What is DNS Hijacking and how do I know if my router has suffered this attack?

Today, almost the entire population of the world has access to the internet and knows how to surf the net. But surfing the internet implies exposing yourself to certain risks from which no one is exempt.

On many pages you must leave personal data, addresses and even contact numbers and even credit card numbers, so if we don’t protect ourselves well, we can be the victim of a cyber attack.

When browsing and searching web pages, the results will always be based on a numeric IP address. In other words, when entering a search, the server provides the IP address of said domain .

DNS are responsible for collecting search information and providing addresses. However, a new form of computer attack is emerging known as DNS Hijacking where we are redirected to a page other than the desired one in order to scam all users.

In this article we will teach you what DNS Hijacking is and how to know if your router has suffered this attack, so that you do not risk when browsing and avoid falling into a scam.

What is DNS and how does it work?

DNS (Domain Name System) is a structure in the form of a web database that serves to resolve and organize names on the network. Basically they allow us to know the IP address of the website we want to access.

The function of DNS consists of storing many IP addresses and making requests to the authority zones of the web in case of not having the IP address requested by the user, in such a way that when we perform a search the DNS will return the corresponding IP address to what we request.

What is DNS Hijacking?

When you search for information on the web, you request an IP address. If you have not previously visited the pages, your computer will contact the DNS who will be in charge of providing the requested IP address; However, it is known as DNS Hijacking when the request is intercepted by computer hackers who are responsible for redirecting users to other pages.

There are several types of DNS Hijacking. In some cases, cybercriminals hijack users’ own router, computer, or DNS.

Router hijacking

This occurs because users almost never change the default username and password, which is usually admin and admin. By breaching the router, the hacker can easily invade the device’s software .

At this point he is able to change the configuration, including DNS, specifying whatever he wants. For this reason, every time the user wants to access a page, he runs the risk of being redirected to a fraud page .

Local kidnapping

In this case, the victim of the attack is the user’s own computer. Through Trojan viruses , the attacker can access the DNS settings of the computer. In such a way that, as in the previous case, any browsing attempt can be redirected to another page that the attacker wants.

How do I know if my router is a victim of DNS Hijack?

Because the attack consists of altering the servers that are serving our searches, one of the first options that can be taken to verify if we are victims of this attack is to see the servers that are in charge of solving our searches. We can check this on the local network of our computer.

Another way to check the DNS that our searches serve us is through CMD, using the command ipconfig / all

One of the best ways to check DNS and confirm if we are under attack is to do a public query and verify the DNS that are responding through DNS check sites. Some highly recommended are DNS Leak Test and What’s my DNS Server

Security measures to avoid a DNS Hijack

First, the security of the router must be strengthened. The next thing is to ask your internet provider to configure your router in brigde mode and configure your router to take WAN IP dynamically. 


Leave a Comment