The DNS Changer: End of the Internet–or not

There has been a lot of talk in the news about this DNS Changer worm, and how it will cause people to lose their internet connection on Monday. I wanted to take a moment to clear some things up, as the news basically points you to the FBI’s site (and their information). The link to their information is here.

So, here we go…

  1. Originally there were over 14 million estimated computers infected with these worms. Through the FBI and ISP’s sending out warnings, that number has decreased dramtically. RIght now, in the US, it’s estimated that only 70,000 devices are infected. (Worldwide stats are available from the FBI.) This is why they’re shutting down the servers.

  2. The FBI set up it’s own DNS Servers at the “rogue” IP Addresses, because with so many infected computers, it would have been catastrophic to shut the sites down cold. Imagine waking up to find that over 14 MILLION people have lost internet access suddenly.

  3. Basically what’s happening is this: DNS is like calling directory assistance and getting someone’s phone number. Your browser does this, when it doesn’t know the address (think phone number) of a website. That virus changed those “Directory Assistance” numbers to it’s own set. So it’s as if you were calling a special number for Directory Assistance, and they gave you what numbers they wanted you to dial (not necessarily the number to the person you were calling). Or they gave you a number that would charge your phone bill on their behalf (like using a Phone card to call).

In terms of DNS, your browser would either get sent to an ad site, porn site, or something else, when you typed in a site name. Or if you did a search, it would fake the results of the search with malicious sites (where you could be infected with other viruses), or it would replace the ads on a legitimate site (since your browser had to get the ads from somewhere), with their own ads. It was hinted that the viruses would also capture your passwords, but I haven’t seen anything openly saying that. Although if someone’s infected with any virus, they’ll want to change their passwords after fixing their computer.

** Another common analogy for DNS is like sending a letter through the Post Office, but to be honest, I’m not sure how this would play out in that scenario.

How do you know if you’re infected with the worm?

The easiest way to check your computer is to visit this site for their steps. They have a page which will tell you (via a green or red background on a picture) if you’re infected or not. One drawback is if your ISP “fixes” or alters DNS entries, it may look like you’re clean, when you’re really not.

As for what to check on your computer, here’s what to do:

For Windows Users:

  1. Click the Start orb, and type cmd in the bottom box (where it says “Search”).
  2. Click on Command Prompt (or cmd) in the results at the top.

** These instructions are for Windows Vista/7 users mainly. In older versions of windows, it would be the start button, then Run… and type cmd, or (in all versions of Windows) you can also press the Windows Key and the R key at the same time, and type cmd in the “Run…” box that pops up.

  1. Type in ipconfig /all (or copy and paste from this post).

You’re going to get a lot of information on the screen. What you’re looking for will say something like this:

Local Area Connection (Ethernet)
IP Address: 192.168.x.x (could be something like
Subnet Mask:
Default Gateway: 192.168.x.1 or 192.168.x.254 (whatever the IP Address from your modem or router is)
DNS Servers:

*Those are what you’re looking for ***

What the link said to do was look at the first set of xxx’s in each DNS server. If it’s in their table, then look at the second set of xxx’s in each server. If that’s in the table, look at the third set, and so on. If at ANY point, you find a set of xxx’s that’s not listed in their table, you can stop. Even if it’s one number.

Here is the table that they are referring to.

Rogue DNS Servers through through through through through through

If your DNS Servers are the same as your “Default Gateway” up above, then you need to log into your modem and check them from it. If you have just a modem, then you’ll probably want to call your ISP for help with this. Unless of course, you’ve logged into it enough times that you know what to do. If you have a separate router (like a Linksys, Cisco, or Netgear router for example) that your computer is plugged into, you should be able to go to their site and get information on how to log in. The steps here are general (as the pages and passwords are different for each router).

  1. In your browser, type in the IP Address for your Default Gateway and hti enter.
  2. On the screen that comes up, type in the username and password for your router (NOTE** if you haven’t changed these from the default (usually admin for both), YOU NEED TO DO THAT!!!!!!!!!!!)
  3. You will be presented with the setup screens for your router. You want to look for the DNS information screens (first look at your Status screens, and if the DNS Entries aren’t there (or are the rogue entries) then look for how to configure them).
  4. If your DNS Entries are the rogue entries in the table, then you need to change them back to “good” ones (or follow whatever steps are needed to have your ISP automatically provide them). Personally, I recommend using Public DNS entries (like and for OpenDNS or and for Google DNS), but it’s your decision whether to use your ISP’s or not.

Apply the changes, and restart your computers after the modem/router restarts. You should be all set for Monday.

