A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click
on the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers.
I checked all his machines out and they all showed the same problems.
I logged an android tablet on to his network and this too had exactly
the same message. I concluded that there was a DNS problem but the
router (TP link) wouldn't let me in. Windows showed a DNS address
like nothing I'd ever seen. I did a factory reset. I got in and set
it up again. All is now well.
Now the question. Can someone get into a router from outside or could
a virus in a networked machine gain access to a router to reconfigure
it?

On Fri, 06 Jun 2014 20:17:37 +0100, Lawrence
wrote:

Now the question. Can someone get into a router from outside or could
a virus in a networked machine gain access to a router to reconfigure
it?

There was an article out yesterday that said nearly all routers are
very easy to get into. Bugs in the firmware, to using exploits to
crash and cause a reboot to access the details. Get the PSW and come
back at leisure to do what you will.

On 06/06/14 20:17, Lawrence wrote:
A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click on
the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers. I
checked all his machines out and they all showed the same problems. I
logged an android tablet on to his network and this too had exactly the
same message. I concluded that there was a DNS problem but the router
(TP link) wouldn't let me in. Windows showed a DNS address like nothing
I'd ever seen. I did a factory reset. I got in and set it up again. All
is now well.
Now the question. Can someone get into a router from outside

yes

or could a
virus in a networked machine gain access to a router to reconfigure it?

yes


--
Ineptocracy

(in-ep-toc-ra-cy) €“ a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.

On 06/06/2014 20:17, Lawrence wrote:
A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click on
the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers. I
checked all his machines out and they all showed the same problems. I
logged an android tablet on to his network and this too had exactly the
same message. I concluded that there was a DNS problem but the router
(TP link) wouldn't let me in. Windows showed a DNS address like nothing
I'd ever seen. I did a factory reset. I got in and set it up again. All
is now well.
Now the question. Can someone get into a router from outside or could a
virus in a networked machine gain access to a router to reconfigure it?

Yup, there are millions of vulnerable (typically linux based[1]) routers
out there that never (or rarely) get patched, and are wide open to
attack. DNS hijack attacks are one of the easiest ways of using them to
attack networks.

https://www.schneier.com/blog/archiv...y_risks_9.html

http://www.pcworld.com/article/20985...uter-worm.html

http://securityevaluators.com/knowle...uter_hacks.php

http://news.techworld.com/security/3...k-study-finds/

[1] Keep this in mind everytime you see some muppet spout about how its
only windows that gets exploited!


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 06/06/14 21:07, EricP wrote:
On Fri, 06 Jun 2014 20:17:37 +0100, Lawrence
wrote:

Now the question. Can someone get into a router from outside or could
a virus in a networked machine gain access to a router to reconfigure
it?

There was an article out yesterday that said nearly all routers are
very easy to get into. Bugs in the firmware, to using exploits to
crash and cause a reboot to access the details. Get the PSW and come
back at leisure to do what you will.


And noone patches their routers...

"Lawrence" wrote in message
et...
A friend could not access the inet but could get emails. Whenever he tried
a search engine, Google or Yahoo, he was told Internet Explorer was out of
date and needed upgrading. Needless to say he didn't click on the link
offered. He asked me to check his machines out because he thought he must
have a virus despite running all manner of checkers. I checked all his
machines out and they all showed the same problems. I logged an android
tablet on to his network and this too had exactly the same message. I
concluded that there was a DNS problem but the router (TP link) wouldn't
let me in. Windows showed a DNS address like nothing I'd ever seen. I did
a factory reset. I got in and set it up again. All is now well.

Now the question. Can someone get into a router from outside

Yes, you can with some routers.

or could a virus in a networked machine gain access to a router to
reconfigure it?

In theory, but that's less easy because not
all the routers reconfigure the same way.
Or even large numbers of them the same way.

Its much more likely that router just had a massive
brain fade and the factory reset fixed that.

Tim Watts wrote
EricP wrote
Lawrence wrote

Now the question. Can someone get into a router from outside or could
a virus in a networked machine gain access to a router to reconfigure
it?

There was an article out yesterday that said nearly all routers are very
easy to get into. Bugs in the firmware, to using exploits to crash and
cause a reboot to access the details. Get the PSW and come back at
leisure to do what you will.

And noone patches their routers...

I do if its known to have that sort of problem.

Rod Speed wrote:


"Lawrence" wrote in message
et...
A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click
on the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers. I
checked all his machines out and they all showed the same problems. I
logged an android tablet on to his network and this too had exactly
the same message. I concluded that there was a DNS problem but the
router (TP link) wouldn't let me in. Windows showed a DNS address like
nothing I'd ever seen. I did a factory reset. I got in and set it up
again. All is now well.

Now the question. Can someone get into a router from outside

Yes, you can with some routers.

or could a virus in a networked machine gain access to a router to
reconfigure it?

In theory, but that's less easy because not
all the routers reconfigure the same way.
Or even large numbers of them the same way.

Its much more likely that router just had a massive
brain fade and the factory reset fixed that.

