nanog mailing list archives

Re: CPE dns hijacking malware

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 12 Nov 2013 06:35:51 +0000


On Nov 12, 2013, at 1:17 PM, Jeff Kell <jeff-kell () utc edu> wrote:

(2) DHCP hijacking daemon installed on the client, supplying the hijacker's DNS servers on a DHCP renewal.  Have seen 
both, the latter being more
common, and the latter will expand across the entire home subnet in time (based on your lease interval)


I'd (perhaps wrongly) assumed that this probably wasn't the case, as the OP referred to the CPE devices themselves as 
being malconfigured; it would be helpful to know if the OP can supply more information, and whether or not he'd a 
chance to examine the affected CPE/end-customer setups.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton

Current thread:

CPE dns hijacking malware Mike (Nov 11)
- Re: CPE dns hijacking malware Dobbins, Roland (Nov 11)
  - Re: CPE dns hijacking malware Jeff Kell (Nov 11)
    - Re: CPE dns hijacking malware Dobbins, Roland (Nov 11)
    - Re: CPE dns hijacking malware Matthew Galgoci (Nov 12)
    - Re: CPE dns hijacking malware Dobbins, Roland (Nov 12)
    - Re: CPE dns hijacking malware Tom Morris (Nov 12)
    - RE: CPE dns hijacking malware James Sink (Nov 12)
    - Re: CPE dns hijacking malware Tom Morris (Nov 12)
    - Re: CPE dns hijacking malware Jared Mauch (Nov 12)
- Message not available
  - Message not available
    - Re: CPE dns hijacking malware Larry Sheldon (Nov 12)
- Message not available
  - Message not available
    - Message not available
    - Re: CPE dns hijacking malware Larry Sheldon (Nov 12)