Strange DNS appear on my /etc/resolv.conf

Here you can discuss every aspect of Debian. Note: not for support requests!

Strange DNS appear on my /etc/resolv.conf

Postby paragasu » 2016-11-29 23:43

I notice the problem when my browser start to open porn website everytime i have a spelling mistake on my browser.
Upon inspection, i notice some strange IP 128.199.124.1 on my /etc/resolv.conf.

Looking around, i found the generate lease file in the directory /var/lib/NetworkManager/dhclient-c99190ee-3581-485b-bb5e-d303899495a5-wlan0.lease

Code: Select all
default-duid "\000\004\324\014\266\025\315\352\245\227\245\366\017\335l\023\342k";
lease {
  interface "wlan0";
  fixed-address 192.168.1.7;
  option subnet-mask 255.255.255.0;
  option dhcp-lease-time 10800;
  option routers 192.168.1.1;
  option dhcp-message-type 5;
  option dhcp-server-identifier 192.168.1.1;
  option domain-name-servers 127.0.0.1,128.199.124.1,8.8.8.8;
  option domain-name "domain.name";
  renew 3 2016/11/30 00:09:02;
  rebind 3 2016/11/30 01:31:58;
  expire 3 2016/11/30 01:54:28;
}


Deleting the lease file above won't work because it keep being generated every time i connect to to the Wifi router at home.
I need to know how the lease generated and where the IP 128.199.124.1 been configured to automatically being added to domain-name-servers option in the lease file.

How did i get it in my configuration file?

Btw, i found the IP configured as static dns on my router. I already remove it from router & update the router firmware.
My debian laptop & debian dekstop (both jessie) has the same problem.

The solution i come up so far is chattr +i /etc/resolv.conf.

How to remove 128.199.124.1 IP from appearing into the lease file?

Thank you.
Land below the wind.
User avatar
paragasu
 
Posts: 84
Joined: 2006-08-16 00:55

Re: Strange DNS appear on my /etc/resolv.conf

Postby GarryRicketson » 2016-11-30 00:54

I think your system is compromised.
That is one of the many consequences of
visiting infected, "bad" sites.

Post by paragasu » 2016-11-29 17:43
I notice the problem when my browser start to open porn website everytime i have a spelling mistake on my browser.
Upon inspection,



How did i get it in my configuration file?

That is what "bad" sites do,.... especially porn sites.
User avatar
GarryRicketson
 
Posts: 3859
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Strange DNS appear on my /etc/resolv.conf

Postby bw123 » 2016-11-30 00:58

How did i get it in my configuration file?


Probably still coming via dhcp from 192.168.1.1 ?

did you
check /var/lib/NetworkManager/dhclient-wlan0.conf and see if it's merged from dhclient somehow?
check the /etc/NetworkManager/system-connections/CONECTION_NAME file and see if it's set there?
see anything else odd in the /etc/resolv.conf and does it say # Generated by NetworkManager at the top?

are you using any other apps that can manage resolv.conf like package resolvconf?

Btw, i found the IP configured as static dns on my router. I already remove it from router & update the router firmware.
My debian laptop & debian dekstop (both jessie) has the same problem.


Don't freak out, you got the kludge solution by setting resolv.conf read only, if it was me I might shut the machines down from the internet for awhile and see what's up. They could be doing some other weird things, you never know.

Just for completeness, are these three machines running linux the only machines served by the affected router?
jessie/KDE4.14.2 plasma netbook, 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux
User avatar
bw123
 
Posts: 2378
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Strange DNS appear on my /etc/resolv.conf

Postby paragasu » 2016-11-30 03:47

Probably still coming via dhcp from 192.168.1.1 ?

It has entry on my router static dns setting & i alread remove it.

Code: Select all
# Created by NetworkManager
# Merged from /etc/dhcp/dhclient.conf

# Configuration file for /sbin/dhclient, which is included in Debian's
#   dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
#   man page for more information about the syntax of this file
#   and a more comprehensive list of the parameters understood by
#   dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
#   not leave anything out (like the domain name, for example), then
#   few changes must be made to this file, if any.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
#send host-name "andare.fugue.com";
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
#require subnet-mask, domain-name-servers;
#timeout 60;
#retry 60;
#reboot 10;
#select-timeout 5;
#initial-interval 2;
#script "/etc/dhcp3/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
#reject 192.33.137.209;
#alias {
#  interface "eth0";
#  fixed-address 192.5.5.213;
#  option subnet-mask 255.255.255.255;
#}
#lease {
#  interface "eth0";
#  fixed-address 192.33.137.200;
#  medium "link0 link1";
#  option host-name "andare.swiftmedia.com";
#  option subnet-mask 255.255.255.0;
#  option broadcast-address 192.33.137.255;
#  option routers 192.33.137.250;
#  option domain-name-servers 127.0.0.1;
#  renew 2 2000/1/12 00:00:01;
#  rebind 2 2000/1/12 00:00:01;
#  expire 2 2000/1/12 00:00:01;
#}
send host-name "ux31e"; # added by NetworkManager

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
option ms-classless-static-routes code 249 = array of unsigned integer 8;
option wpad code 252 = string;

also request rfc3442-classless-static-routes;
also request ms-classless-static-routes;
also request static-routes;
also request wpad;
also request ntp-servers;


Now that i look at the config above, this one look fishy
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
option ms-classless-static-routes code 249 = array of unsigned integer 8;
option wpad code 252 = string;
What is this?

are you using any other apps that can manage resolv.conf like package resolvconf?

Nope.
Land below the wind.
User avatar
paragasu
 
Posts: 84
Joined: 2006-08-16 00:55

Re: Strange DNS appear on my /etc/resolv.conf

Postby bw123 » 2016-11-30 23:33

It's easy enough to check that the router is still contaminated, set "automatic only addresses" in networkmanager for the connection in both ipv4 and ipv6 assign a static dns, and make resolv.conf read write again before you connect.

The only thing I see that makes me ask is the prepend 127.0.0.1 in the dhcp config is that for some kind of local dns setup?

You didn't say whether you allow windows machines to connect to the router? The way I think this works is an app gets downloaded and when run it accesses the router using default or common passwords, installing the bad dns.

/var/log/daemon.log may be useful also.
jessie/KDE4.14.2 plasma netbook, 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux
User avatar
bw123
 
Posts: 2378
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Strange DNS appear on my /etc/resolv.conf

Postby Head_on_a_Stick » 2016-12-01 07:45

paragasu wrote:I notice the problem when my browser start to open porn website everytime i have a spelling mistake on my browser.

Have you considered disabling the spellchecker?

:lol:

Does this problem still occur if you manage the interface through /etc/network/interfaces & ifupdown instead of NetworkManager?
“Controlling complexity is the essence of computer programming."Brian Kernighan

Please read before posting How to report a problem
User avatar
Head_on_a_Stick
 
Posts: 6488
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Strange DNS appear on my /etc/resolv.conf

Postby dilberts_left_nut » 2016-12-01 09:32

I would be having a much closer look at that router.
Lots more have been getting owned recently.
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 4548
Joined: 2009-10-05 07:54
Location: enzed

Re: Strange DNS appear on my /etc/resolv.conf

Postby paragasu » 2016-12-07 02:46

bw123 wrote:The only thing I see that makes me ask is the prepend 127.0.0.1 in the dhcp config is that for some kind of local dns setup?
You didn't say whether you allow windows machines to connect to the router?
/var/log/daemon.log may be useful also.

I have local dns cache (dnsmasq) running on my computer.
bw123 wrote:You didn't say whether you allow windows machines to connect to the router?

I have one user using windows.
bw123 wrote:/var/log/daemon.log may be useful also.

I will remove the immutable resolv.conf attribute & see what get logged in here
Land below the wind.
User avatar
paragasu
 
Posts: 84
Joined: 2006-08-16 00:55

Re: Strange DNS appear on my /etc/resolv.conf

Postby pcalvert » 2016-12-08 04:07

It would be a good idea to scan your router to see if any ports are open.
This web page will do it for you: GRC ShieldsUP!

Click on "All Service Ports" for a complete scan.

