What is DNS:
DNS stands for “Domain Name System”, it works like a “Phone Book” for the Internet. Each computer on the internet has an IP (Internet Protocol) address, which is similar to a Phone Number. DNS is used by your computer to look up the website name (i.e. “www.whitecourtcommunications.ca”) and translate that to an IP Address, similar to how you would use a phone book. The IP address is then used by the computer to “call” another computer on the internet, which returns the webpage information to your computer so it can display it for you. In order for DNS to function, your computer needs to know the IP address of at least one “DNS Server”. Normally, your Internet Service Provider (i.e. ISP) will provide your router (and in turn your computer) with the appropriate settings, and everything will work automatically.
Why you should verify your DNS settings:
Recently, a significant number of our customers have been victim to DNS Hijacking attacks. These attacks have been targeting our customers routers, changing their DNS settings to malicious DNS servers run by the attackers. Changing the DNS settings allows attackers to redirect the victim to a page of their choosing or any page on the internet.
Note: Much of the literature concerning Hijacking on the Internet concerns ISPs redirecting DNS traffic through their own DNS servers. This is a separate issue, which does not apply in this case. We DO NOT intercept or redirect any DNS traffic from our customers.
This is an issue which we take very seriously. With that in mind, we have developed a tool to help identify routers which are using non-standard DNS settings.
Verifying your DNS Settings:
Your Current DNS Server’s IP is: Unknown, please wait
You appear to be using the correct DNS Servers:
You are probably not affected by this particular attack at this time. However, you may still be vulnerable to similar attacks. It is important to ensure your Anti-virus, Anti-malware, and Operating System Software are up to date (and perform regular scans) to provide the best protection possible.
You may also want to re-check this page at a later time if your computer starts behaving oddly in the future.
You do not appear to be using our DNS Servers:
Normally, you should see one of these IP addresses above:
- 126.96.36.199 through 188.8.131.52
- 184.108.40.206 through 220.127.116.11
- 18.104.22.168 or 22.214.171.124
- If you have intentionally changed your DNS settings for some reason, We recommend you change your DNS back to one of our servers and test again. Verifing the IP address shown is appropriate to your alternate DNS provider is very difficult, as the ip information shown may not match the IP information you enter for legitimate reasons. (Google’s DNS, for example, uses ip addresses other than their published ones for DNS lookup.) You can find good information on the IP using tcpiptools (search for the IP in whois, and for the DNS PTR record)
- Otherwise, you may be a victim of this attack. Please contact our offices so we can work to resolve your issue.
You appear to be running your own DNS Server:
If you are at a business site, you may be running a local DNS server. Verify with your Network administrator that this should be the case.
You may also see this message if your router is performing DNS lookups for you.
If you are not sure, we recommend scanning your computer with antivirus and malware detection tools, to ensure your systems are clean.
The computer you are testing from is not using Whitecourt Communications Internet:
We cannot verify if your DNS Server settings are correct. You must verify the DNS information shown above with your Internet Provider (ISP).
What can you do to protect yourself:
There are several things you can do which will reduce the risk of your router being hacked:
- Keep your router software up to date. The manufacturer of your router should provide regular updates to your routers firmware. It is important to check for updates regularly, and apply them. Your router should have a model number visible on a sticker on the bottom, search for the model on the manufacturer’s support website for the latest firmware and installation instructions.
- Disable remote access to the router. Many router exploits used in this hack require remote access to be turned on, or access from the local network side to work. Disabling remote access to the router will help make these attacks more difficult.