Gentoo Archives: gentoo-user

From: Alexander Kapshuk <alexander.kapshuk@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] re: ADSL+WiFi modem router possibly compromised
Date: Mon, 03 Feb 2014 18:24:29
1 Howdy,
3 I connect to the Internet via a TP-LINK TD-W8101G Wireles ADSL2+ model
4 router. It has been set up to acquire IP addresses via DHCP. My
5 '/etc/resolve.conf' has been getting populated like so from the word go:
6 cat /etc/resolv.conf
7 # Generated by dhcpcd from enp4s0
8 # /etc/resolv.conf.head can replace this line
9 nameserver
10 # /etc/resolv.conf.tail can replace this line
12 This morning, I discovered that the nameserver IP address in my
13 '/etc/resolve.conf' had changed:
14 cat /etc/resolv.conf
15 # Generated by dhcpcd from enp4s0
16 # /etc/resolv.conf.head can replace this line
17 nameserver
18 # /etc/resolv.conf.tail can replace this line
20 I contacted my ISP about it. They said the nameserver in question was
21 not theirs.
23 The whole thing began to smell fishy.
25 What I've done so far is, I've reset my router to the default settings
26 and set it up again.
27 I've also changed the admin console password, as well as the WiFi access
28 point password.
30 As a result, my nameserver IP address has been defined as
32 Anything else I can do to ensure my system has not been compromised?
34 Thanks.
36 Alexander Kapshuk.


Subject Author
[gentoo-user] Re: ADSL+WiFi modem router possibly compromised walt <w41ter@×××××.com>