Starting a few days ago I noticed that I sometimes did not get the website I expected.
Enter “Google.ca” and get “RusianBrides.ru” for example. (not a literal example, some of the sites were “harmeless” some much more “adult” oriented)
I have seem this happen before, once or twice a year. Some nasty website or something I did lets a malicious program change the modems DNS settings.
Normally DNS comes from your upstream provider - Acanac in my case. Usually I have DNS of:
Primary: 209.197.128.2
Secondary: 209.197.128.5
But something keeps switching my modem to Static DNS using these values:
Primary: 159.203.32.8
Secondary: 8.8.8.8
Usually I just change the modem back to Dynamic DNS from provider and all is fine.
This time is a little different. This time something is actively switching the DNS BACK after I “fix” it. Usually within an hour. But there was one 12-20 hour gap.
This started 3 or 4 days ago. I’m going nuts trying to figure out where and how the change is coming from.
I have several Windows and Apple computers, an iPad, iPhone in use. One of my first tests was to shut them all OFF. Even my Android TV (Kodi) player. And it was changed again. I had to boot up an iPad to check - I know nothing that can hack an iPad so I think that was safe.
With all my computers OFF, Tablo is one of the few things left active.
So, is there anything in the Tablo that could affect DNS? It seems unlikely to me, but I have to ask.
And what can I do to the Tablo to ensure it has not been compromised in some way?
It’s supplied by my ISP. When I switched to VDSL the modems were scarce and expensive!
I always change admin passwords when I buy a “connected” device.
Since the admin password is cached on all my computers i even changed it again yesterday - and did not update the saved password. So if some clever hacker has found a way to get at my saved passwords, they will get the wrong one!
Acanac is urging me to do a factory reset. Mildly annoying, I have a bunch of custom settings I will have to re-enter. Like Tablo ports…
I’m getting ready to do anyway since I am out of ideas.
Is it possible to use their modem and your router? If so, I’d do that and lock down the router. There might be a vulnerability in their modem that they don’t want to tell you about.
It is very odd that someone is getting into your router/modem across password changes. What brand / model is the device? Wondering if there is a history of the device type being hacked directly?
I did a factory reset to the modem last night. I have it up and reconnected - but - I can’t get access to any web pages through it!
This happened when it was first installed. And it was some sort up upstream DNS problem my ISP had to fix by remote.
I put in a call to them for help. Now I wait.
UPDATE:
After resetting to factory defaults and re-connecting to my VDSL account I was unable to route traffic through the modem for about 18 hours.
15 mins after I sent an e-mail to Acanac support it started to work!
Everything works now. And - so far - my DNS has not been hacked.
Dunno what it is support has/had to do but it appears they certainly did. Don’t have these problem with ADSL(2). Hopefully this is something VDSL will get better at. Then again, its so much FASTER I don’t care! heheh (so long as it works).
If I get hacked again in the next few days I’ll update this post. Otherwise assume that the problem was actually in the modem itself!
Its been 2 or 3 days since I did a Factory RESET on my modem. And no further DNS problems.
I don’t understand how a modem’s firmware can get “confused” to the point of preferring some other company’s DNS server over the DHCP one assigned from upstream.
I still think this is a security hole a mile wide! But my ISP is adamant its not.
Not sure what TabloTV is, but came across this post when doing a Google search with my DNS ISP values, which are the same as yours.
I am connected to a local ISP in a small town between Ottawa and Montreal in Ontario, and the ISP also gave me a SmartRG modem. Like you, my DNS values were getting changed in the modem, driving me crazy as I experienced exactly the same behavior (and troubleshooting steps) you describe.
I recently reconfigured the modem in BRIDGE mode, and set up a router behind it to do the PPPoE and DNS, DHCP stuff. Had been running well for about a week now with no more changes to my DNS. I did get something to glitch a few minutes ago, in that the BOSE wifi speakers we have at the office stopped playing music, something that typically happened when the DNS was changed.
I checked the router, and the DNS were OK. Then the music came back. So maybe an unrelated glitch.
One difference with you is that my DNS were getting changed to something that didn’t give me bad sites, it just broke things like the music to the bose and some internet sites. The pokey DNS IP was 85.25.237.240
Trying a different modem didn’t help, checking on SmartRG site for more recent FW didn’t turn up anything.