Re: Can a router be 'infected'?



David H. Lipman wrote:
From: "BD2" <BoaterDave@xxxxxxxxxxxxx>

| Here is a quote made recently by MVP PABear in a Microsoft newsgroup:-

| "It *is* his computer and it was yours, too. The infection you had also
| "infected" the router."

| Please will someone explain exactly how this can happen and how to check
| that one's router is 'clean'?

| Thanks.
| --
| Dave

An off the shelf SOHO Router can NOT become "infected" it can become compramised. Robear Dyer used the wrong terminology.

A DNSChanger Trojan can use a dictionary attack on a given SOHO Router and if the default password has NOT been set to a strong password then the DNS Server table can be changed and malaicious DNS servers, such as 85.255.x.y, may be inserted in the DNS Server table redirecting LAN nodes to malicious sites.

The Router itself can not be "infected" such there is malware now running on that appliance. It becomes compromised where it acts on behalf of the malicious actor's desires by altering its settings.



You said "Robear Dyer used the wrong terminology".

Will you post in that thread and tell him so? If not - why not?

Should you *not* wish to correct him (so notifying the OP as well) I trust you have no objection to me posting there and quoting exactly what you have said here, David.

--
Dave
.



Relevant Pages

  • Re: Can a router be infected?
    ... The infection you had also ... | that one's router is 'clean'? ... password has NOT been set to a strong password then the DNS Server table can be changed ... redirecting LAN nodes to malicious sites. ...
    (alt.computer.security)
  • Re: Changing the Default Gateway
    ... I agree that I can't see how the WAN side of the router would have anything ... is saying that the folks changed the internal LAN IP of the router to .222. ... this new MPLS internet connetion and phase out the Frame router. ... All tests passed on this DNS server ...
    (microsoft.public.windows.server.sbs)
  • Re: Strange PC networking problem
    ... and make configuration changes. ... "Finally, I could use her computer to log in to the router, and make ... It has to get it from DHCP, ... The next choice is between "Obtain DNS server address automatically" or "Use the following DNS server addresses:", with fields for preferred DNS server and alternate DNS server. ...
    (comp.sys.mac.advocacy)
  • Re: Strange PC networking problem
    ... and make configuration changes. ... It's no wonder you Mac advocates despise Windows. ... connect to the router indicates that he is having issues getting ... "Obtain DNS server address automatically" or "Use the following DNS ...
    (comp.sys.mac.advocacy)
  • Re: Urgent - please help
    ... Ethernet adapter Local Area Connection: ... above, are we still looking at a misdirected DNS server, or is it ... that a client connecting to the router is directed back to the DC for DNS ... All workstations use DHCP. ...
    (microsoft.public.windows.server.active_directory)