A new threat?

[jsvidyad]

Hello,

It's possible for someone who hacks into a router to change the DNS server ip addresses for that router and thus redirect users(connected to that router) who are accessing the internet to malicious websites in order to steal information from the users and do other unpleasant things.

I was under the impression that to protect against this, all I have to do is specify trusted DNS server ip addresses in my laptop itself and thus all DNS requests from my computer would ignore and bypass the DNS servers specified in the router(by the hacker) and all DNS server requests from my computer would go to the trusted DNS servers I specified in my laptop. This is supposed to protect me from being mis-directed to the malicious sites and from other traps set up by the hacker. But, after reading this website: http://hackercodex.com/guide/how-to-...ver-hijacking/ I am not too sure anymore. Can you read this webpage and give me some feedback regarding this?

[Moose]

Makes you worry some of the things hackers can do..

[Hungry Man]

If your router is performing DNS resolution I guess. But your local system is going to be performing it.

What they can do is intercept the DNS request via MITM (instead of just changing a router setting, which wouldn't do anything unless your system couldn't resolve the DNS AFAIK)because DNS isn't encrypted.

It's the same way that when you visit a website over HTTP an attacker can put information into the page you view or they attacker can see that information.

To solve this you can use DNSCrypt by OpenDNS. It encrypts DNS, although I'm not sure about the specifics.

[drmrgd]

Boy, you're really concerned about hackers and your router aren't you? As others have said, just reset the router and the password and let it go.

As Hungry Man says, I'm not sure a hacker that has changed the DNS settings on the router could do too much with the system. Further I'm not sure how the page you linked is related. In that case, the way I read it, the ISP was re-routing traffic where they wanted it. That was pretty independent of the users router, until the reconfigured it.

[Hungry Man]

In the case of ISPs redirecting traffic etc there is very little we can do. In various other governments less friendly to privacy we've seen SSL handshakes broken so that users are forced to use HTTP versions of websites or users are prevented from using TOR etc.

Everything you do goes through your ISP at some point - your DNS, all traffic. So while you can have name resolution take place at your router the router just acts as an RX server - it still has to fetch from the ISP or through the ISP.

[jsvidyad]

So, what you guys are saying is that the best I can do is just set the DNS server ip addresses in my computer itself and hope for the best?

[jsvidyad]

Boy, you're really concerned about hackers and your router aren't you? As others have said, just reset the router and the password and let it go.

As Hungry Man says, I'm not sure a hacker that has changed the DNS settings on the router could do too much with the system. Further I'm not sure how the page you linked is related. In that case, the way I read it, the ISP was re-routing traffic where they wanted it. That was pretty independent of the users router, until the reconfigured it.

Hi!!

I just came across that website when I was looking up DNS servers.

Can a attacker do the same re-routing of dns traffic or can only the ISP do that?

[jsvidyad]

Any suggestions for how to set up dnscrypt in kubuntu 10.04 and ubuntu 12.04?

[jsvidyad]

Can someone please help me here?

[cariboo]

Have you found this thread yet?

In many cases, the Ubuntu wiki is a great resource when you need to set something, or just need help to solve a problem.

https://help.ubuntu.com/