Does the wifi inspetor tool scans the pc from inside or outside?

jraju · 2017-05-19T04:36:37.000Z

Hi,
I know that avast has a free tool called wifi inspector and it scans the router, network and gives solution to the vulnerabilities if any found.
i heard from circles, i could not remember, that scans from Local computer may produce false positive alerts . For eg. if i scan with wifi inspector, if it scans from within the computer and router, then open ports, like 7547 will be shown as vulnerable. But if the same port on my router may be given as stealth in Shields up, if it scans my computer for vulnerability from their end. So, i am having a doubt, that whether avast wifi inspector scans the router from outside or inside within. Please inform me, as stealth ports shown by other sides, if it is showing as vulnerable by wifiinspector, there is doubt about false positive.
Hope experts would see what i mean by outside scan, like server , cloud scan by other sites especially GRC sheilds up etc. If avast scan is also is from outside, please let me know.

Eddy · 2017-05-19T05:07:13.000Z

You should ask less and (re)search/read more.

jraju · 2017-05-19T05:18:13.000Z

Hi , Eddy,
Thanks for the reply. But Please provide a link where i could see those things. wifi inspector is a subtool inside avast free antivirus

Eddy · 2017-05-19T05:21:33.000Z

www.avast.com
duckduckgo.com

etc.

jraju · 2017-05-19T05:26:50.000Z

Hi, Eddy,
Thanks for the links. mere links to main site does not give any clue to me. i read in an article about the query i raised in. So, i want reply from experts like you , who has given me solutions to problems in updating and other vital issues.
My question is simple: If it scans with Lan connection, will it not be intrepreted as within scan.rather than cloud scan or online scan available at other sites.I did not find any post in this forum. So, i ask

Pondus · 2017-05-19T05:38:35.000Z

For eg. if i scan with wifi inspector, if it scans from within the computer and router, then open ports, like 7547 will be shown as vulnerable. [b]But if the same port on my router may be given as stealth in Shields up,[/b] if it scans my computer for vulnerability from their end.

When using shields up, be aware that it is the first firewall on the network that is tested...

If you have a ISP box with firewall, then a router with firewall, then a software firewall in our computer, when you run shields up it will test the firewall in the ISP box so the probe may never reach your computer

It is explained in shields up FAQ

Turn off firewall in your computer and router and run shields up
Still get all green or closed ports? then your ISP box has a firewall

jraju · 2017-05-19T06:14:05.000Z

Hi, Pondus,
I am using only windows firewall with default settings.
Please explain this
If you have a ISP box with firewall, then a router with firewall, then a software firewall in our computer, when you run shields up it will test the firewall in the ISP box so the probe may never reach your computer
Could i take it, that it only probes the outer wall of the firewall, so the probe would not reach my computer.
Please also let me know, how wifi scans, does it scans with avast servers or the downloaded program of avast? It is not to question the scan of wifi, it had helped me overcome so such vulnerabilities. But if a doubt is raised, it may be for understanding the deep of the scan to understand further about it.
Thanks for your reply. So, online scans only touches the outer layer of your network and not deep scan of the router as wifi inspector does.
I was very impressed with wifi, that i have sent a router guidance doc to my friends in this regard.
To be more clear , could i take that avast is scanning , whether outside or remote sites could attack my router by using my LAN connection and router settings.
Please see the converted jpg of my doc and if it is small , pl zoom
.
Please see the converted jpg of my doc and if it is small , pl zoom
R O U T E R A T TA C K S A N D SOLUTIONS
Hi, all of you might have seen the attacks on computer by wanna cry. It attacks computer OS , locks it and could be accessed after paying ransom. This attack is aimed at computer. But do you know that your router also could be compromised by the attackers using the ports genuinely left open default , for some remote assistance by the ISP or Vendor. Nowadays, this port is used by the attackers to know your computer internet activity without you suspecting any of it, because, it is compromised at the router level.
So, if you use personal computer, besides having best antivirus and malware programs, it is better to check your router also for any vulnerability.
In this case, I recommend, avast free antivirus, which is having a tool wifi inspector. Since it is free you could just install one time and then scan the computer with internet on. It will list all the connected devices and scan, and will give you results. If all is ok, you will get green , excellent remarks. If the scan finds vulnerability, it gives clue to what it has found and also the solutions.
The main vulnerability , I found in most routers is the admin password. Once configured, we forget about router, thinking that it is just a electronic device. But this is the gateway to your internet access as all we know. The routers admin user id and pw are one and the same. So, if a hacker could just guess, and do a brute attack, he could easily by pass those passwords. As a first measure, change this pw, and give a tough password by going to the router page, which all you know will be printed in the modem or using ipconfig /all command.
Secondly the dns attack. If your ISP sites are not secured, then there is a chance that it may give access to hijacked domains which will remotely control your internet activity.
If you are shown vulnerability in this regard, please go to the network settings and change adopter settings, then go to the adopter properties, ipv4, and then uncheck the obtain dns ip automatically to either google dns or open dns. If you change this, the router dns will be by passed by google dns which is safer. You cannot do any internet activity without google .
Next is open port vulnerability. The port 7547 is left for your ISP to communicate remotely. But this open port is now used by attackers to access your net activity, sometimes, changing the url of your router tr69 configurations for remote access at their end.
I have scanned with wifi inspector, and I was given alerts on the three major compromises, like weak pw, dns hijack, as well as port 7547. Normally for each log in , you are given an external ip by the Service provider, thro which your internet communicates. This shoud be not known. If some ports are open, this ip address could be accessed by the attackers.
I like anybody do not have tech savvy methods to safeguard, but the scan by avast wifi inspector prevented possible attacks and in this connection I am giving you my advice.
Please free to write to me for any thing, that I could help in this regard.
I also did not know what is the router page and settings etc before going thro all the scan results. If you do not want to go to the router page to change, it is my best advice to change the admin password, (please keep it safely to get it if you forget or want to open the router page. ) Normall passwords for any router are available in net pages.
I give my ideas to you, it is up to you to safeguard or leave it at that.
I am not Ask Leo, to give you technical tips on security, but my tips if it saves from router attacks well and good.
There are some more tools available in the net , but scan thro avast is safe, to my knowledge.

