mahalanobis's profile

Contributor

 • 

1 Message

Mon, Dec 8, 2014 3:24 AM

DNS Hijacking?

I have uVerse internet service delivered to my home via the motorola NVG589 on default settings.

 

Today, only my home phone service works. TV and internet do not work. I investigated the issue and found that the residential gateway is not giving valid DNS replies: every request returns the IP address of the RG.

 

I was motivated to post here upon further investigation. Attempts to use DNS services with Google and OpenDNS return the RG IP address, too. I can ping the outside world just fine using IP addresses I get from other services. I can use a VPN to wrap my DNS queries just fine.

 

Why does "dig @8.8.8.8 google.com" on my linux box return the IP address of my RG as if it had been supplied by Google's DNS server?

 

Is my NVG589 hjacking my DNS requests? Has uVerse told my RG to essentially engage in MiM attacks on my browsing?

mibrnsurg

Expert

 • 

20.4K Messages

Il y a 8 y

@mahalanobis I'd do a hard reboot by unplug/plug in power after 30 seconds, but first remove the backup battery.  Then when the 589 is green, put the backup battery back in.

 

This will fix many 589 problems, let us know if it worked, good luck. 😉

 

Chris
__________________________________________________________

Please NO SD stretch-o-vision or 480 SD HD Channels
Need Help? PM ATT Uverse Care (all service problems)
ATT Customer Care(all other problems)
Your Results May Vary, In My Humble Opinion
I Call It Like I See It, Simply a U-verse user, nothing more

JefferMC

ACE - Expert

 • 

28.7K Messages

Il y a 8 y

Your NVG 589 gives out its address as the Default Gateway and as the DNS Responder when answering DHCP requests.  It serves as a DNS forwarder.  This is normal behavior for any ISP's Gateway router.

 

Can you explain this statement: "Attempts to use DNS services with Google and OpenDNS return the RG IP address, too."  i.e. how you attempted and what results you got.

 

Edit, okay, sorry, I see that you've referenced this "dig" command.  I've not seen anything like that happening.  I'm wondering if your NVG 589 is temporarily losing connection to the network?  Sometimes when that happens the Motorola NVG series does strange things.

 

Contributor

 • 

1 Message

Il y a 5 y

2017-11-25T06:32:02-06:00hurl
host=att.com uri=/support hijacked
2017-11-25T06:32:02-06:00 
Previous log entry repeated 1 times
2017-11-25T06:31:33-06:00hurl
host=clients3.google.com uri=/generate_204 hijacked
2017-11-25T06:29:38-06:00hurl
host=clients3.google.com uri=/generate_204 hijacked
Need help?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.