On Friday, April 11, 2014 02:37:21 PM Carlos E. R. wrote:
On 2014-04-11 12:56, C. Brouerius van Nidek wrote:
On Friday, April 11, 2014 10:53:17 AM Joachim Schrod wrote:
On 04/11/14 07:14, C. Brouerius van Nidek wrote:
On Thursday, April 10, 2014 10:22:44 PM Joachim Schrod wrote:
On 04/10/14 18:24, C. Brouerius van Nidek wrote:
Where do I find the changed suspicious DNS ? Anybody within reach with a basic understanding of Windows? The last Windows I worked with was the version 3.1.1.
Do you have a router that gives out IP addresses for your home network? [...]
Then the problematic DNS entry is handed out by your router. As Marcus and Andreas wrote, quite some routers (especially AVM Fritz-Boxes) recently had a serious vulnerability that is actively exploited.
The "suspect" /etc/resolv.conf had:
nameserver 68.168.98.196 nameserver 8.8.8.8
So, the suspect DNS server is "68.168.98.196" - but this DNS server works, although on one on my tries it timed out after giving a partial answer (try "time host -v google.com 68.168.98.196").
Whois gives this info about it:
OrgName: Codero OrgId: APHIN Address: 5750 W. 95th St., Suite 300 City: Overland Park StateProv: KS PostalCode: 66207 Country: US RegDate: 2009-07-21 Updated: 2014-03-05 Ref: http://whois.arin.net/rest/org/APHIN
Forgot the existance of whois. Do not use it regularly :(
Normally, routers get a DNS server from your internet provider, and the router gives that data to your local computers asking for it via DHCP.
Next step is: Use http://www.router-backdoor.de/?lang=en to check if your router has the currently exploited vulnerability.
Port 32764 backdoor is not provided. That one intrusion possibility crossed of the list.
So, nothing is wrong, in the sense of virus or malware, but simply that your ISP is telling you to use a DNS that is probably overloaded. At least, it responds slowly.
Thanks Carlos. Sounds good. But one small question remains. I get a DNS from my ISP. My ISP is in Indonesia so I would expect to get a DNS closer home. Or am I wrong there? At least, since I removed that nameserver address I have a well working computer back. -- Linux User 183145 using KDE4 and LXDE on a Pentium IV , powered by openSUSE 13.1 (i586) Kernel: 3.14.0-23.gfa168d7-default KDE Development Platform: 4.12.4 22:33pm up 0:08, 3 users, load average: 0.97, 3.02, 1.95 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org