Avast wifi inspecor, gives vulnerability alert, if i change google dns

jraju · 20 May 2017

I have scanned my pc with wifi inspector, and found dns hijack vulnerabilities if i opted to obtain dns server address automatically. It produces results to the effect, that some hijacked domain like yandex.ru, and vk.com are vulnerable and could fetch me fake bank online address etc.etc.When i changed the dns server to the google dns, and then scan it, it produces no such vulnerabillities on subsequent future scans.
My question is how those com are found out by avast. Could the router dns server address be infected. please reply
My sub query is how those com address are found by the wifi inspector, of which there are no entries shown in router on my perusal
My computer is said to be having no vulnerabilities, so i suspect the only thing that is possible. Is my presumption correct? expecting a detailed reply

jraju · 20 May 2017

Hi, in support of my query , i am enclosing the png

Digital Life · 20 May 2017

There are a couple of ways to find what DNS server you are using and Avast might be using one of them to figure out what DNS server you are using.

Method 1: Dos or Powershell command "nslookup www.google.com"

Code:

PS C:\WINDOWS\system32> nslookup www.google.com
Server:  pi
Address:  192.168.100.104

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4004:802::2004
          172.217.10.132

PS C:\WINDOWS\system32>

Your results will be different because I run my own DNS server locally.

In my case the DNS server name is Pi and the IP of my server is 192.168.100.104

Method 2: Dos or Powershell command "ipconfig /all"

Code:

PS C:\WINDOWS\system32> ipconfig /all
Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : Removed you don't need my Mac 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.100.99(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.100.1
   DHCPv6 IAID . . . . . . . . . . . : 237005450
   DHCPv6 Client DUID. . . . . . . . : Removed you don't need my Mac
   DNS Servers . . . . . . . . . . . : 192.168.100.104
                                       192.168.100.102
   NetBIOS over Tcpip. . . . . . . . : Enabled

This shows my DNS Servers 192.168.100.104 and 192.168.100.102

I do not know anything about those .com names but it is easy to change your DNS server's in your ethernet adapter's IPv4 settings. You would have to do a Google search to find the closest reputable DNS server near you.

You could also change DNS servers in your router config, my guess is that you are using your ISP's DNS right now

One reason Avast might be flagging your DNS server is because of the way it resolves sites that do not exist.
EG:
http://www.123rrryyyjjkl.com

should not exist and should return an error page, If you end up at a web site that means the server is redirecting your queries which is frowned upon by security experts. It does not mean they are malicious it's just not the recommended way to treat queries.

Chrome error page:

Avast wifi inspecor, gives vulnerability alert, if i change google dns-dns-warning.png

jraju · 20 May 2017

Hi, Thanks for your reply
On the first test cmd, my server is shown as unknown
Secondly the dns server shown in my case is only one which is given below

Windows IP Configuration

Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : removed as per suggestion
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : removed as per suggestion
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : removed as per suggestion
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
for nslookup cmd
Server: UnKnown
Address: 192.168.1.1

Name: Google
Addresses: 2404:6800:4007:805::2004
216.58.220.36
The click to the link , comes with server error as you have given , when using chrome
please . i expect clarification, since the router checker page does not show any vulnerabilities the last time i scanned. if the dns server of my isp if affected, does not that mean, that those who have enabled to obtain address automatically would also be vulnerable to attacks.
The other question is , even though avast scans by using Lan on my pc, how it comes with those com.pl

jraju · 21 May 2017

Hi, from avst hns.logs, there were so many checked coms by avast . relevant logs are enclose
d
the log extract;

2017-05-21 07:49:22.278] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]

Digital Life · 21 May 2017

Unfortunately I do not use Avast, I would suggest going to their Forums Avast WEBforum - Index

jraju · 21 May 2017

No soluti0n fr0m them. would you. Pl gve fix. for unknown server. Is nslookup only works forserver having OS

Digital Life · 22 May 2017

Try changing your you DNS server settings

Try this tutorial if your not sure how to do it.
DNS Addressing - How to Change in Windows 7 - Windows 7 Help Forums

jraju · 22 May 2017

Hi, Thanks . I know how to change the dns server settings in my pc. But nslookup says that it is unknown server and i want a fix to know about my dns server. So only i asked about the commands availabiity of using only in server OS and not in windows 7 stand alone computer. Thanks for detailed help to proceed further.

Digital Life · 22 May 2017

I don't know what you mean, just change your DNS server and see what happens. I really can't help you any further.