Main Forum > General Computer Support
how change of dns, nullifies the vulnerability
jraju:
The same entries , when i changed the dns server to google dns in avast hns.logs
please
2017-05-22 14:06:25.625] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=2001499800580c0200000000000000a9 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.648] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=200149980044020400000000000000a7 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.669] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=20014998000c0a060000000000024008 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.703] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=4d583758 ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.731] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=05ffff4d ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.758] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=4d58374d ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.781] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=05ffff58 ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.803] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=vk.com ip=5fd50bb4 ttl=658 flags=17 type=1 data=""
[2017-05-22 14:06:25.825] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=vk.com ip=57f0a552 ttl=658 flags=17 type=1 data=""
[2017-05-22 14:06:25.858] [info ] [ares_scan ] [ 1380: 3652] AresScanner: no data name=vk.com class=1 type=28 abuf=0x123ee458 alen=80
[2017-05-22 14:06:25.881] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=2a0206b8000a0000000000000000000a ttl=237 flags=17 type=28 data=""
[2017-05-22 14:06:25.958] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=icicibank.com ip=cb1beb19 ttl=432 flags=17 type=1 data=""
[2017-05-22 14:06:25.992] [info
This log was taken when i get no vulnerability of any kind
so, i now know that same set of coms are being analysed to get the results by wifi inspector, but i could not infer the log results or results therein.
please also say, why my dns server is shown as unknown
Boggin:
I don't know why it's showing as unknown but that yandex.ru is a Russian IP address.
vk.com is also Russian based, but do you download music or anything from there - it's also a social networking site.
yandex and vt.com could be related.
Do you use yahoo.com as your home page ?
Can you go to www.speedtest.net and make a note of your external IP address - it will be down on the left along with your ISP name.
You can change your external IP address by switching off your router, disconnecting all cables and leave it off for 30 mins.
If you do that, then go to www.speedtest.net again to see what your ext. IP address is then and run an Avast scan to see what it reports.
jraju:
Ofcourse, i get yahoo.mail imapped thro, gmail.com.
I would have downloaded videos, but i do not know the vk.com and yandex.ru russian search engine.
what i doubt is the same set of coms are checked by the avast in each home network security, shortly , hns scan and based upon the logs , it gives result of vulnerability. Whenever, i enabled dhcp, to obtain automatically, then scan get the result of vulnerability and changing the dns to google , nullifies this vulnerability.. Ofcourse, i do have a ip range from my bsnl service provider in the router. it gives the server ip in the router status page. i checked and found that it belongs to my service provider in router checker fsecure.
i do not think that it is anything to do with the external ips, because, if i change the dns in session, the first result shows vulnerability and the change of dns, shows direct opposite result. Anyhow, i will check as you say.
why my dns server is unknown? is it because of the reverse dns point is not done by my service provider? how to correct it?
could you see any differrence in the same lines of two scan logs i enclosed?
Boggin:
Download Netalyzr to see what it makes of your Internet connection - it requires Java and for it to be enabled in browsers.
However, if you and Avast are happy using other than your ISP's default severs then just leave things at that and get on with life.
http://netalyzr.icsi.berkeley.edu/
When you change to Google's DNS servers, that should show as mine but yours looks a bit different to mine and only lists the Primary 8.8.8.8
I also noticed you had a time out on what appeared to be Google but the ping test succeeded later.
This is my ipconfig /all running on Ethernet -
Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : KAM4-TOSH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan
Wireless LAN adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 74-DE-2B-CA-4E-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : DC-0E-A1-34-09-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 May 2017 16:56:53
Lease Expires . . . . . . . . . . : 23 May 2017 16:56:53
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 74-DE-2B-CA-4E-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 May 2017 16:06:25
Lease Expires . . . . . . . . . . : 23 May 2017 16:06:24
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:105b:7d3:3f57:fef9(Preferred)
Link-local IPv6 Address . . . . . : fe80::105b:7d3:3f57:fef9%11(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 436207616
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-98-CD-AE-74-DE-2B-CA-4E-D8
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\WINDOWS\system32>
jraju:
Hi, please see . mine also has shown two dns servers
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name
Ethernet adapter Bluetooth Network Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-16-76-94-DB-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 23, 2017 4:12:30 PM
Lease Expires . . . . . . . . . . : Wednesday, May 24, 2017 4:12:30 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-78-CE-68-00-16-76-94-DB-5F
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Windows\system32>
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version