Results 1 to 8 of 8

Thread: DNSChanger ...

  1. #1

    McBie's Avatar
    Member Since
    Apr 26, 2008
    Location
    Belgium
    Posts
    2,732
    Specs:
    2013 MBA 13" - OS X 10.11
    DNSChanger ...
    Article below provides some good information on the DNSChanger malware that has been going around for quite some time.
    ( Also have a look at the .pdf file )

    http://isc.sans.edu/diary.html?storyid=11986

    It might help people do a bit of troubleshooting themselves before seeking more in-depth advice.

    Taking a step back on this technique of DNS poisoning, it won't' be long before DNSChanger v2 ( or whatever it will be called ) will hit the streets.
    How might this impact you and why should you be vigilant ....
    If you connect to your bank for financial transactions, the bank will know who you are due to you credentials and authentication mechanisms, but .. how do you know you are communicating with your bank ? ( and not with some bogus web server on the first floor of a chinese restaurant )

    Hope it is useful.

    Cheers ... McBie
    A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
    The bitterness of poor quality remains long after the sweetness of low price is forgotten.

  2. #2


    Member Since
    Sep 13, 2011
    Location
    Kentucky, USA
    Posts
    100
    Specs:
    Mac Pro 2 x 2.66 Xeon 6gb DDR2 1TB OSX Server
    Configuring DNS is one of the most overlooked preventative security measures. I see it all the time fixing Windows machines (which are much more problematic) where DNS is automatically assigned. I recommend using either below:

    OpenDNS: 208.67.222.222, 208.67.220.220
    Google Public DNS: 8.8.8.8, 8.8.4.4
    Blair Technology Group - Mac System Administrator

  3. #3

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,742
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    There is nothing wrong with automatic DNS assignment. Beyond that, manually setting DNS servers doesn't preclude your settings from being changed. Although I use OpenDNS, there is nothing to stop a malicious piece of software from changing it. The only real preventative measure is to stay away from content that is frequently the source of these problems (pirated content for example).
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  4. #4


    Member Since
    Sep 13, 2011
    Location
    Kentucky, USA
    Posts
    100
    Specs:
    Mac Pro 2 x 2.66 Xeon 6gb DDR2 1TB OSX Server
    I'll just put this here.

    DNS hijacking - Wikipedia, the free encyclopedia

    Also http://en.wikipedia.org/wiki/DNS_rebinding.

    The latter is very intriguing I've read some articles and seen it run as a POC. But like you said it comes down to the users discretion on what they are doing while connected to the internet.
    Blair Technology Group - Mac System Administrator

  5. #5

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,742
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    I fail to see how that precludes a trojan (or any piece of software) from changing manually assigned DNS servers. If you have a trojan on your Mac, what's to stop it from changing any value to put in yourself? In fact, here's an article about using scutil to change DNS servers from the command line. All a trojan has to do is use scutil behind the scenes to change the DNS servers.

    So yes, a trojan may be able to hijack automatically assigned DNS servers but it could just as easily change manually inputted ones. You're therefore no safer with manually entries. Again, the only way to prevent any of this is to stay away from content that would cause this problem in the first place.

    EDIT: Here's an even easier tool included with OS X to get the job done.
    Code:
    ~ :: networksetup -getdnsservers "Wi-Fi"
    208.67.222.222
    208.67.220.220
    ~ :: networksetup -setdnsservers "Wi-Fi" 8.8.8.8 8.8.4.4
    ~ :: networksetup -getdnsservers "Wi-Fi"
    8.8.8.8
    8.8.4.4
    That was easy.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  6. #6


    Member Since
    Sep 13, 2011
    Location
    Kentucky, USA
    Posts
    100
    Specs:
    Mac Pro 2 x 2.66 Xeon 6gb DDR2 1TB OSX Server
    Would still need a super user/admin password. You did this logged into an administrative account. Try doing this with a standard user account . Like you said it comes down to the user who is the biggest security threat to a system.

    in man networksetup

    The networksetup command is used to configure network settings typically configured in the System Preferences application. The networksetup command requires at least "admin" privileges to run. Most of the set commands require "root" privileges to run.
    Blair Technology Group - Mac System Administrator

  7. #7

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,742
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    Most people, I would bet, run as an administrator (sometime perhaps unknowingly) especially when you consider that the "default" account has admin privileges. Since you don't actually need superuser privileges to use networksetup to change DNS settings, the possibility is there.

    Yes, I think we can agree that the best protection against this kind of problem is user knowledge (as is the case for 95% of preventative measures).
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  8. #8

    BrianLachoreVPI's Avatar
    Member Since
    Feb 25, 2011
    Location
    Maryland
    Posts
    3,733
    Specs:
    March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DNSChanger on old Mac. No luck getting rid of it so far...
    By Jose Jimenez in forum OS X - Operating System
    Replies: 10
    Last Post: 12-22-2011, 02:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •