Detect DNS Hijacking in Routers with F-Secure Router Checker

DNS (domain name server) is a special server dedicated to translate the domain names into IPv4 or IPv6 addresses. So if you enter trishtech.com in your web browser’s address bar, the browser asks the operating system to find the IP addresses of trishtech.com. The operating system sends the request to the configured DNS and whatever IP addresses is returned is then forwarded to your web browser. Your web browser then uses this IP address to connect to the web server belonging to trishtech.com. All of this happens hundreds of times every minute as you visit a website in your PC.

All through this process, if somehow your PC is configured to use a malicious DNS, then this server might return the IP address of phishing or malicious websites. So even if you enter paypal.com in your web browser, because of the malicious DNS configuration, you will be sent to a malicious or phishing site that pretends to be PayPal.

You can configure your PC to use one of the most popular and safe public DNS servers using our own Public DNS Server Tool that works on all versions of Windows. But some malware hijack the router directly and change the DNS settings in the router itself. So if you connect to the internet through this hijacked router, no matter what device you use it will start using the malicious DNS servers.

F-Secure, one of the leading security firms in the world, has come up with a simple way to scan your router for any DNS hijacking. The way it checks your router is by matching the results of the DNS results from your PC through your router and from its own database. If there is any mismatch, there could be a possibility that your router is hijacked.

F-Secure Router Checker

F-Secure Router Checker is a web app and all you have to do is click on the Check your router button and wait. In the background, this web app is performing the analysis of the data received for the DNS requests of various domains. The results are soon displayed on your screen and if your router is hijacked, then you will be given instructions on how to protect your router.

In general, you can always reset your router to the factory settings and re-configure it to work with your ISP’s settings. You may have to call your ISP to know the settings that you have to use.  Furthermore, also try to upgrade the firmware of your router so that it uses the latest and safest version of router software.

Conclusion: Malicious DNS in a hijacked router can open phishing websites when you try to open legitimate websites. To protect yourself, you should check if your router is hijacked or not using F-Secure Router Checker.

You can access F-Secure Router Checker from https://campaigns.f-secure.com/router-checker/en_global/.