Phil
“Enlighten the people generally, and tyranny and oppressions of body and
mind will vanish like evil spirits at the dawn of day.” - Thomas Jefferson
pcalvert
 
Posts: 1707
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: Strange DNS appear on my /etc/resolv.conf

Postby paragasu » 2016-12-08 18:25

It is positive that my router is hacked.

http://thehackernews.com/2015/02/hackin ... outer.html
http://www.pcworld.com/article/2899732/ ... cking.html

doing nmap reveal strange port opened on my router
Code: Select all
Host is up (0.0037s latency).
Not shown: 997 filtered ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     (protocol 2.0)
| ssh-hostkey:
|_  1040 d0:0d:e9:4e:24:4c:41:86:e9:62:32:5c:24:de:3e:4f (RSA)
53/tcp   open  domain
5431/tcp open  upnp    MiniUPnP
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port22-TCP:V=7.31%I=7%D=12/9%Time=5849A1FF%P=x86_64-pc-linux-gnu%r(NULL
SF:,12,"SSH-2\.0-SSH_0\.48\r\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: switch
Running: Allied Telesyn embedded, D-Link embedded
OS CPE: cpe:/h:alliedtelesyn:at-gs950 cpe:/h:dlink:des-3226l
OS details: Allied Telesyn AT-GS950 or D-Link DES-3226L switch


And i wonder it is normal to have this root suid

Code: Select all
root@a10:/home/myhome# find / -user root  -perm -4000 -print
/opt/google/chrome/chrome-sandbox
/usr/sbin/exim4
/usr/sbin/pppd
/usr/bin/gpasswd
/usr/bin/pkexec
/usr/bin/passwd
/usr/bin/chsh
/usr/bin/newgrp
/usr/bin/chfn
/usr/lib/s-nail/s-nail-privsep
/usr/lib/eject/dmcrypt-get-device
/usr/lib/openssh/ssh-keysign
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/bin/fusermount
/bin/umount
/bin/su
/bin/ntfs-3g
/bin/mount


How to reinstall all the debian core binary and hopefully overwrite the potential modified binary?
Should i buy a new router or is there a way to fix it?
Land below the wind.
User avatar
paragasu
 
Posts: 84
Joined: 2006-08-16 00:55

Re: Strange DNS appear on my /etc/resolv.conf

Postby pcalvert » 2016-12-09 01:57

paragasu wrote:How to reinstall all the debian core binary and hopefully overwrite the potential modified binary?

Backup the files you don't want to lose. Then format the partition, and reinstall Debian. Better yet, wipe the entire hard disk drive by writing zeroes to it using a live CD and dd. After doing so, you will need to recreate all of the partitions.

paragasu wrote:Should i buy a new router or is there a way to fix it?

Turn off the router (or unplug its power cord) and then disconnect the internet (ISP) cable. Connect your computer to the router with an Ethernet cable. Turn the router on and update the firmware.

Phil
“Enlighten the people generally, and tyranny and oppressions of body and
mind will vanish like evil spirits at the dawn of day.” - Thomas Jefferson
pcalvert
 
Posts: 1707
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: Strange DNS appear on my /etc/resolv.conf

Postby dasein » 2016-12-09 02:46

paragasu wrote:Should i buy a new router or is there a way to fix it?

Some DLink routers can be flashed with DD-WRT. If yours is one of them (and I'm not going to look that up for you), then I would strongly encourage you to install DD-WRT on your router. Not only more secure, but way more features/functionality/speed.
User avatar
dasein
 
Posts: 7369
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Strange DNS appear on my /etc/resolv.conf

Postby Segfault » 2016-12-09 02:51

Looking briefly at this thread I'm even not sure your Debian is compromised, it probably is just the router that is "owned".
Segfault
 
Posts: 412
Joined: 2005-09-24 12:24

Re: Strange DNS appear on my /etc/resolv.conf

Postby paragasu » 2016-12-09 04:42

Segfault wrote:Looking briefly at this thread I'm even not sure your Debian is compromised, it probably is just the router that is "owned".

