Spyware, Viruses, & Security forum

General discussion

Changing your router or dsl modem DNS IP address

by mchainmchain / May 5, 2012 4:42 PM PDT

This post is in response to the very active thread posted by Barbara re Fact or Fiction; People could lose their internet connection in July here: http://forums.cnet.com/7723-6132_102-562374/fact-or-fiction-people-could-lose-their-internet-connection-in-july/?tag=contentBody;threadListing sponsored by Lee Koo (Admin) CNET

As CNET does impose a space limitation on the number of responses on a given topic, I thought it best to begin a new how-to topic to reset DNS settings on your own router or dsl modem to avoid the loss of internet connectivity if you have the DNS Changer trojan on your router. I will provide for free a lisiting of the IP addresses you need, using free and available DNS IP (Internet Protocol Addresses) that are hosted by reputable vendors.

This is because the thread started by Barbara has yet to make available to others a step-by-step guide on securing your router or modem, and how securing your device will thus prevent unwanted changes to your internet connectivity, now and in the future, and the linked post above also has yet to go into the depth necessary on how to make these changes with any real clarity.

How to secure your modem or router:

1.) Many home users (read average computer user) are unaware of the fact that the router or dsl modem they use to connect to the home network or internet comes with a set of default settings created by the vendor of that device. The most common settings used are 'admin' for the administrator name, and 'password' to secure the device against outside attack or intrusion. This practice is industry-wide, and because of this, allows an outside hacker to directly change the settings within the device without the user knowing about it.

More commonly, a hacker will devise a malware script or executable that will make these changes automatically without user intervention. With social engineering (an email attachment purporting to be something else, but is actually a trojan in disguise) it is not necessary for the hacker to personally visit each device in question, but to merely send out this malware and have the user execute it when they open the attachment, as an example.

2.) Obviously, the administrator name must be changed from default to something else. And the password for securing the administrator account must be changed as well. When changing the administrator name from 'admin', you must use a name not easily guessable from the outside, and the same would be true for the password. Use a multi-character string for the password, such as (example) %rrTq20o+:2Y. Whatever you do, write both of them down. This will allow only you to make changes to your router or dsl modem. My dsl modem only allows fifteen characters to be entered, but the more you can enter the better off you will be.

3.) Gaining access to an unsecured router or dsl modem is very simple.

Open a browser (does not matter what you use, can be Internet Explorer, Firefox, Google Chrome, or any of the ilk) and type in 192.168.0.1 in the address box where a web site name and additional link information normally appears. Press enter to see your device specification page. A new web page will open containing the vendor name and various options involving the settings inside the router or dsl modem. If this does not work, then some other variation of an IP address specific to that make and model must be entered. Googling the vendor page usually is sufficient to obtain the needed IP address to access.

4.) Once you are in your configuration page, look for an advanced setup section, and go to the section usually marked as "Security". The exact wording will vary between vendors and make and model, and the device used. What you want is the section underneath marked "Administrator password"or something similar. If you are in the right place, you will see, indeed, that the default administrator name is 'admin' and the password for admin is 'password' or 'pswd'. The password section may be dotted out in a similar manner as when you would log in to your Windows system, but you can trust me, the word underlying those dots is 'password' or something similar.

5.) Change these two words to whatever you like and click apply. If done properly, and you wrote the new words down, the modem or router will reset and a new page will appear where you now need to enter the new words or characters to get in once again.

Your modem or router is now secure.

Changing the default DNS settings:

1.) Now that your device is secure, you need to re-enter your configuration page once again as above, and enter the new administrator name and password. Usually you must click apply to enter.

2.) Depending on the vendor, the section you want is the WAN (Wide Area Network) settings under, you guessed it, Advanced Settings or Setup. Click WAN under IP addressing or similar to enter. Scroll down to where you can see something related to changing your DNS settings. Default settings for DNS is almost always set to dynamic. There should be an option to change to static. What changing this setting does, is tell your router or modem to use the new IP addresses (there are two) instead of the ones DNS Changer trojan or your Internet Provider have assigned to you.

A quick look here using Google will show many available new IP addresses you can put here: http://www.google.com/#hl=en&sugexp=cqn%2Ccconf%3D0.95%2Cmin_length%3D2%2Crate_low%3D0.006%2Crate_high%3D0.006&gs_nf=1&gs_mss=dns%20ip%20addresse&cp=16&gs_id=10a&xhr=t&q=dns+ip+addresses&pf=p&sclient=psy-ab&oq=dns+ip+addresses&aq=0&aqi=g1g-v3&aql=f&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=aa8b317ec80710f&biw=1280&bih=828

All of the listings provided on the first page are rated as safe to visit by WOT (World Of Trust).

You are free to peruse and learn as much about this task as much as you wish.

Google provides the following static DNS IP addresses:

8.8.8.8

8.8.4.4

Open DNS (another reputable DNS vendor) provides these numbers, also static DNS IP addresses:

208.67.222.222

208.67.220.220

You can visit Open DNS here: http://www.opendns.com/

If you scroll down to the bottom of this page, you will see a link (provided here: http://blog.opendns.com/2012/05/03/opendns-cloudflare-dnschanger-solution-or-how-to-not-lose-internet-on-july-9/ )
that will provide a step-by-step guide on how to make the static DNS IP address changes specific to the device you own here: https://store.opendns.com/setup/router/

While not comprehensive and all inclusive, my guide should show why the need to secure your device is necessary and not that hard to do; and why securing your device is proactive rather than reactive.

