Hi, I bought a dlilnk 2750u router and after configuring with the wizard, scanned with avast wifi inspector. I was shown alert of dns hijack and on the solution page, I was asked to uncheck enable ddns in advanced settings , which i did it. On the second scan, it shows no alett and i did not get any alert on any vulnerability in the wifi inspector scan.
But I went and looked at the ddns again, the same was enabled again with pppoe connection to a dlink server. I again, selected ----- , in the drop down box instead of pppoe, and then uncheck the enable and save and reboot the router.
The subsequent scan with wifi inspector showed no vulnerable with green tick.
My query is Why on the first scan, it showed as dns hijack vulnerability beore unchecking and showed as no vulnerability on subsequent scans, even when the same was checked in the router settings.
could some one clarify
I wish to state that I have used the dlink wizard to configure the router for getting my ISP configurations thro its wizard
Hi, I enclose the actual position of router on ddns after unchecking and rebooting the router for the first time
Hi, Why servers default other than googld dns ,open dens, etc are showing as vulnerable servers. Are they really infected servers or avast has programmed that to be.
When I changed my ISP server to opendns, the vulnerability alert has gone in to wind.
Are other servers except these servers are vulnerable or is a false positive alert
Hi,
Can you please provide us with a screenshot of the Avast interface showing the detection?
Can you also provide us with a support file id?
Please follow these steps:
- Open - Avast Premium Security > Click on - Menu > Settings > General > Troubleshooting > Select - Enable debug logging (at the bottom)
- Run a new Wi-Fi Inspector scan
3.Generate the support file
To generate the support file, please see this link.
https://support.avast.com/en-ww/article/Submit-support-file - Disable debug logging
hI, rAVAST,
Please see the screen shots
- scan result by changing to my ISP dns, audo detect vulnerability dns hijack
- scan after disabling ddns, and then change to public dns no vulnerability
- scan result after again reverted to my Isp vulnerability found dns hijack
- scanned result after again unchecking ddns and change to public dns
hI, RAVAST, SENT THE DATA, WHEN THE RESULT IS NO VULNERABILILTY. will send afte changing the dns to get vulnerability data .
or you will get it from the support file I sent already in this ID THZTQ
Hi, Ravast, seen the message.
I have enabled the log .
I again created the dns hijack alert and resend the support file
the file id is TJ1PA
I hope that this time , the details are correcly captured.
Only one thing, that i could not fill, and that is the ticket no.
Hope that you received the file. Now, the avast shows the alert of vulnerability
This I edited later
Now I have changed to public dns and the scan show no vulnerabililty.
dlink has stopped providing ddns service previous year itself
the support file id for this no vulnerability was sent via
support file id U9642
please see and say, that barring public dns all the dns have been having compromized or My ISP server is affected with something
hI, rAVast,
i received this message from avast support
We have received a diagnostic report related to this e-mail address that does not contain a description. There is no case related to this e-mail address in our database therefore we are not quite sure how we can help. Could you please provide us with a description of the issue itself or a previous case number? Please bear in mind that any information might be helpful and can speed up the resolution.
Best regards,
But I saw the support files were sent to avast only and the file id has also be the same.
what else Avast want in this regard. Is this message a alert to supply more details
The request numbers that were given to me in my email receipt are 13887460 13887226
hi, ravast,
please tell me if the analysis started on my support logs.
have they found out anything
Hi,
It seems that you should not have received these messages. Our devs are still looking into this.
Thanks ravast.
expecting.
Everybody say that google dns is not intrusive. But in one of my analysis found that the actual dns it gave me does not belong to my country, where there may be many servers, but to the neighbouring countries. I stopped using this public dns and switched back to my ISP dns.
But most software, yellows the dns, that they did not include in their software, as yellow flag, to use those cautiously other than the google and one or two public dns. It seems. Let me hear from your people on this
Hi, Ravast,
Is there any progress in the logs I submitted.
Hi, there is no reply to my queries from avast team on the logs submitted. Why it is taking time to analyse my logs. I expected a reply from the team. But since nothing came, I want to remind once again.
Is that only some servers known have been included as secured servers and all others are vulnerable.
I was open in my queries .
Hi,
The detection should have been suppressed and not visible to you when located in India.
The reported situation is not a threat, it is caused by the traffic being redirected by Indian ISPs acting on government mandate: https://www.reuters.com/article/us-india-china-apps-idUSKBN29U2GJ
Hi, R(a)vast,
Read the contents of the linked article. It is understood that some apps have been banned. I did not see anything that alerts that denotes about dns hijack as alerted by avast wifi inspector scan.
As you said, that it should have been suppressed for indian avast users, has anything made to the program of late to suppress the warning of dns hijacks?
Will you give some more details on this?
Assuming that i would have not correctly configured the new router, I went to my nearest service provider office and configured the router.
The same procedure has been followed by the official and I rechecked that the dns servers are configured to automatic obtaining mode, ie, my service provider Dns.
all other parameters are checked and it was the same as before, except , my changing the dns to google dns previously on the advice of the avast suggestions after the alert .
now, when I scan with the wifi inspector, with my ISP dns, i do not get any vulnerability warning after its scan.
Moreover, I had not visited any mentioned website nor do I have uc browder as my default, I am using firefox, and chrome only.
Now i do not get any vulnerability on wifi inspector test
See this enclosed report.
The server is set to auto detect and the dns servers are provided by my ISP
Hi, some family members have configured the internet option , dns survey as google dns.
I suppose, that eventhough, dns is configured automatically from my ISP, the setting in the windows ipv4 properties, dns server overtakes the ISP servers and acting as router dns server.
Yes, again removing the google dns in the ipv4 settings, to auto detect, then it shows the router has been hijacked dns alert.
So, means that if any body uses their own ISPs dns server, would receive this alert is it correct.
I do not know, why it cannot suppress and show as not a threat or dns hijack
It seems that it is false positive ok.
give me ideas.
Hi, So many persons would be using avast antivirus free for longtime and if any one of them scan with wifi inspector, then the scan result is false positive dns hijack.
I do not know, how then one could use avast free antivirus without these bugs.
I hope some avast staff would do the needful in the matter.
I am a long lover of this antivirus as it gives me alerts as it promised.
can I expect a reply in this regard.
Hi, R(a)avast, ofcourse, I tried tracert on some of the scan alert websites.
Yes, the tracert is redirected. I understand.
So, if you use google dns, in the place, then you do not have dns hijack alert, this is because, google dns does not redirect such.
So, if you use ISPs dns, which redirects, then, your dns is hijacked and you need to change the dns to public dns.
what is the logic behind this kind of alerts.
As a regular user of this vastly secured and improved av, May I get a detailed reply
Hi,
Are you using a VPN, by any chance?
it seems like it was that simple, that you needed to disable “DDNS.”
DDNS is disabled by default on my linksys router.
i don’t think that it has anything to do with which DNS servers you use. rather, it has to do with whether or not “DDNS” is enabled.
if you need to have DDNS enabled, i imagine that there is an option to set the avast program to ignore the issue, where it will not generate an alert about DDNS being enabled.