Pondus · 2017-05-19T07:53:48.000Z

Please explain this If you have a ISP box with firewall, then a router with firewall, then a software firewall in our computer, when you run shields up it will test the firewall in the ISP box so the probe may never reach your computer

ISP box = Cable/Dsl/Fiber modem

Could i take it, that it only probes the outer wall of the firewall, so the probe would not reach my computer.

If your ISP box containe a firewall that is setup by your internet provider, Shields up probe may stop in that firewall depending on if it is on and how it is set up

jraju · 2017-05-19T12:00:34.000Z

Hi, yes, thanks for your answer.Normally all the ISP servers would be having NAT protection enabled in the router to protect the users. But i also find so much of infected ips , in the bot cleaning sites also of the same service provider. Minimum protection is only given by ISP, as protecting everything would not give users wanted internet activity.
Windows firewall ofcourse, gives us protection by prompting to stop some features of some applications.
Here avast and its subtools gives clue to the vulnerabilities in the network connections.
I am not particular about shields up, and i used it only as an example for outside check of router/network.
So, is it the fact that the wifi inspector scans for all the vulnerabilities that a network could face in all the devices connected with the router from outside sites . How to know that vulnerabilites exist in the dns server of the service provider? That is the part , i want some clarification. anyhow, thanks for detailed graphical illustration
By changing the dns the vulnerability is gone.

Eddy · 2017-05-19T12:27:43.000Z

You start learning.

Your ISP servers have nothing to do with your router.

What you see in those lists are mostly not ISP, but hosts.

ISP’s are not responsible for securing your system(s), you are.

Do you even know what a DNS server is and what it does ?

jraju · 2017-05-19T12:39:03.000Z

Hi, Eddy educate me if i am not that much knowledgable.
Here my question is related to the fact, that when wifi scan tells you that your dns hns is hijacked , it alos gives solution to change to google dns. that is the gateway. When i changed and scan with wifi inspector, now the vulnerabilities are not shown. When my computer is without problem, in wifi scan, naturallly, i suspect that to do with the dns server, that is gateway. I think host file contains the ip of your system.

Eddy · 2017-05-19T12:43:02.000Z

https://web.stanford.edu/class/msande91si/www-spr04/readings/week1/InternetWhitepaper.htm
http://computer.howstuffworks.com/

jraju · 2017-05-19T12:58:32.000Z

Hi, Thanks. I will look at the links.

system · 2017-05-19T13:01:08.000Z

Eddy post:12:

https://web.stanford.edu/class/msande91si/www-spr04/readings/week1/InternetWhitepaper.htm
http://computer.howstuffworks.com/

Nice link Eddy 8)

jraju · 2017-05-19T13:33:01.000Z

Hi, all
I just tried to test by using dns to obtain address automatically option, instead of google.dns. I am getting this alert, of dns hijack domains vk.com yandex.ru

                 It is shown in the router scan. i do not find any entry of those in the router. The solution is given to change the dns servers to google. Now if i change the result would be no vulnerability

jraju · 2017-05-19T13:54:16.000Z

Pl see the result when i change the dns to google.dns

jraju · 2017-05-20T05:53:40.000Z

Hi, I am expecting response for my query. I think that there is some vulnerabilities in the dns server address if it is allowed to obtain automatically. I find some ip entries , not vk.com or yandex.ru,in the status page of the router. If i change the adopter settings in ipv4 to google dns address say, 8.8.8.8 and 8.8.4.4, then scan shows no vulnerability.
So, i want to know, whether my pc is infected or the dns server address is infected with those yandex.ru and vk.com domain hijacked vulnerabilities.I have scanned the pc thro avast boot time scan and malware anti malware softwares, and did not find any entry of those domains.
can i expect a clarification in this regard?

Eddy · 2017-05-20T11:25:38.000Z

And we are expecting you to start learning.

jraju · 2017-05-20T12:33:15.000Z

Hi,Eddy learning is a continuous process and clarification is different. i have enclosed two sets of scan results, one by changing the dns server address to google and the other obtain dns server automatically. Automatically getting dns server , when scanned by the wifi inspector produces vulnerabilities of dns hijack domains like yandex.ru and vk.com, whereas the scan with google dns, produces no such vulnerable results. So, i want some clarifications of how those coms are found out by wifi inspector. how to find whether router dns server really having these com vulnerability.

Eddy · 2017-05-20T12:42:58.000Z

This is a webboard, not a school.

https://duckduckgo.com/

Announcements