You are right. (I hope)
Looking at the router configuration, it doesn't show the static dns configuration.
But when i dump the configuration backup and look in the xml text file.
There it is, the dns setting that invisible in the router web administration panel is here.
Code: Select all
<Config_Information_File_8671>
<V N="WLAN_MAC_ADDR" V="e8cc185349cc"/>
<V N="WLAN_REG_DOMAIN" V="0x3"/>
<V N="WLAN_RF_TYPE" V="0xa"/>
<V N="WLAN_ANT_DIVERSITY" V="0x0"/>
<V N="WLAN_TX_ANT" V="0x0"/>
<V N="WLAN_LED_TYPE" V="0xc"/>
<V N="WLAN_ROOT_SSID" V="HELLOWORLD"/>
<V N="WLAN_CHAN_NUM" V="0xd"/>
<V N="WLAN_WEP" V="0x2"/>
<V N="WLAN_WEP64_KEY1" V="0000000000"/>
<V N="WLAN_WEP64_KEY2" V="0000000000"/>
<V N="WLAN_WEP64_KEY3" V="0000000000"/>
<V N="WLAN_WEP64_KEY4" V="0000000000"/>
<V N="WLAN_WEP128_KEY1" V="00000000000000000000000000"/>
<V N="WLAN_WEP128_KEY2" V="00000000000000000000000000"/>
<V N="WLAN_WEP128_KEY3" V="00000000000000000000000000"/>
<V N="WLAN_WEP128_KEY4" V="00000000000000000000000000"/>
<V N="WLAN_WEP_DEF_KEY" V="0x0"/>
<V N="WLAN_WEP_KEY_TYPE" V="0x0"/>
<V N="WLAN_FRAG_THRESHOLD" V="0x92a"/>
<V N="WLAN_SUPPORTED_RATE" V="0xfff"/>
<V N="WLAN_BEACON_INTERVAL" V="0x64"/>
<V N="WLAN_PREAMBLE_TYPE" V="0x0"/>
<V N="WLAN_BASIC_RATE" V="0xf"/>
<V N="WLAN_RTS_THRESHOLD" V="0x92b"/>
<V N="WLAN_AUTH_TYPE" V="0x2"/>
<V N="WLAN_HIDDEN_SSID" V="0x0"/>
<V N="WLAN_DISABLED" V="0x0"/>
<V N="WLAN_TX_POWER" V="0x1"/>
<V N="WLAN_MLCST_RATE" V="0x0"/>
<V N="WLAN_ENCRYPT" V="0x4"/>
<V N="WLAN_ENABLE_SUPP_NONWPA" V="0x0"/>
<V N="WLAN_SUPP_NONWPA" V="0x0"/>
<V N="WLAN_WPA_AUTH" V="0x2"/>
<V N="WLAN_WPA_CIPHER" V="0x1"/>
<V N="WLAN_WPA2_CIPHER" V="0x2"/>
<V N="WLAN_WPA_PSK" V="xxxxxxx"/>
<V N="WLAN_WPA_PSK_FORMAT" V="0x0"/>
<V N="WLAN_WPA_REKEY_TIME" V="0x15180"/>
<V N="WLAN_ENABLE_1X" V="0x0"/>
<V N="WLAN_ENABLE_MAC_AUTH" V="0x0"/>
<V N="WLAN_RS_IP" V="0.0.0.0"/>
<V N="WLAN_RS_PORT" V="0x714"/>
<V N="WLAN_RS_PASSWORD" V=""/>
<V N="WLAN_RS_RETRY" V="0x3"/>
<V N="WLAN_RS_INTERVAL" V="0x5"/>
<V N="WLAN_ACCOUNT_RS_ENABLED" V="0x0"/>
<V N="WLAN_ACCOUNT_RS_IP" V="0.0.0.0"/>
<V N="WLAN_ACCOUNT_RS_PORT" V="0x0"/>
