Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is my dns hijacked or whats going on?

23 Apr 2017   #1
BlueSparrow

Windows 7 Ultimate x64
 
 
Is my dns hijacked or whats going on?

Hi I am on a local network 172.16.0.0/24 and have several computers on it working excellent. Among others this one I am writing this post with. I am behind a vpn tunnel which starts at the router so my computers isn't aware of it really.

The problem I have is with a fresh install of windows 7 where the network is going crazy
The ping reply from 10.0.0.1 can be explained by the VPN network on the outside finds the 10.0.0.0/24 network. But the question is.. Why is it pinging 10.0.0.1 and not the address from the nslookup? There is something modifying the translation some where. The browsers, also gets the wrong address. If a disables the adapter and enables it again I get a few seconds browsing time before it is trashed again

You can see in the dump below that pinging hd.se pings the wrong address and that nslookup gives a correct working address.

Any help is really appreciated..

Code:
C:\Users\nn>ping hd.se

Pinging hd.se [10.0.0.1] with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63

Ping statistics for 10.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 11ms, Average = 11ms

C:\Users\nn>nslookup hd.se
Server:  resolver1.privateinternetaccess.com
Address:  209.222.18.222

Non-authoritative answer:
Name:    hd.se
Address:  192.71.242.51


C:\Users\nn>ping 192.71.242.51

Pinging 192.71.242.51 with 32 bytes of data:
Reply from 192.71.242.51: bytes=32 time=19ms TTL=246
Reply from 192.71.242.51: bytes=32 time=19ms TTL=246
Reply from 192.71.242.51: bytes=32 time=19ms TTL=246
Reply from 192.71.242.51: bytes=32 time=19ms TTL=246

Ping statistics for 192.71.242.51:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms

C:\Users\nn>ping hd.se

Pinging hd.se [10.0.0.1] with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63
Reply from 10.0.0.1: bytes=32 time=11ms TTL=63

Ping statistics for 10.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 11ms, Average = 11ms



My System SpecsSystem Spec
.
25 Apr 2017   #2
jraju

windows 7 ultimate 32 bit
 
 

I will recommend you to check with avast free antivirus, wifi inspector. it will check and will advise you if you need to change the settings in the router or dns server if that is hijacked.
I do not know, if i can answer to the queries, but as i had also had similar issue, i changed as per avast advice and now i am not having vulnerability. The wifi inspector checks the network and prompted the alert that it is vulnerable (not already hijacked ) to dns hns hijack and it gave the remedy to change the dns server to google dns .
if moderator feels that i could not give some solution, let me know pl
My System SpecsSystem Spec
28 Apr 2017   #3
BlueSparrow

Windows 7 Ultimate x64
 
 

Ok, I have an update to this. Now when I got some time left.
I changed the ip settings regarding the DNS to be used as a static dns. The same as the nslookup resolver uses ( 209.222.18.222 ) and it seems to work. To me it indicates that there are diffrent resolvers and only on of them is involved im my problem. Setting the DNS to static overrides the buggy one??
Anyone out there having a clue of what might be the problem?
My System SpecsSystem Spec
.

28 Apr 2017   #4
jraju

windows 7 ultimate 32 bit
 
 

Hi, I was advised to use dynamic ips, where in your ISP provides from bunch, it varies from every log if you switch of the modem and log in.
The static ip is fixed and anybody, especially hackers to track you , as from brute force they use in their programs.
Why cannot use avast free, which is giving you clue to the problem as well as solution. I have reset the modem and again scanned and it shows vulnerability and the solutions also. I will do the same to escape any dns hns hijack.
The dynamic ip is only having the problem, when you log on to a given infected ips, that is blocked on spotbot sites. Just you could switch off and then after a few minutes log on to get the non affected ips.
In the world of modem, i think that there is more to see than actual. i thought it just as a normal electronic device, but then reading network articles here and security articles eslewhere, i came to the conclusion, that it is not simple. The World is seeing you whereever you go.
There are router checks program, as given by fsecurity , GRC shields up, where you check your vulnerabillity of ports that is accessed thro router. I recommend avast, because, it is free and do what is needed . You might be aware that even port 7547 is used by hackers to hijack not only dns, they could as well access the router cfg files thro it
My System SpecsSystem Spec
29 Apr 2017   #5
BlueSparrow

Windows 7 Ultimate x64
 
 

Hi,
I have a rather large system in my home and is behind two firewalls and a vpn tunnel. The actual problem is isolated to the windows 7 it self. I tried Avast on the fresh win 7 install as you wished to no avail.
Note that is isn't a external dns problem even though I formulated the question that way. As for the choise of dns-server the only diffrence is that if I explicitly set the preferred server in the ip-v4 preferences it works. But if I don't the applications gets the wrong ip-number. Nslookup returns the correct number but browsers for example uses another API to resolve the ip-numbers so the problem lies somewhere in that area. You can see in the example above that the ping application gets the wrong ip whereas the nslookup gets the correct ip!
As for port 7547 I don't have a dsl modem in my setup and is connected directly to the internet via an asus NAT router and a linux vpn router.
My System SpecsSystem Spec
29 Apr 2017   #6
BlueSparrow

Windows 7 Ultimate x64
 
 

Added network image


Attached Thumbnails
Is my dns hijacked or whats going on?-network.jpg  
My System SpecsSystem Spec
Reply

 Is my dns hijacked or whats going on?




Thread Tools




Similar help and support threads
Thread Forum
I think My Browsers Have Been Hijacked
I think my browser homepages may have been hijacked. When I start firefox, Chrome, or IE the first page is an address that begins with esurf.biz. Then I can go to any of my bookmarks but sometimes a spam page will also load. How do I get rid of this?
System Security
Hijacked homepage cant fix
Running a dell desktop with 64bit windows 7. My homepage has been hijacked by uk.yahoo.search . I use google as my home page but now cannot change it from yahoo. I've done the usual of Internet option and changed it back but it just gets hijacked again. I've restored way back but its still there,...
Browsers & Mail
I've been hijacked. In dire need of help!
I bought my laptop from someone around the end of Feb. I noticed within a feel days that the computer was acting very weird like it already had a bad virus. I have a huge list of possible virus' & causes of getting infected that is so long I am going seriously crazy, because I'm doing my very best...
System Security
Google hijacked
So I recently got the google hijack malware. Basically anytime I went to google or most common sites I get a message saying the site may contain maleware and is dangerous blah blah blah. But then I realized another problem some of my windows services won't start like bits service. Basically...
System Security
Browser Hijacked
Over the past few days I have been trying to resolve an issue with IE8 having been Hijacked. Most of the time when I use a search through Google or Bing, upon clicking one of the results I will get a random redirect. I have tried scanning with MSE, Malwarebytes, Onecare.live, and Spybot S&D. I...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:27.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App