Avast wifi inspecor, gives vulnerability alert, if i change google dns
-
Avast wifi inspecor, gives vulnerability alert, if i change google dns
I have scanned my pc with wifi inspector, and found dns hijack vulnerabilities if i opted to obtain dns server address automatically. It produces results to the effect, that some hijacked domain like yandex.ru, and vk.com are vulnerable and could fetch me fake bank online address etc.etc.When i changed the dns server to the google dns, and then scan it, it produces no such vulnerabillities on subsequent future scans.
My question is how those com are found out by avast. Could the router dns server address be infected. please reply
My sub query is how those com address are found by the wifi inspector, of which there are no entries shown in router on my perusal
My computer is said to be having no vulnerabilities, so i suspect the only thing that is possible. Is my presumption correct? expecting a detailed reply
-
-
Hi, in support of my query , i am enclosing the png
-
There are a couple of ways to find what DNS server you are using and Avast might be using one of them to figure out what DNS server you are using.
Method 1: Dos or Powershell command "nslookup www.google.com"
Code:
PS C:\WINDOWS\system32> nslookup www.google.com
Server: pi
Address: 192.168.100.104
Non-authoritative answer:
Name: www.google.com
Addresses: 2607:f8b0:4004:802::2004
172.217.10.132
PS C:\WINDOWS\system32>
Your results will be different because I run my own DNS server locally.
In my case the DNS server name is Pi and the IP of my server is 192.168.100.104
Method 2: Dos or Powershell command "ipconfig /all"
Code:
PS C:\WINDOWS\system32> ipconfig /all
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : Removed you don't need my Mac
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe4(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.99(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 237005450
DHCPv6 Client DUID. . . . . . . . : Removed you don't need my Mac
DNS Servers . . . . . . . . . . . : 192.168.100.104
192.168.100.102
NetBIOS over Tcpip. . . . . . . . : Enabled
This shows my DNS Servers 192.168.100.104 and 192.168.100.102
I do not know anything about those .com names but it is easy to change your DNS server's in your ethernet adapter's IPv4 settings. You would have to do a Google search to find the closest reputable DNS server near you.
You could also change DNS servers in your router config, my guess is that you are using your ISP's DNS right now
One reason Avast might be flagging your DNS server is because of the way it resolves sites that do not exist.
EG:
http://www.123rrryyyjjkl.com
should not exist and should return an error page, If you end up at a web site that means the server is redirecting your queries which is frowned upon by security experts. It does not mean they are malicious it's just not the recommended way to treat queries.
Chrome error page:
Last edited by Digital Life; 20 May 2017 at 15:37.
-
-
Hi, Thanks for your reply
On the first test cmd, my server is shown as unknown
Secondly the dns server shown in my case is only one which is given below
Windows IP Configuration
Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name
Ethernet adapter Bluetooth Network Connection 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : removed as per suggestion
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : removed as per suggestion
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : removed as per suggestion
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
for nslookup cmd
Server: UnKnown
Address: 192.168.1.1
Name: Google
Addresses: 2404:6800:4007:805::2004
216.58.220.36
The click to the link , comes with server error as you have given , when using chrome
please . i expect clarification, since the router checker page does not show any vulnerabilities the last time i scanned. if the dns server of my isp if affected, does not that mean, that those who have enabled to obtain address automatically would also be vulnerable to attacks.
The other question is , even though avast scans by using Lan on my pc, how it comes with those com.pl
-
Hi, from avst hns.logs, there were so many checked coms by avast . relevant logs are enclose
d
the log extract;
2017-05-21 07:49:22.278] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]
-
-
-
No soluti0n fr0m them. would you. Pl gve fix. for unknown server. Is nslookup only works forserver having OS
-
-
Hi, Thanks . I know how to change the dns server settings in my pc. But nslookup says that it is unknown server and i want a fix to know about my dns server. So only i asked about the commands availabiity of using only in server OS and not in windows 7 stand alone computer. Thanks for detailed help to proceed further.
-
I don't know what you mean, just change your DNS server and see what happens. I really can't help you any further.