For Linux users, you’ll either want to check your /etc/resolv.conf file to see if it has the rogue DNS servers or manually edit your network connections (or router/modem).

And for Mac users, you’ll want to check the instructions from the FBI’s website link.

If your computer is/was infected, you need to take steps to clean it. On the link that I provided above for detecting whether you’re infected, they have links to tools for cleaning your computer. After running these tool(s) and making sure your comptuer is clean, you most defiinitely want to change ALL of your passwords. This goes without saying for any malware that’s on your computer (not just this one).

Good luck, and I’ll see you on Monday (hopefully).

Have a great day:)

Configuring a Cisco Router to support a LAN on DSL

One of the things that I accomplished in the past month was to convert my network from a “modem to consumer router to computers” to a “modem to Cisco Enterprise Router to Cisco Enterprise Switch to computers (with the consumer router proving wireless access).  And on top of that, I enabled IPv6 on the entire network with my /64 network from Hurricane Electric.  Both feats took some effort to accomplish, although I owe a great deal of thanks to the people at DSL Reports Cisco Hardware Forums.

To make someone else’s life a little easier, I’m posting my completed (sanitized to remove passwords and actual IP Addresses) configuration file for the router up here.  As for the switch, I simply configured one vlan (vlan 1) with an IP Address from my excluded IP’s and configured security on it.  If the text has a * or () then it’s a comment.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname whatrouteriscalled
enable secret 5 removed-password
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address eth0 ipv4 address
ip dhcp excluded-address switch vlan management ipv4 address
ip dhcp excluded-address server ipv4 address
ip dhcp excluded-address wireless router ipv4 address
ip dhcp excluded-address optional ipv4 (needed for a desktop
ip dhcp excluded-address second wireless router ipv4 address (open wireless)
ip dhcp pool internal-network
   network ipv4network (.0)
   default-router eth0 ipv4 address
   dns-server (OpenDNS Public IPv4 addresses)
vpdn enable
vpdn-group 1
  protocol pppoe
ipv6 unicast-routing *enables IPv6 and allows for routing
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address client-side ipv6 address/64
ipv6 enable
tunnel source Dialer1
tunnel destination server side ipv4 address for
tunnel mode ipv6ip
interface Ethernet0
description My LAN Interface
ip address eth0 ipv4 address
ip nat inside
no ip mroute-cache
ipv6 address ipv6 network address/64 eui-64 *(ends in ::)
ipv6 enable
no cdp enable
interface Ethernet1
description Physical ADSL Interface (Facing the ISP)
no ip address
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
interface Serial0
no ip address
no ip mroute-cache
no cdp enable
interface Serial1
no ip address
no ip mroute-cache
no cdp enable
interface Dialer1
description Logical ADSL Interface
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username provided by ISP
ppp chap password 7 encrypted password provided by ISP
ppp pap sent-username username provided by ISP password 7 encrypted password from ISP
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp server ipv4 address 4125 interface Dialer1 4125
ip nat inside source static tcp server ipv4 address 443 interface Dialer1 443
ip nat inside source static tcp server ipv4 address 80 interface Dialer1 80
no ip http server
ip classless
ip route Dialer1
access-list 10 permit ipv4 network (.0)
dialer-list 1 protocol ip permit
no cdp run
ipv6 route ::/0 Tunnel0
line con 0
exec-timeout 120 0
password 7 password (encrypted)
stopbits 1
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 password (encrypted)
no login
length 0
scheduler max-task-time 5000

Some notes…  The ! are ignored by the router, so you don’t need to put them in.  If you want to create comments for what things are doing, you’ll precede them with the ! (and the router will throw them out when it’s configuring).

It was recommended that I (and you) use service password-encryption which will automatically encrypt any passwords (minimizing the need for removing them).  If you use this, and it puts a “7” before the password, you still need to remove it (as the encryption is weak) but if it has a “5” before it (like the enable secret does) it’s stronger.  Personally, I’ll remove them all from the config anyhow.

This should be considered a starting point for you, as everyone’s situation is different.  And this should be a starting point, if you’re interested in learning (for your CCNA or CCNP or just for the sheer joy of it) about Cisco configurations.