<V N="WLAN_ACCOUNT_RS_PASSWORD" V=""/>
<V N="WLAN_ACCOUNT_UPDATE_ENABLED" V="0x0"/>
<V N="WLAN_ACCOUNT_UPDATE_DELAY" V="0x0"/>
<V N="WLAN_ACCOUNT_RS_RETRY" V="0x0"/>
<V N="WLAN_ACCOUNT_RS_INTERVAL" V="0x0"/>
<V N="WLAN_INACTIVITY_TIME" V="0x7530"/>
<V N="WLAN_RATE_ADAPTIVE_ENABLED" V="0x1"/>
<V N="WLAN_ACL_MODE" V="0x0"/>
<V N="WLAN_DTIM_PERIOD" V="0x1"/>
<V N="WLAN_MODE" V="0x0"/>
<V N="WLAN_NETWORK_TYPE" V="0x0"/>
<V N="WLAN_BAND" V="0x8"/>
<V N="WLAN_FIX_RATE" V="0x1"/>
<V N="WLAN_PROTECT_DISABLED" V="0x0"/>
<V N="WLAN_ENC_Rstrct" V="0xf"/>
<V N="WLAN_CTS2SELF" V="0x1"/>
<V N="WLAN_BLOCK_RELAY" V="0x0"/>
<V N="WLAN_BLOCK_ETH2WIR" V="0x0"/>
<V N="WLAN_ENABLE_QOS" V="0x1"/>
<V N="WLAN_ENABLE_APSD" V="0x1"/>
<V N="WLAN_BASIC_ENCRYPT_MODE" V="0x0"/>
<V N="WLAN_ENABLE_MC2UC" V="0x1"/>
<V N="WLAN_BEACON_ADV" V="0x1"/>
<V N="WLAN_WSC_DISABLED" V="0x0"/>
<V N="WLAN_WSC_METHOD" V="0x3"/>
<V N="WLAN_WSC_CONFIGURED" V="0x1"/>
<V N="WLAN_WSC_PIN" V="63401301"/>
<V N="WLAN_WSC_AUTH" V="0x20"/>
<V N="WLAN_WSC_ENC" V="0x8"/>
<V N="WLAN_WSC_SSID" V=""/>
<V N="WLAN_WSC_PSK" V="xxxxxxxx"/>
<V N="WLAN_WSC_ENABLE_MANUAL" V="0x1"/>
<V N="WLAN_WSC_ENABLE_UPNP" V="0x1"/>
<V N="WLAN_WSC_ENABLE_REGISTRAR" V="0x0"/>
<V N="WLAN_WSC_EXTREG_CONFIG" V="0x0"/>
<V N="WLAN_EFUSE" V="0x1"/>
<V N="WLAN_40M" V="0x0"/>
<V N="11N_COEXIST" V="0x0"/>
<V N="WLAN_CONTROL_BAND" V="0x1"/>
<V N="WLAN_AMPDU" V="0x1"/>
<V N="WLAN_SHORT_GI" V="0x1"/>
<V N="WLAN_RC_ENABLE" V="0x1"/>
<V N="WLAN_RC_WINSIZE" V="0x40"/>
<V N="WLAN_RC_TIMEOUT" V="0x7530"/>
<V N="WLAN_PWR_BY_RATE" V="0x0"/>
<V N="WLAN_BCN2PATH" V="0x0"/>
<V N="WLAN_ADD1MPWR" V="0x0"/>
<V N="WLANADAPTIVITY_ENABLE" V="0x0"/>
<V N="WLANREG898" V="0x52"/>
<V N="WLANTH_L2H_INI" V="0xf3"/>
<V N="CWMP_SERVER_URL" V="http://172.21.70.44/cpe/?pd128"/>
<V N="CWMP_SERVER_USER" V="rtk"/>
<V N="CWMP_SERVER_PWD" V="rtk"/>
<V N="CWMP_INFORM" V="0x1"/>
<V N="CWMP_INFORM_INTERVAL" V="0x12c"/>
<V N="CWMP_INFORM_TIME" V="0x0"/>
<V N="CWMP_CONREQ_PORT" V="0x1d7b"/>
<V N="CWMP_CONREQ_USER" V="rtk"/>
<V N="CWMP_CONREQ_PWD" V="rtk"/>
<V N="CWMP_DL_COMMANDKEY" V=""/>