I have changed my modem settings manually to Open DNS sometime ago; and am quite satisfied with the results and security this change has brought.

You are free to choose whatever DNS vendor you wish. For most users, merely securing your device is enough.

If you write down the original settings, you can always revert back to the default settings, just so you know.

All links provided are in original form and syntax, no shortened url's are ever used, so no surprises lurk anywhere for the unsuspecting user.

Hope this helps.

Discussion is locked
You are posting a reply to: Changing your router or dsl modem DNS IP address
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Changing your router or dsl modem DNS IP address
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Another informative article below:
by mchainmchain / May 12, 2012 4:38 AM PDT

DNS Changer Trojan here: http://www.pcworld.com/article/255137/protect_yourself_from_dnschanger.html

Whilst merely resetting your router or dsl modem back to factory defaults should take care of any rogue DNS IP addresses listed in your device, you will still need to confirm that it is not using a rogue DNS IP address after reset.

As above, cleaning your computer system of DNS Changer Trojan may not be enough, check your device for this as well.

Resident antiviruses do not normally scan routers or dsl modems, so the rootkit/infection can/would be undetected in these devices. You will not know until you check.

Collapse -
thanks
by peewee05 / May 14, 2012 5:17 AM PDT

So, when I go into changing the default DNS settings, when I change to static, I can use those two 208. static addresses you provided?

Hate to admit how ignorant I am with this stuff, but I clicked on that google link which gave the pages about IP addresses and, well, I couldn't make head-nor-tail of it. Again, I could just use those two 208 ones when prompted?

( ._.)

Collapse -
Yes. WAN DNS Static IP Addresses
by mchainmchain / May 14, 2012 3:21 PM PDT
In reply to: thanks

IP Addressing

then

WAN (Wide Area Network) category

then

scroll down until you see a setting for dynamic DNS. Click or change to static DNS.

then

a new box or drop down will appear in this form 0.0.0.0 There will be two new boxes displayed.

then

Highlight the first box and type in 208.67.222.222 Flashing cursor will skip automatically to next box but will stick in the 67 box. Use the mouse to move the flashing cursor to the next box to the right when it does not jump. Reason this happens is because the cursor is looking for a third number in the "67" box, and there is no such number.

then

Repeat same for next box marked 0.0.0.0, but enter 208.67.220.220

Click "apply" or "save" to save your changes

You will have in the static boxes new information like this:

208.67.222.222
208.67.220.220

where they were once 0.0.0.0 for static DNS IP addresses before you changed it.

Reason for two static addresses is for backup and reliability purposes; if the first is jammed or too slow due to high traffic, the second is available to use without you needing to do anything.

You now have Open DNS as your DNS Servers for access to the internet.

Be sure your device is secured as well.

Collapse -
Sorry if i'm bugging you
by peewee05 / May 14, 2012 11:23 PM PDT

I typed in my linksys router address and a drop down box came down asking me for a username and password

the server 192.168.1.1:80 requires a username and password. The server says: WRT54G


Just typing in "admin" in the password box isn't working.

Collapse -
Re: router management page
by Kees_B Forum moderator / May 14, 2012 11:43 PM PDT

The user manual should tell the default username and password. That's valid unless it was changed by somebody (you?). And it should tell how to reset the router to go bnack to the default (usually a small button reached by pressing a paperclip into a very small hole).
I didn't check the manual of your router. I'm sure you can do that yourself.

Kees

Collapse -
Again, thanks for your help
by peewee05 / May 15, 2012 11:11 AM PDT

Okay, now I have a password of jumble and static DNS.

Now let me ask, yet another I'm sure, dumb question. When I go into my Network Preferences and look up my DNS server addresses, it's the same as my IP. Is that standard when changing the DNS settings on the router?

Collapse -
Feel silly
by peewee05 / May 15, 2012 11:16 AM PDT

When I check on my XP, they are still the same as they were before, non-rogue servers. On my MacBook is where the DNS is the same as the IP.

Collapse -
Changing DNS Settings:
by mchainmchain / May 15, 2012 11:19 PM PDT
In reply to: Feel silly

This is optional.

As long as both the computer(s) have good known DNS IP addresses, and the router does as well, then you do not need to do anything. You do not have the DNS Changer Trojan.

Reason for the computer DNS settings being the way they are, is because they are set as dynamic. This is the default setting. That is, the operating system chooses the DNS setting automatically, without your user input.

Changing to a static setting tells the computer (or router) to use the DNS IP address you put in.

Securing your router or dsl modem is the important thing here.

Collapse -
re: changing DNS settings
by peewee05 / May 16, 2012 4:05 AM PDT
In reply to: Changing DNS Settings:

Any reason why I wouldn't be able to connect to the internet this morning, when I was able to last night after I secured my router and switched to open DNS? I looked at it and the DNS addresses are now those two static ones.

Collapse -
Reset?
by mchainmchain / May 16, 2012 3:28 PM PDT

You can reset the DNS settings you changed back to the original dynamic settings by clicking it there.

Securing your router is the important thing.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!