HoneySuckleDreams Posted November 6, 2015 Share Posted November 6, 2015 I have an odd problem.I'm trying to get to the bottom of a DNS problem. My flat mate complained of dodgy porn websites/adverts popping up and it looks like we have something taking over. She's now bug5erd of on holiday, her last words were, "don't you dare mess with anything whilst I'm away" , which is rather a mouthful in Luxembourgish. So I'm ignoring her and will take the consequences on the chin/balls when she gets back.I thought I had it sorted, I logged onto the Modem (it's a Cisco something or other so 192.168.0.1 works and low and behold there is no login/password setup so it's all open). The primary DNS server was set to 31.207.6.128 (secondary DNS was 8.8.8.8 which is a google DNS server). As far as I can tell the 31... number is somewhere in the Czech republic. So, I changed it to 8.8.8.8 and the 2nd one to 8.8.4.4 both Google servers and it's stayed like that for the last week.However, tonight, everything has started to run really slowly again, and I checked and the primary DNS has reset itself back to the 31.207... number. Do I ("we" in absentia) have a buggy virus in the firmware ? I will be the 1st to admit that all this webby/IP stuff is a bit beyond me, but it does look oddMuch obliged for any help Link to comment Share on other sites More sharing options...
Lehaut Posted November 7, 2015 Share Posted November 7, 2015 If you share files over the network these could be compromised by a virus. As Routers do not have an operating system it is highly unlikely that it will get a virus. It is possible that the firmware running on the Router could be infected with a virus but the happens very rarely Link to comment Share on other sites More sharing options...
AnOther Posted November 7, 2015 Share Posted November 7, 2015 It should not be open and while it is it's at risk of being accessed and tampered with or even having rogue firmware pushed to it.There has to be a login page somewhere, which model is it ? Link to comment Share on other sites More sharing options...
HoneySuckleDreams Posted November 7, 2015 Author Share Posted November 7, 2015 Thanks for coming along guys, I was hoping an Uber Geek would turn upThe router is a Cisco EPC2434There is a login page but with no login credentials so you just press return to get access Firmware epc2434-ESIP-16-v202r1262-120605s.bin Software revision epc2434-ESIP-16-v202r1262-120605s Is it easy to flash the firmware ? Link to comment Share on other sites More sharing options...
Quillan Posted November 7, 2015 Share Posted November 7, 2015 It would also help to know who the ISP is as well because normally they give you the settings for DNS etc. If it is Orange then they would us IPv4 primary 81.253.149.10, Secondary (IPv4 again) 80.10.246.3. Both belong to France Telecom (Orange) and are in France which is normal in that the DNS servers belong to the ISP as standard but you can of course change them for a particular reason. For instance you could change them to a UK based DNS server to watch BBC Iplayer. Link to comment Share on other sites More sharing options...
Quillan Posted November 7, 2015 Share Posted November 7, 2015 [quote user="HoneySuckleDreams"]Thanks for coming along guys, I was hoping an Uber Geek would turn upThe router is a Cisco EPC2434There is a login page but with no login credentials so you just press return to get access Firmware epc2434-ESIP-16-v202r1262-120605s.bin Software revision epc2434-ESIP-16-v202r1262-120605s Is it easy to flash the firmware ? [/quote] https://www.cisco.com/web/consumer/support/userguides2/4011350.pdf Go to page 57. It seems that when it was installed if the person got to the screen as shown on that page and just kept hitting the Enter key then no password would be created because it does not come with a default password. Every time thereafter you logged in it probably would not even ask for one. I have had the problem with adverts etc and the system running slow. I even had adverts poping up when not in a browser. In this instance it was due to some software downloaded as part of some other free software downloaded from the web (DVD Ripping software). Took ages to clear it out using a couple of different software packages. I am almost certain that your problems are on the PC and not in the router. A word of warning. Updating firmware dangerous even when you know what you are doing. You could end up totally screwing the router with no ability to recover it. You have been warned. Link to comment Share on other sites More sharing options...
HoneySuckleDreams Posted November 11, 2015 Author Share Posted November 11, 2015 I set a password up on the router and set the DNS servers to point to Google. No weird issues have surfaced, and SWMBO is back with her gadgets and stuff and it's all still tip-top. So we will see if she is carrying a virus within her bits and bobs and if so she will be getting a good delousing over the weekend... so far so good though. Link to comment Share on other sites More sharing options...
Jako Posted November 19, 2015 Share Posted November 19, 2015 Routers do run on an operating system, usually Linux. Even the Orange Livebox is running on Linux. If anyone is able to get 'root' access to a router he or she can do whatever they want with it, even control your local network and every device attached. Hackers are keen on router access to run their exploits as routers are always turned on. Link to comment Share on other sites More sharing options...
Quillan Posted November 19, 2015 Share Posted November 19, 2015 For humble plebs like us it is highly unlikely that anyone will bother to hack your router but that's not to say they can't. You might find the following interesting although it is aimed at UK routers but it gives you the gest of it all.http://www.pcadvisor.co.uk/how-to/network-wifi/how-reset-your-router-rid-it-of-malware-3595477/There is other stuff on the web about Router Viruses and their most common effect is to change the DNS server then lock it.I know with Orange they can check your router remotely and if required help you 're-flush' the operating system and if that fails they just give you returns number and you can swap it out at your nearest Orange shop. I guess that is one of the benefits of renting your Livebox, it stays under 'warranty' for as long as you have it. Link to comment Share on other sites More sharing options...
HoneySuckleDreams Posted November 19, 2015 Author Share Posted November 19, 2015 Since I reset the DNS servers to the Google servers and added a password to get to the admin page, we have had no more problems.... so fingers crossed.I have also been talking to the ISP to ask what the original DNS settings were, Luxembourg Online (LOL...funnily enough) and they have been less that useless. After nearly 2 weeks I am still getting emails from their support people asking what exactly is the problem, " can I see the internet " , " have I turned it off and back on again" etc Link to comment Share on other sites More sharing options...
AnOther Posted November 20, 2015 Share Posted November 20, 2015 [quote user="HoneySuckleDreams"]I have also been talking to the ISP to ask what the original DNS settings were[/quote] ?To manually override the ISP's default DNS servers and substitute Google somewhere you will have had to tick a box and unticking it should make it revert, possibly with a restart. Link to comment Share on other sites More sharing options...
HoneySuckleDreams Posted November 20, 2015 Author Share Posted November 20, 2015 No tick box.I just type into the IP4 Primary DNS boxes, and IP4 Secondary DNS boxes. The router has been turned on/off several times and the information has stayed the same.Still not heard from the LOL crowd Link to comment Share on other sites More sharing options...
AnOther Posted November 20, 2015 Share Posted November 20, 2015 The Cisco EPC2434 is a cable router, is that really correct ? Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now