Author Topic: how change of dns, nullifies the vulnerability (Read 49366 times)

jraju · « **on:** May 20, 2017, 07:31:36 am »

Hi, Scan with avast wifi inspector. If i use router dns, ie , obtain dns server address automatically, i get vulnerability of dns hijack in the router , by the scan. They give solution to change the dns in change adopter settings. I changed the dns to google and next to open dns . when i scanned the same pc again, the results show no vulnerability. How, what does that mean? The avast wifi scans the computer and connected device. My pc and other devices are shown as having no vulnerabilites.
Can you say, how , the scan results differ? Moreover, i was shown, hijacked domain as vk.com and yandex.ru, which i never visited in my life time. would expert say something on this

Samson · « **Reply #1 on:** May 20, 2017, 08:47:25 am »

Hi J, first off I have been following your thread on the Avast forum. I think that you have been badly treated by some of the folks over there

I use an old version of Avast (without the wifi scanner), but I'll try and help.

Here is a good article on DNS hijacking.
http://www.thewindowsclub.com/what-is-dns-hijacking-prevention

As for the entries for yandex.ru and VK.com, it may be that your ISP is using these as their default DNS servers, check the details that appear in your adapter settings with those on this page when you channge to "obtain automatically".
https://dns.yandex.com/

Those in the Avast forum are "fanboys" of Avast and may not be willing to accept that Avast maybe giving a false positive result, so try another scanner, here.
https://campaigns.f-secure.com/router-checker/en_global/

Personally I use OpenDNS.

jraju · « **Reply #2 on:** May 20, 2017, 08:54:36 am »

Hi, Samson, glad that you say that.
There are persons who do not know how to reply to pertinent query.EVen staff there does not seem to have any clue . But i admit the wonderful people , who makes the application .
They are all senior people there and so i just watch whether any expert replies from avast. because, it is their product. i will deeply read your solution now and then reply. Thanks for your considered reply and i was expecting it from you

jraju · « **Reply #3 on:** May 20, 2017, 09:02:05 am »

Hi, I already checked that site. I got a different result in the morning,
Everything appears to be fine, but the check was incomplete
I raised a query to the email address of fesure, and expecting reply

What is the meaning of this status. Is my router could not be checked? or the dns server does not allow router checker to check the router? is the dns server having vulnerabilities of dns hijack. What is the fix
Now when i check the same site, i get green tick mark with the router dns settings.no issues found.
expecting reply

jraju · « **Reply #4 on:** May 20, 2017, 09:09:38 am »

Hi, Samson, i noticed no change in the adapter settings , when i click yandex site. But i do know that the dns server that is in the router belongs to my Service Provider ip. But i do not know, whether this server address is used by those yandex.ru or vk.com. But funny that i could not see anything inside the router entries that would suggest the hijacking of router. If i use open dns, then avast gives no vulnerability.
Would the service provider use another service provider service for its users. strange

Samson · « **Reply #5 on:** May 20, 2017, 09:34:52 am »

What I meant was....Compare your ISP DNS server addresses in your router with those on the Yandex site, this will establish if your ISP is using its own DNS or Yandex

As for the F Secure scan, wait and see what they come up with, maybe just busy and unable to complete the scan?

If OpenDNS works for you, then stick with it, like I said it is my personal choice, fast, reliable, offers a degree of protection from phishing and maliciou s websites. I won't touch anything to do with Google myself

PS each time that you change DNS servers you may want to clear your DNS cache, open a CMD prompt and enter " ipconfig /flushdns" (without the "s).

jraju · « **Reply #6 on:** May 21, 2017, 01:25:04 am »

Hi, There was no changein the dns server settings, which is my ISP, probably the server in router is compromized.I did find out the hns.log and it contains so much com, including yandex.ru, and vk.com, yahoo.com,etc etc. i only copy here the 5 entries i found in the hns.log, could you make anything out of it. It is too technical, but this is the alert, i am getting, i will copy both the prscreen and log of selected lines in hns.log
the log extract;

2017-05-21 07:49:22.278] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=628afd6d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.302] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yahoo.com ip=cebe242d ttl=221 flags=17 type=1 data=""
[2017-05-21 07:49:22.322] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=yandex.ru ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.358] [info ] [ares_scan ] [ 1392: 4196] AresScanner: result name=vk.com ip=daf8ffa4 ttl=600 flags=17 type=1 data=""
[2017-05-21 07:49:22.386] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=yandex.ru class=1 type=28 abuf=0x1658e628 alen=87
[2017-05-21 07:49:22.412] [info ] [ares_scan ] [ 1392: 4196] AresScanner: no data name=vk.com class=1 type=28 abuf=0x1658e628 alen=84
[2017-05-21 07:49:22.463]

jraju · « **Reply #7 on:** May 21, 2017, 01:28:36 am »

can i pm with you, hi, samson, with notepad enclosure ,so that i could send the whole log, which contains so many com. It is a page attachement. I do not know how to send emails to the particular user in this forum. is it permissible? if yes, please say, what is the way

Samson · « **Reply #8 on:** May 21, 2017, 03:18:46 am »

J, that log means nothing to me.

