[PLUG] Internet access certificate issues

Mike C. mconnors1 at gmail.com
Sun Sep 17 19:17:17 UTC 2017 

On 9/16/17 12:00 PM, plug-request at lists.pdxlinux.org wrote:
> Where does DNS poisoning occur?  Since it was just local to my machine (no
> general complaints noticed), then something local must have been hacked.
> This could have been either my router or my modem, since my laptop
> connecting via wireless to the router also had the problem.  The modem was
> reset a few times during my contact with Comcast's technician, so it could
> have been the modem if reset clears the cache.
>
> This whole thing is above my pay grade. Bottom line, if it recurs, what
> should I do to find out what is happening?

DNS poisoning initially occurs at the DNS server. An untrusted fake name
record is introduced and then is cached in the DNS server and served to
any unwitting entity that makes a DNS A record lookup for a hostname/fqdn.

This is unlikely to be of a nefarious nature and far more likely to be
caused by crappy code in the airRouter. I did tech. support work for a
local manufacturer of lower-end APs that ran open source based software.
Oh, the DNS & DHCP nightmare problems I could tell you about.

I did a quick Google on this and found that people experienced similar
problems with the Cisco RV130. If I recall the fix was a config change.

I don't know if the Comcast modems run a DNS caching server. I doubt it,
but maybe. I've been using a dns caching server on my linux boxen for
many years. Now many linux distros come with dnsmasq installed and it
runs at startup by default.  I think modern versions of MS Win also do
this.

So, what you do if this happens again? Here's what I would do.

1. Flush the dns cache on your computer and then try again. Here's how
to do it on all OSs.
https://www.techiecorner.com/35/how-to-flush-dns-cache-in-linux-windows-mac/

2. If problem persists, plug directly into the modem and try it again.

3. If problem persists, edit the /etc/resolv.conf file, add the Google
nameserver addresses and try again.
nameserver 8.8.8.8
nameserver 8.8.4.4

*NOTE: This is only temporary and will be overwritten upon the next DHCP
renewal unless you edit the dhcp config file so that it doesn't request
DNS entries or disable DNS on the Comcast modem.

4. If problem still persists, which I suspect is highly unlikely, then
I'd probably start looking at either running some heavy duty malware
software on your pc or wiping it and re-installing the OS from scratch.

HTH!,

Mike

More information about the PLUG mailing list