<V N="CWMP_DL_STARTTIME" V="0x0"/>
<V N="CWMP_DL_COMPLETETIME" V="0x0"/>
<V N="CWMP_DL_FAULTCODE" V="0x0"/>
<V N="CWMP_RB_COMMANDKEY" V=""/>
<V N="CWMP_SI_COMMANDKEY" V=""/>
<V N="CWMP_FLAG" V="0x130"/>
<V N="CWMP_EVENTCODE" V="0x1"/>
<V N="CWMP_CERTPWD" V="client"/>
<V N="CWMP_PRVNCODE" V=""/>
<V N="CWMP_PARAMETERKEY" V=""/>
<V N="CWMP_UPGRADESMND" V="0x0"/>
<V N="CWMP_LANCONFSECPWD" V=""/>
<V N="CWMP_CONREQ_PATH" V="/tr069"/>
<V N="CWMP_UDPECHO_FLAG" V="0x0"/>
<V N="CWMP_UDPECHO_ITF" V=""/>
<V N="CWMP_UDPECHO_SRCIP" V="0.0.0.0"/>
<V N="CWMP_UDPECHO_PORT" V="0x0"/>
<V N="UIF_PW_REQUIRED" V="0x0"/>
<V N="UIF_PW_USER_SEL" V="0x0"/>
<V N="UIF_UPGRADE" V="0x0"/>
<V N="UIF_WARRANTYDATE" V="0x0"/>
<V N="UIF_AUTOUPDATESERVER" V=""/>
<V N="UIF_USERUPDATESERVER" V=""/>
<V N="SAR_MODE" V="0x800"/>
<V N="ADSL_MODE" V="0x1f7"/>
<V N="CONFIG_SERVICE_DHCP" V="0x2"/>
<V N="CONFIG_DHCP_RELAYIP" V="192.168.2.242"/>
<V N="LOG_NOTICE" V="0x1"/>
<V N="LOG_ERROR" V="0x1"/>
<V N="ROUTER_RIP" V="0x0"/>
<V N="RIP_DEFORIG" V="0x0"/>
<V N="RIP_NOAUTOSUMM" V="0x1"/>
<V N="TFTP_RETRY" V="0x41"/>
<V N="TFTP_TIMEOUT" V="0x5"/>
<V N="UPNP_STATE" V="0x0"/>
<V N="UPNP_ITF" V="0x0"/>
<V N="AUTO_DEFAULT_GTW" V="0x1"/>
<V N="URL_BLOCK_ENABLE" V="0x0"/>
<V N="DOMAIN_BLOCK_ENABLE" V="0x0"/>
<V N="URL_REDIRECT_ENABLE" V="0x0"/>
<V N="URL_REDIRECT_STR" V="www.chinaunicom.com.cn"/>
<V N="AUTOPVC_SEARCH_ENABLE" V="0x0"/>
<V N="NAT_DMZENABLE" V="0x0"/>
<V N="NAT_DMZHOST" V="0x0"/>
<V N="NAT_WANACCESS" V="0x0"/>
<V N="NAT_PT_L2TP" V="0x0"/>
<V N="NAT_PT_IPSEC" V="0x0"/>
<V N="NAT_PT_PPTP" V="0x0"/>
<V N="NAT_EXCLUDE" V=""/>
<V N="NAT_ALG_FTP" V="0x0"/>
<V N="NAT_ALG_H323" V="0x1"/>
<V N="NAT_ALG_SIP" V="0x1"/>
<V N="NAT_ALG_RTSP" V="0x0"/>
<V N="NAT_ALG_ICQ" V="0x0"/>
<V N="NAT_ALG_MSN" V="0x0"/>
<V N="NAT_POLICY" V="0x0"/>
<V N="NAT_ALG_FTP_V6" V="0x1"/>
<V N="NAT_ALG_IPSEC_V6" V="0x1"/>
<V N="NAT_ALG_TIMEOUT" V="0x12c"/>
<V N="NAT_CONNTRACK_NUM" V="0x1000"/>
<V N="NAT_TICK_TIMEOUT" V="0xa"/>
<V N="NAT_PREALLOC_NUM" V="0x400"/>
<V N="STP_STATE" V="0x0"/>
<V N="QOS_ENABLE" V="0x0"/>
<V N="QOS_POLICY" V="0x0"/>