I would ask that you set your NIC adapter settings to obtain dns addresses automatically and then open a CMD prompt and enter "ipconfig /all" (without the "s and post the result. So that I can compare your ISP's default DNS servers to see if they are using Yandex DNS as per the yandex DNS site that I linked to. If OpenDNS or Google works, why not just do that?

EDIT J, If you are unhappy with the help, or lack of it on the Avast forum, then you can request help directly on your DNS hijacking issue with Avast by raisng a support ticket. Click on "support" in the Avast GUI and select "request support", here you will be able to upload scan logs too. Screenshot is of an older version of Avast, but likely to be similar.

Boggin · « **Reply #9 on:** May 21, 2017, 03:35:04 am »

Your router will be set to your ISP default DNS settings but they will be overridden when you change them in the adapter DNS settings.

They take precedence.

However, you can change them to your choice in the router.

While I leave my router's settings to default, I have the adapters settings changed to Google's 8.8.8.8 / 8.8.4.4

Download MiniToolBox and check all of the boxes down to List Winsock Entries.

http://www.majorgeeks.com/files/details/farbar_minitoolbox.html

You can copy & paste its report to the reply box, but see if Avast's scan still picks up those hijacks.

If you select Save for the download, you'll be able to use it as and when from your Downloads folder.

jraju · « **Reply #10 on:** May 21, 2017, 06:50:44 am »

hi, regarding support, they only support premium versions and for free, only source is community forum, which i already addressed. i will try to send the details of mini tool box in my next post.

Boggin · « **Reply #11 on:** May 21, 2017, 07:03:38 am »

It displays in Notepad so just right click in the text area and click on Select all - right click again and select Copy then right click in the reply box and select Paste.

jraju · « **Reply #12 on:** May 22, 2017, 05:36:45 am »

Hi, Boggins here is my log
pl kindly see that my server is shown as unknown. Even in nslookup www.google.com command it shows the same. is that command only works for server version of OS from microsoft. Is there a fix? I heard about reverse dns to fix that . but i do not know , how to do. can i do that in my windows 7 stand alone machine.
MiniToolBox by Farbar Version: 17-06-2016
Ran by intel (administrator) on 22-05-2017 at 17:55:29
Running from "C:\Users\intel\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Model: D865GRH_ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 6 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 22, 2017 5:19:25 PM
Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 5:18:59 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4007:805::200e
     216.58.220.46

Pinging google.com [216.58.220.46] with 32 bytes of data:
Reply from 216.58.220.46: bytes=32 time=25ms TTL=56
Reply from 216.58.220.46: bytes=32 time=26ms TTL=56

Ping statistics for 216.58.220.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
     2001:4998:58:c02::a9
     2001:4998:44:204::a7
     98.138.253.109
     98.139.183.24
     206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=269ms TTL=49
Reply from 206.190.36.45: bytes=32 time=274ms TTL=49

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 269ms, Maximum = 274ms, Average = 271ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
27...00 1b 10 00 2a ec ......Bluetooth Device (Personal Area Network) #6
10...00 16 76 94 db 5f ......Realtek RTL8139/810x Family Fast Ethernet NIC
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::1e5f:2bff:fe54:8f5
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::7593:3539:2801:5955/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****

Boggin · « **Reply #13 on:** May 22, 2017, 07:08:52 am »

I've never seen that before - you also seem to have quite a large winsock compared to mine.

Run a cmd prompt as an admin and enter netsh winsock reset catalog

Then shutdown /r /t 00 to effect an immediate reboot.

Can you go Start - type ncpa.cpl - right click on the Ethernet adapter and select Properties - click on (TCP/IPv4) - Properties and tell us which of the bottom buttons are checked.

This is mine using Google's DNS servers.

