Evening all.
I've been noticing some unusually odd behaviour on my home network over the weekend. Things like the eBay app on my phone saying there's no network, when the WiFi is working fine, but then working ok when I disconnect from WiFi. That, and an unusually large number of Certificate Errors for sites such as ebay.co.uk and amazon.co.uk.
On further investigation, I think we may be subject to some DNS Cache Poisoning. I've noticed the DNS responses for www.ebay.co.uk seem to be changing frequently between legitimate responses, and non-legitimate responses. See below:
Our router is an Asus RT-N66U running Merlin firmware. I'm sure I had configured it to use google DNS servers, but when I went in to check earlier, those DNS servers were not configured, and they were just blank.
I've added them back in, but still seeing wrong DNS responses.
I've changed the WiFi password, but not sure what else I can do. I've run Anti-malware and anti-virus scans - a few malware registry keys were found but nothing else. Does anyone have any suggestions?
I've been noticing some unusually odd behaviour on my home network over the weekend. Things like the eBay app on my phone saying there's no network, when the WiFi is working fine, but then working ok when I disconnect from WiFi. That, and an unusually large number of Certificate Errors for sites such as ebay.co.uk and amazon.co.uk.
On further investigation, I think we may be subject to some DNS Cache Poisoning. I've noticed the DNS responses for www.ebay.co.uk seem to be changing frequently between legitimate responses, and non-legitimate responses. See below:
C:\Windows\system32>nslookup www.ebay.co.uk
Server: broadband.bt.com
Address: 2a00:23c5:4f8a:c600::1
Non-authoritative answer:
Name: e11847.g.akamaiedge.net
Address: 92.122.166.107
Aliases: www.ebay.co.uk
slot11847.ebay.com.edgekey.net
C:\Windows\system32>nslookup www.ebay.co.uk
Server: broadband.bt.com
Address: 2a00:23c5:4f8a:c600::1
Name: www.ebay.co.uk
Address: 185.244.150.17
C:\Windows\system32>nslookup www.ebay.co.uk
Server: broadband.bt.com
Address: 2a00:23c5:4f8a:c600::1
Non-authoritative answer:
Name: www.ebay.co.uk
Address: 185.244.150.17
C:\Windows\system32>nslookup www.ebay.co.uk
Server: broadband.bt.com
Address: 2a00:23c5:4f8a:c600::1
Non-authoritative answer:
Name: e11847.g.akamaiedge.net
Address: 92.122.166.107
Aliases: www.ebay.co.uk
slot11847.ebay.com.edgekey.net
C:\Windows\system32>nslookup www.ebay.co.uk
Server: broadband.bt.com
Address: 2a00:23c5:4f8a:c600::1
Non-authoritative answer:
Name: e11847.g.akamaiedge.net
Address: 92.122.166.107
Aliases: www.ebay.co.uk
slot11847.ebay.com.edgekey.net
C:\Windows\system32>
Our router is an Asus RT-N66U running Merlin firmware. I'm sure I had configured it to use google DNS servers, but when I went in to check earlier, those DNS servers were not configured, and they were just blank.
I've added them back in, but still seeing wrong DNS responses.
I've changed the WiFi password, but not sure what else I can do. I've run Anti-malware and anti-virus scans - a few malware registry keys were found but nothing else. Does anyone have any suggestions?