luci127001
Addict
- Joined
- Jan 20, 2017
- Posts
- 23
- Reaction
- 15
- Points
- 71
I recently discovered that my ISP, ehem... G. L. B.... ehem... has been hijacking my DNS queries.
DNS hijacking means that they (ISP) redirect all of our traffic to their own DNS servers for malicious purposes, e.g. phishing, advertisements, data and statistics mining, blocking access to selected domains as a form of censorship, etc.
So, what's the simplest way to know if you're affected (for newbies and for people who don't use VPNs):
1) Open: Command Prompt
2) Type: nslookup You do not have permission to view the full content of this post. Log in or register now.
3) Look at the first 2 lines of the result. They should indicate the DNS server used by your network adapter.
4) Then, look at the part where it says "Non-authoritative Answer." It should contain the "correct" IP address of Google or the website that you nslooked-up.
5) To verify if it's the right IP address, go to the website "who.is" to check the registered owner of that IP addresses listed on your nslookup result. If it shows that it's registered on ARIN, go to the ARIN whois search and search it there.
6) If your ARIN whois search shows your ISP name, then, you are affected by ISP DNS hijacking.
There are several ways to avoid DNS hijacking:
1) Use a DNS server on your network adapter that has not yet been compromised by your ISP. (As far as I know, Google DNS servers and Open DNS servers were already hijacked based on nslookup because the results were showing my ISP's IP addresses for the Google website.
2) Use a good VPN.
3) If you don't trust the VPN company, use DNSCrypt together with your VPN.
4) Use a custom router configuration, or use DNSMasq on your DDWRT/Tomato router.
5) Have your own DNS server.
6) Use a good firewall configuration to prevent the traffic from going the the ISP hosted version of the website.
7) ... reserved for the suggestions of advanced users and IT people. Hehe
That's all po. Sana nakatulong po ako sa community na to kahit papaano and kahit leecher pa lang po ang status ko. If may mali po sa mga nasabi ko, paki correct na lang po. Salamat
DNS hijacking means that they (ISP) redirect all of our traffic to their own DNS servers for malicious purposes, e.g. phishing, advertisements, data and statistics mining, blocking access to selected domains as a form of censorship, etc.
So, what's the simplest way to know if you're affected (for newbies and for people who don't use VPNs):
1) Open: Command Prompt
2) Type: nslookup You do not have permission to view the full content of this post. Log in or register now.
3) Look at the first 2 lines of the result. They should indicate the DNS server used by your network adapter.
4) Then, look at the part where it says "Non-authoritative Answer." It should contain the "correct" IP address of Google or the website that you nslooked-up.
5) To verify if it's the right IP address, go to the website "who.is" to check the registered owner of that IP addresses listed on your nslookup result. If it shows that it's registered on ARIN, go to the ARIN whois search and search it there.
6) If your ARIN whois search shows your ISP name, then, you are affected by ISP DNS hijacking.
There are several ways to avoid DNS hijacking:
1) Use a DNS server on your network adapter that has not yet been compromised by your ISP. (As far as I know, Google DNS servers and Open DNS servers were already hijacked based on nslookup because the results were showing my ISP's IP addresses for the Google website.
2) Use a good VPN.
3) If you don't trust the VPN company, use DNSCrypt together with your VPN.
4) Use a custom router configuration, or use DNSMasq on your DDWRT/Tomato router.
5) Have your own DNS server.
6) Use a good firewall configuration to prevent the traffic from going the the ISP hosted version of the website.
7) ... reserved for the suggestions of advanced users and IT people. Hehe
That's all po. Sana nakatulong po ako sa community na to kahit papaano and kahit leecher pa lang po ang status ko. If may mali po sa mga nasabi ko, paki correct na lang po. Salamat