You can change yours to mine then run MiniToolBox again, checking the boxes for List IP configuration and Winsock to compare.

jraju · « **Reply #14 on:** May 22, 2017, 07:53:07 am »

Pl see the logs
MiniToolBox by Farbar Version: 17-06-2016
Ran by intel (administrator) on 22-05-2017 at 20:14:41
Running from "C:\Users\intel\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Model: D865GRH_ Manufacturer: INTEL_
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 6 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : i have deleted
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 22, 2017 8:04:15 PM
Lease Expires . . . . . . . . . . : Tuesday, May 23, 2017 8:04:15 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-78-CE-68-00-16-76-94-DB-5F
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 2404:6800:4007:800::200e

Pinging google.com [216.58.197.78] with 32 bytes of data:
Reply from 216.58.197.78: bytes=32 time=32ms TTL=56
Reply from 216.58.197.78: bytes=32 time=31ms TTL=56

Ping statistics for 216.58.197.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
     2001:4998:58:c02::a9
     2001:4998:44:204::a7
     98.139.183.24
     98.138.253.109
     206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=259ms TTL=49
Reply from 98.139.183.24: bytes=32 time=258ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 258ms, Maximum = 259ms, Average = 258ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
27...00 1b 10 00 2a ec ......Bluetooth Device (Personal Area Network) #6
10...00 16 76 94 db 5f ......Realtek RTL8139/810x Family Fast Ethernet NIC
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::1e5f:2bff:fe54:8f5
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::7593:3539:2801:5955/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
i also noted the server name is now shown as some google name. pl say why it is not at first instance, when it takes obtain dns server automatically

jraju · « **Reply #15 on:** May 22, 2017, 08:00:53 am »

The same entries , when i changed the dns server to google dns in avast hns.logs
please
2017-05-22 14:06:25.625] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=2001499800580c0200000000000000a9 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.648] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=200149980044020400000000000000a7 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.669] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yahoo.com ip=20014998000c0a060000000000024008 ttl=14 flags=17 type=28 data=""
[2017-05-22 14:06:25.703] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=4d583758 ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.731] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=05ffff4d ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.758] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=4d58374d ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.781] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=05ffff58 ttl=76 flags=17 type=1 data=""
[2017-05-22 14:06:25.803] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=vk.com ip=5fd50bb4 ttl=658 flags=17 type=1 data=""
[2017-05-22 14:06:25.825] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=vk.com ip=57f0a552 ttl=658 flags=17 type=1 data=""
[2017-05-22 14:06:25.858] [info ] [ares_scan ] [ 1380: 3652] AresScanner: no data name=vk.com class=1 type=28 abuf=0x123ee458 alen=80
[2017-05-22 14:06:25.881] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=yandex.ru ip=2a0206b8000a0000000000000000000a ttl=237 flags=17 type=28 data=""
[2017-05-22 14:06:25.958] [info ] [ares_scan ] [ 1380: 3652] AresScanner: result name=icicibank.com ip=cb1beb19 ttl=432 flags=17 type=1 data=""
[2017-05-22 14:06:25.992] [info

This log was taken when i get no vulnerability of any kind
so, i now know that same set of coms are being analysed to get the results by wifi inspector, but i could not infer the log results or results therein.
please also say, why my dns server is shown as unknown

Boggin · « **Reply #16 on:** May 22, 2017, 08:34:54 am »

I don't know why it's showing as unknown but that yandex.ru is a Russian IP address.

vk.com is also Russian based, but do you download music or anything from there - it's also a social networking site.

yandex and vt.com could be related.

Do you use yahoo.com as your home page ?

Can you go to www.speedtest.net and make a note of your external IP address - it will be down on the left along with your ISP name.

You can change your external IP address by switching off your router, disconnecting all cables and leave it off for 30 mins.

If you do that, then go to www.speedtest.net again to see what your ext. IP address is then and run an Avast scan to see what it reports.

jraju · « **Reply #17 on:** May 22, 2017, 08:44:42 am »

Ofcourse, i get yahoo.mail imapped thro, gmail.com.
I would have downloaded videos, but i do not know the vk.com and yandex.ru russian search engine.
what i doubt is the same set of coms are checked by the avast in each home network security, shortly , hns scan and based upon the logs , it gives result of vulnerability. Whenever, i enabled dhcp, to obtain automatically, then scan get the result of vulnerability and changing the dns to google , nullifies this vulnerability.. Ofcourse, i do have a ip range from my bsnl service provider in the router. it gives the server ip in the router status page. i checked and found that it belongs to my service provider in router checker fsecure.
i do not think that it is anything to do with the external ips, because, if i change the dns in session, the first result shows vulnerability and the change of dns, shows direct opposite result. Anyhow, i will check as you say.
why my dns server is unknown? is it because of the reverse dns point is not done by my service provider? how to correct it?
could you see any differrence in the same lines of two scan logs i enclosed?

Boggin · « **Reply #18 on:** May 22, 2017, 09:06:31 am »

Download Netalyzr to see what it makes of your Internet connection - it requires Java and for it to be enabled in browsers.

