Is this weird?? (hacking a router)

We are a small broadband ISP. We have one customer that could not get DNS to resolve. We found that he was using a DNS server in China/Taiwan, 168.95.192.1 (hntp1.hinet.net) We have our own DNS servers and this router had our DNS in its DNS field. The reason he failed is that the above DNS failed for several hours yesterday. We checked our server logs and found that he has been using this DNS since early July. He is behind a DI-604 router. As it turns out, the router redirects any request on port 53 to this hntp1.hinet.net Today we replaced the router and it's all back to normal, all DNS requests are going to our server. We also checked the settings in the DI-604, they are correct. In fact, if we use the DI-604's internal ping test, it uses our DNS. Is it possible to hack a router?? Anyone heard of this? Thanks,

- R

Reply to
RZ
Loading thread data ...

"RZ" wrote in news: snipped-for-privacy@news.supernews.com:

Yeah a router can be hacked if the router is left in its out of the box default state such as leaving the router's Admin user-id and PSW as is out of the box and most *clueless* home users will do just that. It could happen if the *clueless* user with happy fingers that clicked on unknown links in an email or a Web site that deployed a backdoor Trojan or root tool kit to a computer that gave the hacker full remote control of the machine. The hacker could easily go to the router's admin screens and configure the router.

If the router is wireless and was not secured wirelessly even a wireless hacker that could attach a machine wirelessly to the LAN on the router could access the router's Admin screens and configure the router with the router being left in its out of the box default state.

Duane ;)

Reply to
Duane Arnold

I have not heard of this before, but it certainly sounds like the router has been hacked somehow. As for why - the most likely reason is to be able to direct the user to a fake financial web site, e.g. a mock-up of a home banking site, where thay can then get him to give them his username and pasword, thinking he's loggin into his usual home banking web site.

You should inform the user that any sites where he used passwords could have been fakes, to change his passwords and to check all his bank accounts. You should also look for other users similarly compromised and inform them.

Reply to
Cantankerous Old Git

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.