What happened to DNS Server address?

Discussion in 'other security issues & news' started by SOG, Mar 10, 2014.

Thread Status:
Not open for further replies.
  1. SOG

    SOG Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    33
    A friend called me last week, Dell Studio with Vista, had encountered a repeated Flash Player Pro pop-up which he thought WebRoot and a download of MBAM had sorted, but he had got a bit confused with his response leading to a couple of restores. He did not click on it. However, subsequently, and presumably not a coincidence, there was difficulty in getting on line receiving 'cannot connect primary DNS server' message. Whilst trying ipconfig /release/renew/all/dnsflush...we noticed that in 'all' whereas the Default Gateway and DHCP Server indicated the expected router identifier, the two identifiers set against DNS Servers were unknown IP addresses. They were different but in the same range. Not sure I should post them, a search engine and IP address query did not suggest any malicious connection and when entered in browser came up with a 'Default website Page' and the other had a message in plain text saying 'No storefronts defined'. A factory reset of the router seems to have put things back to normal but can anyone help me understand what could have caused this to happen and should any further action be taken?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
  3. SOG

    SOG Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    33
    Thanks for the reply. We're in the UK and I had seen that info and wondered myself. The suggestion that the hosting was in South London led me to believe it was not connected as the IP Address search I completed pointed to ServeInt. in Virginia.
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Mine was just an example of what can happen with routers if not well mantained....

    Depending on the model/brand and age the OP may want to think of getting a more recent version. There are several hacks of this kind on the net especially for D-Link and Linksys routers not counting the WPS vulnerability in many other models.
     
  5. SOG

    SOG Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    33
    Thanks again. He has a TP LINK TD W 8961 ND just about one year old and it does have WPS. I don't think he uses it but have looked up a couple of links and I think I get the gist. Just checked and made sure it was disabled on my router:D and will pass on when I next talk with him.
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
Loading...
Thread Status:
Not open for further replies.