However, if you and Avast are happy using other than your ISP's default severs then just leave things at that and get on with life.

http://netalyzr.icsi.berkeley.edu/

When you change to Google's DNS servers, that should show as mine but yours looks a bit different to mine and only lists the Primary 8.8.8.8

I also noticed you had a time out on what appeared to be Google but the ping test succeeded later.

This is my ipconfig /all running on Ethernet -

Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : KAM4-TOSH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 74-DE-2B-CA-4E-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : DC-0E-A1-34-09-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 May 2017 16:56:53
Lease Expires . . . . . . . . . . : 23 May 2017 16:56:53
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 74-DE-2B-CA-4E-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 May 2017 16:06:25
Lease Expires . . . . . . . . . . : 23 May 2017 16:06:24
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:105b:7d3:3f57:fef9(Preferred)
Link-local IPv6 Address . . . . . : fe80::105b:7d3:3f57:fef9%11(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 436207616
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-98-CD-AE-74-DE-2B-CA-4E-D8
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\WINDOWS\system32>

jraju · « **Reply #19 on:** May 23, 2017, 04:00:53 am »

Hi, please see . mine also has shown two dns servers
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : intel-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name

Ethernet adapter Bluetooth Network Connection 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#6
Physical Address. . . . . . . . . : 00-1B-10-00-2A-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-16-76-94-DB-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7593:3539:2801:5955%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 23, 2017 4:12:30 PM
Lease Expires . . . . . . . . . . : Wednesday, May 24, 2017 4:12:30 PM
Default Gateway . . . . . . . . . : fe80::1e5f:2bff:fe54:8f5%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886774
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-78-CE-68-00-16-76-94-DB-5F

DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Windows\system32>

jraju · « **Reply #20 on:** May 23, 2017, 04:20:20 am »

Hi, please see the test results of netanlyser
pl also see connection specific dns...yours list lan, where as mine shown as domain.name why?

Boggin · « **Reply #21 on:** May 23, 2017, 08:30:45 am »

Have you set up a Domain with the other machines in your home - I haven't.

The Proxies that Netalyzr has found could be what your ISP uses.

The Packet loss could be due to the distance to their servers, although no Packet loss is recorded for my connection and I'm in the UK.

Computers are usually default set to a MTU of 1500 but some ISPs pre-set their routers to a different setting which may not be a one size fits all.

Can you check to see what the MTU setting in your router is.

It was interesting to note that it reported an intermittent Internet connection loss.

Not sure if you have line issues or a poor ISP, but switching off computers, the router and disconnect its cables for a couple of mins can refresh its connection.

This would include a modem if a separate one is used, then after the couple of mins, connect the cables and switch just the modem on if applicable and when all of its lights are on, do the same for the router and then switch the computer on.

This is called a power cycle.

jraju · « **Reply #22 on:** May 26, 2017, 05:57:02 am »

Have you set up a Domain with the other machines in your home - I haven't.
Please say clearly how to find. I have not made . If , how to remove that. pl
I have done that process of power cycling and other things noted in your reply.
My mtu in router is 1492
expecting reply
t was interesting to note that it reported an intermittent Internet connection loss.
please say where to look in the log by netalyer

jraju · « **Reply #23 on:** May 26, 2017, 06:29:55 am »

Hi, Boggins do you mean to say the dns server written on the router dns, which is automatic . But i do hear that the proxy server would be override by the outside settings in the change adopter settings.
Is that means, that eventhough, i changed the dns server, every request thro the outside dns, say google also has to pass thro the hidden proxy server, ie, the router server.
can i access the router and change the dns server ips also to google dns safely. I am afraid that i will not get internet access if i do that.

Boggin · « **Reply #24 on:** May 26, 2017, 08:28:43 am »

If you log into your router and make a note of the DNS servers it uses - which will be your ISP's, then open a cmd prompt and do a tracert on them.

The cmd is entered the same as a ping but you use tracert instead.

The computer's settings if different from the router will override the router, but I don't know how your ISP works.

I think initially the router uses the router's default to connect but when it comes to resolving an URL then the computer overrides.

Avast obviously doesn't like what it finds in your ISP's.

You can set your router to use Google's DNS servers and leave the computer at auto - I have in the past.

This is a tracert using my ISP's Fibre Primary DNS of 79.79.79.79 - yours may have a longer hop.

Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>tracert 79.79.79.79

Tracing route to public-dns-a.as9105.net [79.79.79.79]
over a maximum of 30 hops:

1 1 ms 2 ms 1 ms 192.168.1.1
2 11 ms 7 ms 7 ms 88-109-96-1.dynamic.dsl.as9105.com [88.109.96.1]
3 7 ms 9 ms 11 ms public-dns-a.as9105.net [79.79.79.79]

Trace complete.

C:\WINDOWS\system32>