New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

DNSChanger ...


Post Reply New Thread Subscribe

 
Thread Tools
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,351
McBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to all
Mac Specs: 2013 MBA 13" - OS X 10.10

McBie is offline
Article below provides some good information on the DNSChanger malware that has been going around for quite some time.
( Also have a look at the .pdf file )

http://isc.sans.edu/diary.html?storyid=11986

It might help people do a bit of troubleshooting themselves before seeking more in-depth advice.

Taking a step back on this technique of DNS poisoning, it won't' be long before DNSChanger v2 ( or whatever it will be called ) will hit the streets.
How might this impact you and why should you be vigilant ....
If you connect to your bank for financial transactions, the bank will know who you are due to you credentials and authentication mechanisms, but .. how do you know you are communicating with your bank ? ( and not with some bogus web server on the first floor of a chinese restaurant )

Hope it is useful.

Cheers ... McBie

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks
blairtechguy

 
Member Since: Sep 13, 2011
Location: Kentucky, USA
Posts: 100
blairtechguy will become famous soon enough
Mac Specs: Mac Pro 2 x 2.66 Xeon 6gb DDR2 1TB OSX Server

blairtechguy is offline
Configuring DNS is one of the most overlooked preventative security measures. I see it all the time fixing Windows machines (which are much more problematic) where DNS is automatically assigned. I recommend using either below:

OpenDNS: 208.67.222.222, 208.67.220.220
Google Public DNS: 8.8.8.8, 8.8.4.4

Blair Technology Group - Mac System Administrator
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 18,014
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
There is nothing wrong with automatic DNS assignment. Beyond that, manually setting DNS servers doesn't preclude your settings from being changed. Although I use OpenDNS, there is nothing to stop a malicious piece of software from changing it. The only real preventative measure is to stay away from content that is frequently the source of these problems (pirated content for example).

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
blairtechguy

 
Member Since: Sep 13, 2011
Location: Kentucky, USA
Posts: 100
blairtechguy will become famous soon enough
Mac Specs: Mac Pro 2 x 2.66 Xeon 6gb DDR2 1TB OSX Server

blairtechguy is offline
I'll just put this here.

DNS hijacking - Wikipedia, the free encyclopedia

Also http://en.wikipedia.org/wiki/DNS_rebinding.

The latter is very intriguing I've read some articles and seen it run as a POC. But like you said it comes down to the users discretion on what they are doing while connected to the internet.

Blair Technology Group - Mac System Administrator
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 18,014
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
I fail to see how that precludes a trojan (or any piece of software) from changing manually assigned DNS servers. If you have a trojan on your Mac, what's to stop it from changing any value to put in yourself? In fact, here's an article about using scutil to change DNS servers from the command line. All a trojan has to do is use scutil behind the scenes to change the DNS servers.

So yes, a trojan may be able to hijack automatically assigned DNS servers but it could just as easily change manually inputted ones. You're therefore no safer with manually entries. Again, the only way to prevent any of this is to stay away from content that would cause this problem in the first place.

EDIT: Here's an even easier tool included with OS X to get the job done.
Code:
~ :: networksetup -getdnsservers "Wi-Fi"
208.67.222.222
208.67.220.220
~ :: networksetup -setdnsservers "Wi-Fi" 8.8.8.8 8.8.4.4
~ :: networksetup -getdnsservers "Wi-Fi"
8.8.8.8
8.8.4.4
That was easy.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
blairtechguy

 
Member Since: Sep 13, 2011
Location: Kentucky, USA
Posts: 100
blairtechguy will become famous soon enough
Mac Specs: Mac Pro 2 x 2.66 Xeon 6gb DDR2 1TB OSX Server

blairtechguy is offline
Would still need a super user/admin password. You did this logged into an administrative account. Try doing this with a standard user account . Like you said it comes down to the user who is the biggest security threat to a system.

in man networksetup

Quote:
The networksetup command is used to configure network settings typically configured in the System Preferences application. The networksetup command requires at least "admin" privileges to run. Most of the set commands require "root" privileges to run.

Blair Technology Group - Mac System Administrator
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 18,014
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Most people, I would bet, run as an administrator (sometime perhaps unknowingly) especially when you consider that the "default" account has admin privileges. Since you don't actually need superuser privileges to use networksetup to change DNS settings, the possibility is there.

Yes, I think we can agree that the best protection against this kind of problem is user knowledge (as is the case for 95% of preventative measures).

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
BrianLachoreVPI

 
BrianLachoreVPI's Avatar
 
Member Since: Feb 24, 2011
Location: Maryland
Posts: 3,742
BrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant futureBrianLachoreVPI has a brilliant future
Mac Specs: March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD

BrianLachoreVPI is offline
FBI tackles DNSChanger malware scam | MacFixIt - CNET Reviews
QUOTE Thanks

Post Reply New Thread Subscribe


« icons gone missing along with dock and my sanity. | Can I safely delete Power PC files after upgrading to Lion? »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 06:23 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?