From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DBC43138CBD for ; Tue, 10 Mar 2015 20:34:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0D3F1E0871; Tue, 10 Mar 2015 20:34:36 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D3920E07E8 for ; Tue, 10 Mar 2015 20:34:34 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1YVQrG-0000xS-TU for gentoo-user@lists.gentoo.org; Tue, 10 Mar 2015 21:34:31 +0100 Received: from rrcs-71-40-157-251.se.biz.rr.com ([71.40.157.251]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Mar 2015 21:34:30 +0100 Received: from wireless by rrcs-71-40-157-251.se.biz.rr.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Mar 2015 21:34:30 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: [OT] Mysterious vanishing of DNS entry of www.youtube.com...was I hacked? Date: Tue, 10 Mar 2015 20:34:23 +0000 (UTC) Message-ID: References: <20150310181612.GA4128@solfire> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 71.40.157.251 (Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32.1) X-Archives-Salt: 2b85e5f8-5c43-4d1e-bc28-0e90d9b16e99 X-Archives-Hash: 8116821f29157de01d8916f193080ede gmx.de> writes: > Hi, > Was my DSL modem hacked? Quite possibly. There are a myriad of resources on hacking modems[1]. Also, most modems support performance configurations via "S registers". Often, vendors leave access to the modem's "S registers" accessible and error on the side of ease of access. Others have brain_dead interfaces, just begging to be hacked. Then there are the wireless ports, usually configured to just "work" upon reboot with the widest possible range of open configs. Some "cable modem" ISPs allow you to purchase better quality hardware and use it, as long as they are given control over the mode. It's like the wild wild west, still lots of open range. Furthermore, modems are still a common, bountiful?, injection point for all sorts of nefarious activities, including governments not local to your nation. What we really need is a gentoo project to have a repository of gentoo based open source router (and transparent bridges) solutions. It's a ton of work for one person to stay on top of. Others will suggest some solutions like a shorewall fw behind your cable modem. Sorry for digressing off the dns specific hacking activity you have most likely stumbled upon. But if you fix that, and hackers like your node, they'll just migrate to other layers and parts of the stack..... On dns security issues, I'd speak with your local ISP in addition to discovering where your system(s) are resolving off of. Bad routing tables and routing instability are constant problems on the wider net. Your (ISP) router jocks may be understaffed, or just plain lazy..... There are a myriad of 'third party' solutions to quality/secure dns services, but, that is the responsibility of your ISP, usually. net-dns/bind-tools contains an excellent tool call "dig". Google for syntax examples...... hth, James [1] ISBN-13: 978-1593271015 ISBN-10: 1593271018