Have a great daySmile

IPv6 accessible websites

This is going to be a list of IPv6 accessible websites.  Some of them will be accessible regardless of whether you have IPv6 enabled or not, but others will only be available via IPv6.  As I get more, I will add them to the list…  Here we go. Countdown to the exhaustion of IPv4 addresses

Checking to see whether you have IPv6 enabled: (also has information and an older list of sites)

Search engines:  (There’s only one that actually has an IPv6 address that I know of) (will return an error if you don’t have IPv6 enabled)

A list of Internet Providers who will give you an IPv6 address (I’m going to call a few around the US to find out if they offer it as well) Comcast is running IPv6 trials, and has this portal Cambridge University Institute of Astronomy (IPv6 only) Workshop with different information on IPv6 Surge Radio (UK) IPv6 at Southampton University (may not load)

And most importantly…..  Facebook has IPv6 access.  Now that’s a reason to switch (granted it looks the same as IPv4, but by using it, you’ll be helping the Internet)

I’ve sent comments to LinkedIN and MySpace to find out if, and when, they’ll have IPv6 capabilities.  Also, Google has IPv6 capability enabled on quite a few of their sites.  Including YouTube.

Comcast is testing out IPv6 and will hopefully phase it in within the next year.  This is the dilemma for people.  Everyone knows that the end of IPv4 is coming.  And most know that it will be within the next two years.  But, since they believe that even after all of the IPv4 addresses are doled out they’ll still be able to function, no one’s in a hurry to transition.  So, it’s up to US the people to convince them to make the change.

As I get more sites, I’ll update this list.

Have a great daySmile

IPv6 The Wave of the Future Catch it now, before it’s too late.

It’s been a while since I posted here, but I wanted to touch on this subject.  Recently, I set up a new home network consisting of Cisco routers and switches.  In the process of setting it up, one of the people who helped me made the comment about going to and getting an IPv6 Tunnel.  The comment was (paraphrased) get a tunnel from them, and get lost in it.  So, I did.

So what’s IPv6?

IPv6 is the newest standard for assigning IP Addresses to your devices on the network.  Right now, the majority of the people in the world (and sites on the Internet) use IPv4 addresses ( for example).  The reason that it’s called IPv4 is because there are 4 groups of 8 bits making up each IP address (0 – 255 in each group).  The problem with this is, there is a finite amount of IP Addresses available, and after 20+ years of widespread Internet usage, we’re running out. 

One of the last reports that I saw said we’ll run out in about 666 days or less.  No, the world won’t stop (and neither will the Internet) but when you go to get online with that new iPhone v7 (figuring that within the next 365 days, there will be a v5 and within the next 600 days a v6), you won’t be able to.  Or you’ll be seriously restricted in how long you can be on (or what you can do).

IPv6 uses a 128-bit IP Addressing scheme.  That’s 8 groups of 16 bits.  I don’t have the exact figure for how many that is, but essentially it’s enough that every single person and device in the world could have it’s own IP Address.  And we’d still have tons left.

So, I decided to take that plunge and get on IPv6 (of course I’m still on my IPv4 address too, as my Internet Provider doesn’t supply IPv6 addresses that I know of).  It took a little bit of finagling to get everything working (mainly because of my network setup and the fact that my router is about 6 years old).  But, I’m happy to say it works. 

So, how do you get on IPv6?  Well unless your Internet Provider is giving out IPv6 addresses (which very few are to my knowledge and you’ll most likely have to ask for one), you’ll have to sign up with a “tunnel” service like Hurricane Electric (  After you sign up, they will help you to set up your computer/network to use the IPv6.  You may or may not be able to disable the IPv4 access, depending on various factors.

An example of how you’ll do it on Windows Vista/7, is this (noting that you’ll have to open a Command Prompt as the administrator)

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel source-IPv4 destination-IPv4
netsh interface ipv6 add address IP6Tunnel IPv6-client (assigned by your tunnel)
netsh interface ipv6 add route ::/0 IP6Tunnel IPv6-server (assigned by your tunnel)

The “source-IPv4” is whatever IP address you signed up with, and the “destination-IPv4” is the IP Address (IPv4) of the tunnel.  The “add route” command is called a default route.  It means if there’s no other route known from your computer to whatever you’re trying to get to, then it goes through this route.

My next post is going to be a list of IPv6 websites.  Some will be information, and some will actually be accessible if you’re on IPv6.  My challenge to everyone is this:  Help me find sites.  The list that I found of sites that are IPv6 accessible is old (as in about 6 years).  So, I need more current sites.

I’ll start the list, and then I’ll edit it as I get more sites.

Have a great daySmile

Grandma endures wrongful ISP piracy suspension

Grandma endures wrongful ISP piracy suspension

Luckily for Cathi Paradiso, she was able to prove that the illegal downloading was not her fault.  Unfortunately, she fell victim to something that a lot of broadband users are unaware of.  The use of their internal networks for illegal means.

Cathi has a Qwest DSL modem.  Either she had wireless connectors at one time, or it was enabled for some other reason.  The wireless network WAS NOT SECURED, and people were using her modem as a gateway.  Some of them were downloading movies and television shows.  Her DSL was suspended due to this illegal downloading.

