Never seen this before

Discussion in 'General Topics' started by Tarnak, Dec 6, 2009.

Thread Status:
Not open for further replies.
  1. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    I have never seen this before. I didn't allow. I just closed down the browser and reopened. See screenshots:
     

    Attached Files:

  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    As for the DNS Spoof part: The DNS servers hosting our DNS records are fine, and have all the information correct. You may need to check the DNS servers you are using, or the tool that flagged that error. I don't have any idea what that error is trying to tell you.

    The requesting local data part doesn't seem to say what. vBulletin forums use cookies, which are stored locally, though I'd hope no tool would report that as an alert.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    How do I check what DNS servers....do you mean my ISP?

    That makes two of us.;) :)
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Well, the reason I mention checking your DNS is because there have been a few attacks that involve compromising a person's DNS resolution, and a small number of exploits for DNS servers discussed over the past year or so. You'll see a few threads where people are checking their ISP DNS servers or switching over to OpenDNS, because they have some of the most monitored and secured DNS servers around.

    I'm not sure what to tell you about how to verify that your computer's DNS resolution is configured properly and your ISP DNS servers are functioning correctly. The simplist check is to just see if a DNS lookup on our domain name always returns the correct IP address for you.

    Using a CMD window, you can type the following:

    nslookup wilderssecurity.com

    That should always return:

    Name: wilderssecurity.com
    Address: 65.175.38.194


    If you get something else, there is a DNS resolution problem.

    In the first error picture, it shows the server you were accessing was 198.18.1.2. That is not us. That is from a reserved IP address block used for network testing. It's much like the private IP address range you and most of us use behind our routers, 192.168.X.X. These are not public routable addresses. They should only be present on local networks. It is concerning that the first server you were accessing was from that private network testing range. I've never seen that before.

    I'm afraid I don't have much advice on what you should check beyond trying to resolve our forum's domain name a few times. If there is a router misconfiguration and the 198.18.X.X range is in use on your network, I can't imagine why that would be the case.

    Maybe the easiest thing to do is this. If these errors persist, you could try temporarily switching the OpenDNS for all your DNS lookups. You configure that in the network configuration on your PC. There are instructions on how to use OpenDNS on their website (main site link is above).

    If this was a one time error, and you don't see it again... then it could have been some kind of strange network glitch. Although, it might be worth just rebooting everything (PC and router), and see if that stops the errors.
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    This is what I got:

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Myname>nslookup wilderssecuity.com
    Server: dsldevice.lan
    Address: 192.168.1.254

    *** dsldevice.lan can't find wilderssecuity.com: Non-existent domain

    C:\Documents and Settings\Myname>
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Well, that's the problem. The "server" involved here is some kind of local network gateway that can't resolve DNS properly. (Most people don't have a server called "dsldevice.lan". I don't know what that is, but, it isn't a proper DNS gateway.)
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
  8. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Report it to your broadband company Normally they can look into such things and maybe fix it if its on there end and not yours directly.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    Do you mean the problem where I mentioned in the link above, where I am about to have reduced functionality?

    Do you think my ISP could/should intervene with this subsequent hardware problem?

    Edit: word added + spelling
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    After contacting my ISP, then making changes to LAN > Internet Protocol(TCP/IP) Properties -

    "Use the following DNS server addresses"

    Apparently, the DNS was resolving to settings in the modem,ie.Thomsom Speedtouch 536 (v6), that was supplied by my ISP.

    I now see this.(see screenshot)
     

    Attached Files:

  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Very good. That's what you are supposed to get when looking up the domain name.
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    Thanks! :thumb: ...I am always learning something.:)
     
Thread Status:
Not open for further replies.