cancel
Showing results for 
Search instead for 
Did you mean: 

Asus DSL routers hijacked DNS

Highlighted
Rising Star
Posts: 93
Thanks: 18
Registered: ‎02-02-2016

Asus DSL routers hijacked DNS

If you have an Asus DSL router that has the "Enable Web Access from WAN" option enabled then check whether your DNS has been hijacked.  I just noticed that my DSL AC-68U has had the DNS changed to 185.183.96.174 which is a known hijack DNS server.  I am on the latest firmware (3.0.0.4.380_7712-ga519811) but I guess this doesn't include some required security updates and hackers are able to access the setup page without needing the router password.

If your DNS has been changed then make sure you set it back to defaults or Google / OpenDNS settings.  Luckily I don't use the router DHCP server so this didn't actually impact me but is worrying that Asus have not publicised this security hole as far as I know.  You should turn off the web access option until the security holes are patched.

Even if you have the option "Connect to DNS Server automatically" enabled your actual DNS server may have been hijacked.  You can check this by going to the network tools and select NSLookup method and try apple.com - it should return something like this:

Name: apple.com
Address 1: 17.142.160.59
Address 2: 17.178.96.59
Address 3: 17.172.224.47

If you see some random looking names instead then it has been DNS hijacked.

Moderator's note by Mike (Mav): Post released from Spam Filter.

FTTP + pfSense + Asus RT-AC67U AiMesh
2 REPLIES 2
Highlighted
Moderator
Moderator
Posts: 20,355
Thanks: 3,789
Fixes: 417
Registered: ‎06-04-2007

Re: Asus DSL routers hijacked DNS

Moderator's note by Mike (Mav): This thread is now in the appropriate board.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Highlighted
Hooked
Posts: 8
Thanks: 2
Registered: ‎05-07-2017

Re: Asus DSL routers hijacked DNS

Surely, unless you really, really, really have a need to access the router from outside your network it would be best to turn the option off.   If you must enable it - set a really good strong password.

I have an Asus router, however I use Merlin's firmware on mine and "Enable Web Access from WAN"  is turned off by default, not sure if that's the case with the standard firmware.