We may often encounter DNS connection errors, but the number of times of DNS errors due to behind-the-scenes attacks increases gradually. In this discussion, you will find that the discussion of some common problems of DNS services has become a study of malicious software attacks.
The ITKE member kfettig posts the following question:
Two network users in my office suddenly cannot log on to some of the network sites they used to log on. I can use other machines in the office to successfully log on to these sites, and these two network users always receive the message "this page cannot be displayed" when trying to log on to the website; at the bottom of the error page, the error cause is: "DNS error or server not found ".
They can successfully log on to other network sites. This is not because I can log on to these sites on other machines... I tried to modify the security settings of the browser, but it didn't work very well. We have not made any changes to machines and networks: we have not installed new hardware and software. At the same time, the two computers were not infected with any viruses. If you can solve this problem, contact me!
Ghigbee, an ITKE Member, replied:
One way to quickly test whether the faulty machine stores the wrong DNS entry is to ping the website on a normal machine, and compare whether the resolution address is the same as the resolution address on the machine with the error. If the two addresses do not match, enter ipconfig/flushdns [a command to reset the DNS resolution server cache], log on to the website with an error again, and check whether the problem is resolved.
You can also check their local files, [a file indicating the ing between the local host name and IP address], to check whether some illegal content is written in the file, many viruses write some DNS information to your local file.
The ITKE member astpolicmer replied:
[Ghigbee] the idea of detecting local files is great, but I suggest you run well on two machines with errors) use nslookup [a program used to find a locally matched IP address]. Have they all obtained response information on the same DNS server? If the running status of the machine is the same, the response information will be the same. If they have the same running status but still get different responses, I suspect the problem is caused by DNS redirection or similar malware.
Kfettig replies:
Thank you, astpolicmer. I have never thought about comparing the two DNS servers, but I can be sure that after my tests) the machines with wrong work point to other DNS servers. I'm sure no one has modified these parameters. Is it because of malware? Thanks again for your reply...
Astpolicmer replied:
Malware can certainly do this. You may be shocked by the powerful functions of the current Java Script. I have seen a demo: The tester uploads a script to the IIS server, then downloads the script from other clients, just clicks the connection), and the client is damaged. He installed a keyboard recorder and used it to view the websites that customers used to visit. Later, he found a username and password used to log on to a commercial website on his hacker server. Later, he browsed the local network and found a DSL dial, so he tried to use the default Administrator account and password of the manufacturer to open it. There is no doubt that this will be the next area with more attack risks.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
