21, 2016, 02:37:57 am »
If you still get notified you are a spammer when you visit certain sites, then it would be advisable to change your email password as a matter of course.

Something or someone has been sending out spam from that IP address and unless someone has spoofed your IP address, then your email would be suspect.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #70 on: January 21, 2016, 02:51:21 am »
Hi, No. Please see the date of the thread . It is long ago. I am not getting any spam.
I only point out one thing. If you log on to a session of infected ip, then you get different results from Netalyzer. I wrote to them about this , and expecting reply. If i receive , i will share.
                 I have checked all the access points, and noted that it is from service providers. But there is a problem in the router. Hence this thread.
                 I do not get any spam emails.Only from known sources.
                 Thanks for all the advices from you and samson.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #71 on: January 21, 2016, 03:44:36 am »
Well, if you are concerned about the vulnerability of your router or you are still unable to log into it and finances permit it, then I would advise getting something else.

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #72 on: January 21, 2016, 04:06:23 am »
Hi, Samson, It seems from Boggins posting, that the config files could not be read easily in note pad. I take it , what you say may mean that you could save the cfg file in your computer as a file and if you want to restore , you could browse to the location from the router page. Is that correct?I will try that
         But accessing that page, and mere save would not , try to save the settings as was done by the configurer when he reset my modem and entered fresh entries . That was a query to you in my earlier post.

Yup, it is a backup, that can restore the settings. As with all backups it is snapshot of a particular time, so if you took one at the time when he reset and entered fresh entries, then you could revert to that point in time.

How much did BSNL charge for this device? You could get a Netgear D500 for Rs 1000, not an all singing and dancing router/ modem combo, but my guess is it would be more reliable than what you have.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #73 on: January 21, 2016, 07:36:09 pm »
Hi, Please also seen from two results of the netalyzer by boggin would prompt me to say again, that one reading shows some aberration, while the last , without any aberration all in green only denotes that the log in session is important to the result. I will give the reply if i receive from that organisation.
                            In his earlier result, some concern, though minor has been given. In his second result recently, he has posted a clean green, without any concern oks.
                            I think he has also dynamic ips.
                            I already took to the note of my ISP, of what precautions they are taking to give us secured experience both on bb and wireless. They say they are escalating the issue to the top authorities.i also visited the other site by shane, and found so many tools . But i could not get to know the things to manipulate. That site reveals too much technicalities that could be understood only by engineers. For eg, i tried his toool port reading. I do not know , what i have to give as input in port. without clicking next gives error page.
                              I think that his software also has auto router updates, without you going to the usual procedures to the router access point. YOu could easily update. I became member of that forum also.
                             Shane, i think that you need more than 24 hours for all these sharings and free downloads, which few sites would allow for free
The Bottom line is "Check your hardware first if it supports the task you try".

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Re: can the router settings be changed by virus? If it is secured by ISP
« Reply #74 on: January 23, 2016, 11:29:38 pm »
Hi,
           I tried avast free laptop. It also alerts vulnerabilities in my terracom router in rom 0 position. I further expanded the results, that the router is not configured correctly to by pass this vulnerability. But one thing, avast has free secure line enabled in free version.
           Yesterday i tried the same tool Boggins suggested. There was no major aberrations and only minor aberrations. My session ip , shows as not having any major defects, 95 percent green oks.
            So, I wish to make it clear that the logon session ip has more to do with router risk than any body else. If you log on to a ip, not infected, then you are safe. Otherwise, the risk at the time of login increases.
             So, is there any immediate command or tool to auto detect this and so we could as well power off our pc for some time to login to the next session to pray HIM to give the good ips.
The Bottom line is "Check your hardware first if it supports the task you try".