Mtnl Modem On My Beetal Modem 450Bxi Getting Hacked

M

matoind

Adept
Recently my modem has started to get hacked! If I open www.yahoo.com or www.bing.com , I am directed to 22.113.36.83! But it shows www.yahoo.com in address bar.

Somehow the hacker manages to change the DNS settings on the modem and change the password! So I cannot make changes to the modem without hard reset.

Does anyone have a clue about what is going on? How does he change the modem settings without the modem password?

oops..error on the topic cant be corrected! Please read Topic as MTNL Broadband on my Beetal.....
 
Try using Google DNS. Change the settings in your Network Connections, DNS1:8.8.8.8 and DNS2:8.8.4.4 . This might be an issue with you rmachine too. Check using another machine.
 
After hard reset login and change the default password of the router/modem.

Please check the DNS settings in your Router Config and make it to default.
 
tech_bot said:
After hard reset login and change the default password of the router/modem.

Please check the DNS settings in your Router Config and make it to default.
Click to expand...

I have done that. the problem crops up after 2-3 days. Also I cant relogin since it changes the password to the modem!
 
dunno if its you alone, i had started a post sometime back asking for similar help coz i found my routing and DNS ineffective as my routing would not change even if i changed my DNS. i now am on google public dns but if i go back to MTNL's dns, in my case which are 59.185.0.50 and 59.185.0.23, my routing will not change.

Example

Pinging any-fp3-real.wa1.b.yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=272ms TTL=51

Reply from 98.137.149.56: bytes=32 time=336ms TTL=51

Reply from 98.137.149.56: bytes=32 time=574ms TTL=51

Reply from 98.137.149.56: bytes=32 time=396ms TTL=51

These pings u see up will have the same 98.137.149.56 even if i switch DNS.
 
Are you sure you are the only once who has access to your system ?

It may be possible that someone installed keylogger in your system and able to get the new/changed password of the router.

Try scanning your system with updated antivirus and if possible try to use any live-cd of linux and make changes in Router settings after hard reset.
 
yup what i did to mine
<
 
matoind said:
Recently my modem has started to get hacked! If I open www.yahoo.com or www.bing.com , I am directed to 22.113.36.83! But it shows www.yahoo.com in address bar.

Somehow the hacker manages to change the DNS settings on the modem and change the password! So I cannot make changes to the modem without hard reset.

Does anyone have a clue about what is going on? How does he change the modem settings without the modem password?

oops..error on the topic cant be corrected! Please read Topic as MTNL Broadband on my Beetal.....
Click to expand...

Most probably your computer has been infected by some adware/spyware/virus, install several anti-malware utilities and scan it. If you have set up DNS on your lan card settings, it bypasses the DNS in the router, there is no way that you could be redirected (except by the ISP) unless your computer itself is infected.

vishalk said:
dunno if its you alone, i had started a post sometime back asking for similar help coz i found my routing and DNS ineffective as my routing would not change even if i changed my DNS. i now am on google public dns but if i go back to MTNL's dns, in my case which are 59.185.0.50 and 59.185.0.23, my routing will not change.

Example

Pinging any-fp3-real.wa1.b.yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=272ms TTL=51

Reply from 98.137.149.56: bytes=32 time=336ms TTL=51

Reply from 98.137.149.56: bytes=32 time=574ms TTL=51

Reply from 98.137.149.56: bytes=32 time=396ms TTL=51

These pings u see up will have the same 98.137.149.56 even if i switch DNS.
Click to expand...

routing will not change because of change in DNS, its dependant on the ISP. Open command prompt (if you have windows OS) and type ipconfig to ascertain which DNS your computer is actally using.

The resolved IP address should change if the DNS reply contains a new address, which might affect the routing as it will be a different ip address
 
cyberwiz said:
Most probably your computer has been infected by some adware/spyware/virus, install several anti-malware utilities and scan it. If you have set up DNS on your lan card settings, it bypasses the DNS in the router, there is no way that you could be redirected (except by the ISP) unless your computer itself is infected.

routing will not change because of change in DNS, its dependant on the ISP. Open command prompt (if you have windows OS) and type ipconfig to ascertain which DNS your computer is actally using.

The resolved IP address should change if the DNS reply contains a new address, which might affect the routing as it will be a different ip address
Click to expand...

It is not only the computer but also the mobile that start going to wrong pages! Computer can be corrected by DNS settings but not mobiles. (Atleast I didnt try). Ipod/Galaxy SII/ Nokia X6 are landing on wrong page instead of yahoo.com! Today there was some warning in News paper about wift hack virus!
 
I am not aware of any exploit for the Beetel router that can result in this behaviour, assuming that it does exist, how does he get to know your IP address each time? Have u checked if DDNS is enabled in the router?

have u changed the default router password?

Probably a malicious script modifying the DNS records in the router after being executed from a computer within the network, difficult to understand how this can be done from the WAN side, if there is no WAN access to the router and all the computers in the network are clean
 
I have also experienced this lately (beetel modem on airtel) some sites getting redirected not only in PC but in other laptops and mobiles also.... so definitely modem is getting compromised. only a hard reset brings it back to normal. I have changed the default password. now thinking of changing the default ip (192.168.1.1) to something else.

NAT is enabled but I have disabled firewall so as not to cause some occassional problems with BF3.

_
 
cyberwiz said:
Most probably your computer has been infected by some adware/spyware/virus, install several anti-malware utilities and scan it. If you have set up DNS on your lan card settings, it bypasses the DNS in the router, there is no way that you could be redirected (except by the ISP) unless your computer itself is infected.

routing will not change because of change in DNS, its dependant on the ISP. Open command prompt (if you have windows OS) and type ipconfig to ascertain which DNS your computer is actally using.

The resolved IP address should change if the DNS reply contains a new address, which might affect the routing as it will be a different ip address
Click to expand...

Hi,

DNS used is google public DNS on the router, nothing on the pc.
 
Try this: keep the default ip as 192.168.1.1 change the subnet mask to something else. like 255.255.xx.xx this will lower number of addresses in lan net behind the modem but it will definitely be a hurdle.

you will need to change the default gateway in your comps lan card to same subnet mask you entered in the modem.
 
6pack said:
enable NAT in your modems. also enable any firewall if you have in your system.
Click to expand...

If u have modem/router doing the login with PPPoE, NAT would be working on the router, it cant work without the NAT

vishalk said:
Hi,

DNS used is google public DNS on the router, nothing on the pc.
Click to expand...

If you want your computer to use a new DNS server, change it in the lan card properties. Keep in mind that if the resolved addresses from two different DNS servers are the same, the routing will not change.
 
now I just made the adsl modem (beetel 220bxi) as bridge mode and configured ppoe in the RT-N16. this shud be more secure and hassle free ?

@cyberwiz yes it is disabled.

_
 
ofcourse its much better, i was going to suggest that but i thought that you people only had the beetel modems, if one has a decent router why would one let beetel do the PPPoE in the first place?
 
Back
Top