Bbox: Dnspoof? Gestionbbox.lan/index.html?nm=1&client=192.168.1.1&server=198.18.1.26&event=dnsspoofed&url=


Safety

Topic:

Safety

  1. Tezcatlipoca wrote: 07/20/2013 at 7:11pm

Default bbox: dnspoof? gestionbbox.lan/index.html?nm=1&client=192.168.1.1&server=198.18.1.26&event=DNSSpoofed&url=


  1. Good morning everyone,
  2. I was surprised to see in the Chrome history the following link:
  3. gestionbbox.lan/index.html?nm=1&client=192.168.1.1&server=198.18.1.26&event=DNSSpoofed&url=monforum.com/forum/ucp.php?i=pm&folder=inbox
  4. The link is purely and simply my mailbox on a forum that I manage.
  5. The client ip is my android phone? the server… I don’t know?
  6. The ip of my BBOX router is : 192.168.1.254
  7. Since I’m not a network specialist and I find the term DNSSpoofed more than dubious… I would have liked your opinion?
  8. Thank you in advance
    :ccool:
  9. Mygale1978 wrote: 20/07/2013 at 19h56

Default


  1. Hi,
  2. it is not impossible that someone could have broken into your lan especially if your bbox has for example a wifi configuration with a weak encryption (wep) or a wifi without security. or a wpa encryption with a passphrase that can easily be cracked by brute force.
  3. If a hacker has actually hacked into your lane, nothing prevents him from launching man-in-the-middle attacks to intercept your traffic from a client machine and try to retrieve sensitive information such as passwords.
  4. Tezcatlipoca wrote: 20/07/2013 at 8:35pm

Default


  1. Hello, thank you for your answer, it is kind of you. The problem is that I use WPA2.
  2. Maybe it’s a bbox measure to fight DNS spoof, but I still don’t see what this server ip is? I can’t find anything on it except one case…
  3. I’m gonna change my wi-fi pass as a precaution. I found a similar case but for another router: http://www.techie7.com/help/general-…nsspoofed.html
  4. JML19 wrote: 20/07/2013 at 20h38

Default


  1. Good evening
  2. 198.18.1.26 it is the IP of the machine that made this query.
  3. I think you’re dealing with an American:
  4. Look (HERE).
  5. messinese wrote: 22/07/2013 at 11:11am

Default

  1. Quote
    Sent by Tezcatlipoca
    View message

  2. Hello, thank you for your answer, it’s kind of you. The problem is that I use WPA2.
  3. Maybe it’s a bbox measure to fight DNS spoof, but I still don’t see what this server ip is? I can’t find anything on it except one case…
  4. I’m gonna change my wi-fi pass as a precaution. I found a similar case but for another router: http://www.techie7.com/help/general-…nsspoofed.html
  5. Hi, so just for info BBkeys/stkeys tools allow you to generate WPA/WPA2 keys for BBoxes in … 2 minutes
    :P
    .
  6. It’s not new and has been corrected in the latest bboxes, but there are still a lot of them that are still available.
  7. That’s because for the default WPA/WPA2 they had a great idea: starting from SSID….
  8. To meditate…
  9. Commander.
  10. PS: concerning the source I would say that it is (as it is astonishing :^) especially a proxy :

    http://187.62.209.6/projetos/open-proxy/nmap-result.txt

  11. Tezcatlipoca wrote: 26/07/2013 at 22h30

Default


  1. Thank you for your answers, simply aberrant this security flaw, at least it explains… particularly serious things if this is true because it is probably not the neighbour having fun.
  2. Are you sure it’s a proxy?
  3. messinese wrote: 31/07/2013 at 10:26am

Default


  1. Well that is, unless the range of your signal goes all the way to the US I can’t see how it could be any other way, in fact
    ;)
    .
  2. In fact, a close look at the request suggests that this person may have attempted to exploit an SRFC vulnerability (see below).
  3. Where are you at? Have you tried to find out if someone’s causing the attack in your lane?
  4. (Such a request can also be forged from the outside).
  5. Keep us posted. It’s a pretty interesting case.
    :P
  6. Yours sincerely.
You May Also Like