Author Topic: why dns hijack alert on wifi inspector for the 1st scan on new router only  (Read 5857 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, I bought a dlilnk 2750u router and after configuring with the wizard, scanned with avast wifi inspector. I was shown alert of dns hijack and on the solution page, I was asked to uncheck enable ddns in advanced settings , which i did it. On the second scan, it shows no alett and i did not get any alert on any vulnerability in the wifi inspector scan.
But I went and looked at the ddns again, the same was enabled again with pppoe connection to a dlink server. I again, selected ----- , in the drop down box instead of pppoe, and then uncheck the enable and save and reboot the router.
The subsequent scan with wifi inspector showed no vulnerable with green tick.
My query is Why on the first scan, it showed as dns hijack vulnerability beore unchecking and showed as no vulnerability on subsequent scans, even when the same was checked in the router settings.
could some one clarify
I wish to state that I have used the dlink wizard to configure the router for getting my ISP configurations thro its wizard

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, I enclose the actual position of router on ddns after unchecking and rebooting the router for the first time

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Why servers default other than googld dns ,open dens, etc are showing as vulnerable servers. Are they really infected servers or avast has programmed that to be.
When I changed my ISP server to opendns, the vulnerability alert has gone in to wind.

Are other servers except these servers are vulnerable or is a false positive alert

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Hi,

Can you please provide us with a screenshot of the Avast interface showing the detection?
Can you also provide us with a support file id?
Please follow these steps:
1. Open - Avast Premium Security > Click on -  Menu > Settings > General > Troubleshooting > Select - Enable debug logging (at the bottom)
2. Run a new Wi-Fi Inspector scan
3.Generate the support file
 To generate the support file, please see this link.
https://support.avast.com/en-ww/article/Submit-support-file
4. Disable debug logging

Offline jraju

  • Poster
  • *
  • Posts: 417
hI, rAVAST,
 Please see the screen shots

1. scan result by changing to my ISP dns, audo detect vulnerability dns hijack
2. scan after disabling ddns, and then change to public dns no vulnerability
3. scan result after again reverted to my Isp vulnerability found dns hijack
4. scanned result after again unchecking ddns and change to public dns

Offline jraju

  • Poster
  • *
  • Posts: 417
hI, RAVAST, SENT THE DATA, WHEN THE RESULT IS NO VULNERABILILTY. will send afte changing the dns to get vulnerability data .
or you will get it from the support file I sent already in this ID THZTQ

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Ravast, seen the message.
I have enabled the log .
I again created the dns hijack alert and resend the support file
the file id is TJ1PA
I hope that this time , the details are correcly captured.
Only one thing, that i could not fill, and that is the ticket no.
Hope that you received the file. Now, the avast shows the alert of vulnerability

This I edited later

Now I have changed to public dns and the scan show no vulnerabililty.
dlink has stopped providing ddns service previous year itself
the support file id for this no vulnerability  was sent via
support file id   U9642
please see and say, that barring public dns all the dns have been having compromized or My ISP server is affected with something
« Last Edit: August 28, 2021, 08:38:43 AM by jraju »

Offline jraju

  • Poster
  • *
  • Posts: 417
hI, rAVast,

i received this message from avast support
We have received a diagnostic report related to this e-mail address that does not contain a description. There is no case related to this e-mail address in our database therefore we are not quite sure how we can help. Could you please provide us with a description of the issue itself or a previous case number? Please bear in mind that any information might be helpful and can speed up the resolution.

Best regards,

But I saw the support files were sent to avast only and the file id has also be the same.
what else Avast want in this regard. Is this message a alert to supply more details
The request numbers that were given to me in my email receipt are 13887460   13887226
« Last Edit: August 29, 2021, 02:36:54 PM by jraju »

Offline jraju

  • Poster
  • *
  • Posts: 417
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #8 on: September 02, 2021, 01:35:52 PM »
hi, ravast,
please tell me if the analysis started on my support logs.
have they found out anything

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #9 on: September 03, 2021, 11:22:51 AM »
hi, ravast,
please tell me if the analysis started on my support logs.
have they found out anything

Hi,

It seems that you should not have received these messages. Our devs are still looking into this.

Offline jraju

  • Poster
  • *
  • Posts: 417
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #10 on: September 04, 2021, 03:52:30 AM »
Thanks ravast.
expecting.
Everybody say that google dns is not intrusive. But in one of my analysis found that the actual dns it gave me does not belong to my country, where there may be many servers, but to the neighbouring countries. I stopped using this public dns and switched back to my ISP dns.
But most software, yellows the dns, that they did not include in their software, as yellow flag, to use those cautiously other than the google and one or two public dns. It seems. Let me hear from your people on this

Offline jraju

  • Poster
  • *
  • Posts: 417
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #11 on: September 18, 2021, 11:24:19 AM »
Hi, Ravast,

Is there any progress in the logs I submitted.

Offline jraju

  • Poster
  • *
  • Posts: 417
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #12 on: September 21, 2021, 07:23:04 AM »
Hi, there is no reply to my queries from avast team on the logs submitted. Why it is taking time to analyse my logs. I expected a reply from the team. But since nothing came, I want to remind once again.
Is that only some servers known have been included as secured servers and all others are vulnerable.
I was open in my queries .

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2761
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #13 on: September 21, 2021, 11:38:07 AM »
Hi,

The detection should have been suppressed and not visible to you when located in India.
The reported situation is not a threat, it is caused by the traffic being redirected by Indian ISPs acting on government mandate: https://www.reuters.com/article/us-india-china-apps-idUSKBN29U2GJ

Offline jraju

  • Poster
  • *
  • Posts: 417
Re: why dns hijack alert on wifi inspector for the 1st scan on new router only
« Reply #14 on: September 22, 2021, 07:07:05 AM »
Hi, R(a)vast,
           Read the contents of the linked article. It is understood that some apps have been banned. I did not see anything that alerts that denotes about dns hijack as alerted by avast wifi inspector scan.
As you said, that it should have been suppressed for indian avast users, has anything made to the program of late to suppress the warning of dns hijacks?
Will you give some more details on this?
Assuming that i would have not correctly configured the new router, I went to my nearest service provider office and configured the router.
         The same procedure has been followed by the official and I rechecked that the dns servers are configured to automatic obtaining mode, ie, my service provider Dns.
          all other parameters are checked and it was the same as before, except , my changing the dns to google dns previously on the advice of the avast suggestions after the alert .
now, when I scan with the wifi inspector, with my ISP dns,  i do not get any vulnerability warning after its scan.
Moreover, I had not visited any mentioned website nor do I have uc browder as my default, I am using firefox, and chrome only.
           Now i do not get  any vulnerability on wifi inspector test
           See this enclosed report.
            The server is set to auto detect and the dns servers are provided by my ISP


         

« Last Edit: September 22, 2021, 07:22:17 AM by jraju »