nanog mailing list archives
Re: CPE dns hijacking malware
From: Larry Sheldon <LarrySheldon () cox net>
Date: Tue, 12 Nov 2013 15:59:58 -0600
On 11/12/2013 3:54 PM, Larry Sheldon wrote:
On 11/12/2013 3:24 PM, Larry Sheldon wrote:On 11/12/2013 12:12 AM, Dobbins, Roland wrote:On Nov 12, 2013, at 12:56 PM, Mike <mike-nanog () tiedyenetworks com> wrote:It appears that some of my subscribers DSL modems (which are acting as nat routers) have had their dns settings hijacked and presumably for serving ads or some such nonsense.How do you think this was accomplished? Via some kind of Web exploit customized for those devices and targeting your user population via email or social media, which tricked users into clicking on something that accessed the Web admin interface via default admin credentials or somsesuch; or via some direct attack on the CPE devices themselves; or via some other method?I am less well informed here than in a lot of other things, so please be gentle. As a user of such equipment, I don't see or know of anything in the I/F that I have access-to that mentions DNSish stuff except the servers I am to use. But interestingly enough, when I tried to look at it to verify my belief's just no I got a certificate error that it won't let me past. That seems odd.Meant to send this to the list. The on-line chat to Linksys was subsatisfying, but for want of something to do I dropped the "s" IN "https" and go on the router just fine. Makes you wonder if I understand "certificates". But I do not see anything that looks like I can affect DNS beyond which servers I use.
And I don't know a way to get on Cox's "cable modem" at all. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Current thread:
- Re: CPE dns hijacking malware, (continued)
- Re: CPE dns hijacking malware Dobbins, Roland (Nov 11)
- Re: CPE dns hijacking malware Jeff Kell (Nov 11)
- Re: CPE dns hijacking malware Dobbins, Roland (Nov 11)
- Re: CPE dns hijacking malware Matthew Galgoci (Nov 12)
- Re: CPE dns hijacking malware Dobbins, Roland (Nov 12)
- Re: CPE dns hijacking malware Tom Morris (Nov 12)
- RE: CPE dns hijacking malware James Sink (Nov 12)
- Re: CPE dns hijacking malware Tom Morris (Nov 12)
- Re: CPE dns hijacking malware Jared Mauch (Nov 12)
- Re: CPE dns hijacking malware Jeff Kell (Nov 11)
- Re: CPE dns hijacking malware Dobbins, Roland (Nov 11)
- Message not available
- Re: CPE dns hijacking malware Larry Sheldon (Nov 12)
- Message not available
- Message not available
- Re: CPE dns hijacking malware Larry Sheldon (Nov 12)