On Feb 3, 2014 10:02 PM, "walt" <[email protected]> wrote:
>
> On 02/03/2014 10:25 AM, Alexander Kapshuk wrote:
> > Howdy,
> >
> > I connect to the Internet via a TP-LINK TD-W8101G Wireles ADSL2+ model
> > router. It has been set up to acquire IP addresses via DHCP. My
> > '/etc/resolve.conf' has been getting populated like so from the word go:
> > cat /etc/resolv.conf
> > # Generated by dhcpcd from enp4s0
> > # /etc/resolv.conf.head can replace this line
> > nameserver 192.168.1.1
> > # /etc/resolv.conf.tail can replace this line
> >
> > This morning, I discovered that the nameserver IP address in my
> > '/etc/resolve.conf' had changed:
> > cat /etc/resolv.conf
> > # Generated by dhcpcd from enp4s0
> > # /etc/resolv.conf.head can replace this line
> > nameserver 5.45.75.11
> > # /etc/resolv.conf.tail can replace this line
> >
> > I contacted my ISP about it. They said the nameserver in question was
> > not theirs.
> >
> > The whole thing began to smell fishy.
> >
> > What I've done so far is, I've reset my router to the default settings
> > and set it up again.
> > I've also changed the admin console password, as well as the WiFi access
> > point password.
> >
> > As a result, my nameserver IP address has been defined as 192.168.1.1.
> >
> > Anything else I can do to ensure my system has not been compromised?
>
> Google the number 32764 and you'll find a lot of info on a particular
> router bug. You'll see a link to Steve Gibson's grc.com, where you can
> scan for port 32764 on your router to see if it's listening.
>
>
>
Thanks. I'll look into that.