Or maybe the ISP decided to update the router firmware?

In message , John
Rumm writes
On 06/06/2014 20:17, Lawrence wrote:
A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click on
the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers. I
checked all his machines out and they all showed the same problems. I
logged an android tablet on to his network and this too had exactly the
same message. I concluded that there was a DNS problem but the router
(TP link) wouldn't let me in. Windows showed a DNS address like nothing
I'd ever seen. I did a factory reset. I got in and set it up again. All
is now well.
Now the question. Can someone get into a router from outside or could a
virus in a networked machine gain access to a router to reconfigure it?

Yup, there are millions of vulnerable (typically linux based[1])
routers out there that never (or rarely) get patched, and are wide open
to attack. DNS hijack attacks are one of the easiest ways of using them
to attack networks.

https://www.schneier.com/blog/archiv...y_risks_9.html

http://www.pcworld.com/article/20985...r-vulnerabilit
y-targeted-by-linksys-router-worm.html

http://securityevaluators.com/knowle...rs/soho_router
_hacks.php

http://news.techworld.com/security/3...me-wireless-ro
uters-wide-open-to-attack-study-finds/

[1] Keep this in mind everytime you see some muppet spout about how its
only windows that gets exploited!

Anything suspicious about that 4th. url?

While I was reading something downloaded to the hard drive and
temporarily overrode Firefox.

Nervous user!





--
Tim Lamb

Capitol wrote
Rod Speed wrote
Lawrence wrote

A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click
on the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers. I
checked all his machines out and they all showed the same problems. I
logged an android tablet on to his network and this too had exactly
the same message. I concluded that there was a DNS problem but the
router (TP link) wouldn't let me in. Windows showed a DNS address like
nothing I'd ever seen. I did a factory reset. I got in and set it up
again. All is now well.

Now the question. Can someone get into a router from outside

Yes, you can with some routers.

or could a virus in a networked machine
gain access to a router to reconfigure it?

In theory, but that's less easy because not
all the routers reconfigure the same way.
Or even large numbers of them the same way.

Its much more likely that router just had a massive
brain fade and the factory reset fixed that.

Or maybe the ISP decided to update the router firmware?

I wouldn't expect to get the result he got if the ISP had done that.

My modem, which is a router with the router turned off suggests you do not
allow the remote option in the menu unless you are asked to by the isp tech
troubleshooting the problems.
Brian

--
From the Sofa of Brian Gaff Reply address is active
"EricP" wrote in message
...
On Fri, 06 Jun 2014 20:17:37 +0100, Lawrence
wrote:

Now the question. Can someone get into a router from outside or could
a virus in a networked machine gain access to a router to reconfigure
it?

There was an article out yesterday that said nearly all routers are
very easy to get into. Bugs in the firmware, to using exploits to
crash and cause a reboot to access the details. Get the PSW and come
back at leisure to do what you will.

On 07/06/2014 10:01, Tim Lamb wrote:
In message , John
Rumm writes
On 06/06/2014 20:17, Lawrence wrote:
A friend could not access the inet but could get emails. Whenever he
tried a search engine, Google or Yahoo, he was told Internet Explorer
was out of date and needed upgrading. Needless to say he didn't click on
the link offered. He asked me to check his machines out because he
thought he must have a virus despite running all manner of checkers. I
checked all his machines out and they all showed the same problems. I
logged an android tablet on to his network and this too had exactly the
same message. I concluded that there was a DNS problem but the router
(TP link) wouldn't let me in. Windows showed a DNS address like nothing
I'd ever seen. I did a factory reset. I got in and set it up again. All
is now well.
Now the question. Can someone get into a router from outside or could a
virus in a networked machine gain access to a router to reconfigure it?

Yup, there are millions of vulnerable (typically linux based[1])
routers out there that never (or rarely) get patched, and are wide
open to attack. DNS hijack attacks are one of the easiest ways of
using them to attack networks.

https://www.schneier.com/blog/archiv...y_risks_9.html

http://www.pcworld.com/article/20985...r-vulnerabilit
y-targeted-by-linksys-router-worm.html

http://securityevaluators.com/knowle...rs/soho_router
_hacks.php

http://news.techworld.com/security/3...me-wireless-ro
uters-wide-open-to-attack-study-finds/

[1] Keep this in mind everytime you see some muppet spout about how
its only windows that gets exploited!

Anything suspicious about that 4th. url?


Not that I was aware of (although I run adblock - so that does prevent
some ad based compromises)

While I was reading something downloaded to the hard drive and
temporarily overrode Firefox.

Overrode in what sense?


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

In message , John
Rumm writes

Anything suspicious about that 4th. url?


Not that I was aware of (although I run adblock - so that does prevent
some ad based compromises)

While I was reading something downloaded to the hard drive and
temporarily overrode Firefox.

Overrode in what sense?

Screen went blank for a few seconds while something went in or out of
the hard drive.



--
Tim Lamb

On 06/06/2014 23:42, Tim Watts wrote:


And noone patches their routers...

I do!

--
Rod