The article goes into the argument about whether ISP’s should be the Copyright Cops or not.  I’m going in a different approach—although I do have an opinion on that issue.  I’m looking at what YOU need to do to make sure that you’re not a victim (or make sure that the “Copyright Cops” have no reason to look at you).

If you do not have any wireless computers connected to your network, shut off the wireless on all routers, switches, and modems.  In the settings screen (one of them should be labeled Wireless or something similar), you should have the option to “Enable” or “Disable” wireless access.  Disable it.

If you do have wireless computers, make sure you’re using PKA or PKA2 (preferred) for your wireless security.  When you enable this, you’ll create a passphrase (NOT A PASSWORD) like “My very elderly mother just said Uh No Problem.”  (this is a phonetic to remember the planets back when Pluto was considered one).  You want to make it something that people can’t guess easily.  So, don’t make it your favorite quote, or a phrase that you blog about.  Make it something only you, and maybe your immediate family will remember.

I recommend OpenDNS for your DNS needs.  Your ISP will automatically supply you with their DNS, but OpenDNS will allow you to filter (read block) sites based on categories.  So, you can block movies and music and file sharing sites.  Of course this only works if the person jumping onto your network doesn’t have their own DNS specified (although if they have OpenDNS specified, it will use yours—not theirs).

Make sure that your router, modem, and OpenDNS passwords are strong.  It should be a minimum of 8 characters, contain Upper- and lower-case letters, numbers, and/or symbols.  And it should not be something that you blog or talk about (no pet names or anniversaries).  In fact, it needs to be fairly random—not really a word at all.

These tips won’t guarantee that you’ll never fall victim to copyright thieves (or the ISP or entertainment industry), but they will go a long ways towards protecting you.  So, please take the time to learn how to secure and set up your equipment, and make sure you do it.

Have a great day:)

Kubuntu 9.10—Getting on a network and going.

With Kubuntu, as well as other linux operating systems, you have two methods of getting your network up and running.  By this, I mean accessing the Internet.  If you need to access a local network which has Windows computers running on it, you will need to use SAMBA (which uses the SMB networking protocols in Windows).  That will be beyond this post, however I may touch on it in a future post.

I chose Kubuntu over Ubuntu, because the graphical networking configuration seemed a little easier to manage.  I’ve had various networking courses, and have configured a lot of different networks on Windows (and some Linux networks), but Ubuntu’s graphical network configuration threw me for a loop.  Kubuntu, however was simple to manage.

In Kubuntu for the most part, the networking will happen automatically.  You shouldn’t have to do anything, unless of course you don’t have DHCP enabled on your system (if you use static IP’s for example).  If it doesn’t connect automatically and your cables are plugged in, then you can use the Manage your Connections to create the connection.

If the connection is there, however you want to specify your IP address or DNS Servers, you can do this via the Manage Your Connections option, or use the command prompt.  In Kubuntu, you’ll use “sudo vi /etc/network/interfaces” to configure your IP address, Subnet Mask, and Default Gateway.  You’ll use “sudo vi /etc/resolv.conf” or “sudo emacs /etc/resolv.conf” to configure your DNS Servers.  These commands open up the command line editors vim or emacs respectively and load the requested file.

Before you attempt to configure your connections, you will want to run ifconfig and iwconfig in order to find out which connections you need.  ifconfig is the Linux equivalent of “ipconfig” in Windows (and shows you the interfaces that are active), and iwconfig does the same for wireless connections.

For example, to configure your IP address via the command line to with a subnet mask of and a default gateway (the router) of (on eth0), you will enter the following:

sudo vi /etc/network/interfaces

And inside of the file, you will edit the appropriate connection (denoted by eth0, or something similar)

You would type the following to edit eth0:

auto eth0:1
iface eth0:1 inet static

After saving and exiting vi, you would enter the following to restart your network with these values:

sudo /etc/init.d/networking restart

Breaking down the components if the /etc/network/interfaces file, we have the following:

  • auto eth0:1 This is the interface or Network Interface Card id, and the :1 is a sub-interface, which is more advanced than what I’ll cover here.
  • iface eth0:1 inet static  This tells the networking configuration that you are configuring interface (iface) eth0:1 as a static IP Address.
  • address is the IP address that you are using
  • netmask is the subnet mask of the network range.
  • network is the network ID number (Major network, if you will).
  • broadcast is the IP address that the network uses to broadcast to all addresses on the network at one time.
  • gateway is the IP address of your default gateway (the router, switch, or modem that your network is all connected to).

I covered configuring the DNS entries in my post on Configuring your DNS Servers on Linux.

Have a great day:)