-
-
Save INDIAN2020/c1c0e2bf551d58b4ceb9513123b52542 to your computer and use it in GitHub Desktop.
Windows DNS ... still a unsolved issue!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 203.131.145 | |
| 203.131.150 to 199.203.131.152 | |
| 163.142.2 to 82.163.142.7 | |
| 163.142.66 to 82.163.142.70 | |
| 163.142.130 to 82.163.142.189 | |
| 163.143.131 to 82.163.143.190 | |
| 211.158.129 to 95.211.158.135 | |
| 211.158.145 to 95.211.158.151 | |
| 163.143.23 to 82.163.143.250 | |
| 88.193.133 to 209.88.193.141 | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MSIL/Adware.CloudGuard.Capplication | |
| Win32/Agent.XSF trojan | |
| Win32/DNSCanger.NDItrojan | |
| Win32/Adware.Adposhel.Fapplication | |
| reported by Eset | |
| I not provide checksums. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| None? This would require something which monitors the registry all the time, like an AV. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows DNS entry: | |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ | |
| Since Windows considers that the Primary and Secondary DNS servers are already set (but not shown to you), when you fill in the Preferred and Alternate fields, Windows just appends these new settings to the end of the list in the registry like this: | |
| 192.168.1.21 192.168.1.22,208.67.222.123,208.67.220.123 | |
| As you can see, Windows uses comma delimitation for the third and fourth DNS server entries, but leaves the existing space delimiter between the first and second addresses. | |
| Research and Source: | |
| * https://technet.microsoft.com/en-us/library/cc962470.aspx | |
| * http://www.welivesecurity.com/2016/06/02/crouching-tiger-hidden-dns/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment