Netgear WNR1000v3 Router Hacked - DNS Entries Changed
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Netgear WNR1000v3 Router Hacked - DNS Entries ...
Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 8:52 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
When I checked the settings via the router admin console the DNS entries has changed. The primary DNS was set to 107.170.189.30 and the secondary to 162.243.207.106. A quick google search for these IPs shows they are linked to similar hacks and spam.
I'd always had the router admin password changed from the default and it was fairly strong, so the hack must have happened as part of a vulnerability in the router firmware. My firmware is old at version v1.0.2.28_50.0.60 and I known there is an update available, so will apply that, but even the latest one seems to have vulnerabilities.
I have now disabled the remote admin maintenance setting, as although it was useful to login from work to check things over, that was probably how the attacker got in.
My questions really is this: Are Plusnet aware of any vulnerabilities in the routers they supply and if so, why wasn't I contacted and asked to update the firmware. They also don't seem to be blocking these DNS IP addresses at their side.
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 9:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The DNS hacks would redirect customers to a fake Adobe page (or similar) when certain sites were accessed. This in turn would infect customers machines.
All the above I may add was not a Plusnet issue.
You're the first customer I've heard who has had a PN supplied router hacked although the Netgear isn't the usual router they supply (they normally send out the almighty Thomson .......)
*Edit - some more info here : http://www.tntnetworx.net/netgear-wnr1000v3-backdoorbug/
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 9:15 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I can only really echo DomS' comments here, this is the first Netgear Router that we've supplied that I've heard about having such issues. It's a router that we supplied quite some time ago as part of a trial, I'd be happy to send a replacement router out which would be a Technicolor 582n?
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 9:21 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 9:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have Firmware Version
V1.0.2.62_60.0.87 http://support.netgear.com/product/WNR1000v3#wrapper
and Remote Access OFF ! and have had no problems
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 9:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think Plusnet should get a communication out to customers who were sent the Netgear's.
Probably off topic, but is the Technicolor 582n a good router? Can't hurt trying it out I suppose, and might put the wife's mind at rest if using a different router. Chris, do you need my contact details?
Regards
Paul.
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 9:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
We no longer supply the Netgear Router and as it was only sent out as a trial we have very limited support for it. You're the first person we've heard back from with regards to this, but I'll pass your comments on.
I've posted you out a Technicolor 582n router. I've used a 582n and have never had any issues with it personally.
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 10:01 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 10:20 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Netgear WNR1000v3 Router Hacked - DNS Entries Changed
23-06-2014 11:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
adie:quote
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Netgear WNR1000v3 Router Hacked - DNS Entries ...