<V N="QOS_SEND_PLY" V="0x0"/>
<V N="LAN_IPV6_ADDR" V="fe80::1"/>
<V N="SPECIAL_LANADDR_ENABLE" V="0x0"/>
<V N="LAN_IPV6_GLOBAL_ADDR" V=""/>
<V N="RA_MODE" V="0x1"/>
<V N="FILTERV6_PREFIX_ENABLE" V="0x0"/>
<V N="ENABLE_ADSL_TRELLIS" V="0x1"/>
<V N="DNS_STATE" V="0x1"/>
<V N="DNS_MODE" V="0x1"/>
<V N="DNS_WAITTIME" V="0x2"/>
<V N="DNS_CACHEENABLE" V="0x1"/>
<V N="DNS_CACHESIZE" V="0x96"/>
<V N="DNS_LOCALNAME" V="dslhome"/>
<V N="MANUAL_DNS1" V="8.8.8.8"/>
<V N="MANUAL_DNS2" V="8.8.4.4"/>
<V N="MANUAL_DNS3" V="0.0.0.0"/>
<V N="IGMPSNP_ENABLE" V="0x1"/>
<V N="PORTMAP_ENABLE" V="0x0"/>
<V N="MAC_AC_INTFS" V="0x0"/>
<V N="CAPTIVE_PORTAL_ENABLE" V="0x0"/>
<V N="CAPTIVE_PORTAL_URL" V=""/>
<V N="GENDATA_FROM_MAC_FLAG" V="0x0"/>
<V N="NAT_PORTRIGGER_ENABLE" V="0x0"/>
<V N="NAT_PRIORITY_ENABLE" V="0x0"/>
<V N="FACTORY_TEST_MODE" V="0x0"/>
<V N="FTP_STATE" V="0x1"/>
<V N="WAN_PHY_TYPE" V="0x0"/>
<V N="WAN_ETHPORT" V="0x3"/>
<V N="ROUTER_ENABLED" V="0x1"/>
<V N="CS_MIB_DEFAULT" V="0x1"/>
<V N="TR069_FTP_CTL_TIMEOUT" V="0xa"/>
<V N="TR069_FTP_DATA_TIMEOUT" V="0x1e"/>
<V N="PORTMAPPING_CONTROL_FLAG" V="0x0"/>
<V N="NAT_DOOR_TIMEOUT" V="0xf"/>
<V N="TELNET_STATE" V="0x1"/>
<V N="TELNET_PORT" V="0x17"/>
<V N="HTTP_SSL_TIMEOUT" V="0x1f4"/>
<chain N="WLAN_ACL_ADDR">
</chain>
<chain N="BR_PORT_STATUS">
<V N="IFID" V="0xe"/>
<V N="NATMODE" V="0x1"/>
<V N="POOLNAME" V=""/>
<V N="IPSTART" V="0x0"/>
<V N="IPEND" V="0x0"/>
<V N="IPMASK" V="0x0"/>
<V N="NPTYPE" V=""/>
<V N="INACL" V="lan2local"/>
<V N="OUTACL" V="out2lan"/>
<V N="CID" V=""/>
<V N="HOSTNAME" V=""/>
<V N="RETRY" V="0x0"/>
<V N="TTIMEOUT" V="0x0"/>
</chain>
<chain N="ATM_VC_TBL">
<V N="PHYTYPE" V="0x0"/>
<V N="PTMMODE" V="0x0"/>
<V N="VPI" V="0x0"/>
<V N="VCI" V="0x23"/>
<V N="CH_NO" V="0x0"/>
<V N="IFINDEX" V="0xf"/>
<V N="ENCAP" V="0x0"/>
<V N="CONNMODE" V="0x2"/>
<V N="ENNAPT" V="0x1"/>
<V N="ENIGMP" V="0x0"/>
<V N="CHENABLE" V="0x1"/>
<V N="DEFROUTE" V="0x0"/>
<V N="MRU" V="0x5d4"/>
<V N="PPPUSER" V="someusername@streamyx"/>
<V N="PPPPASSWD" V="someuserpassword"/>
<V N="PPPACNAME" V=""/>
<V N="PPPSRVNAME" V=""/>
<V N="PPPTYPE" V="0x0"/>
<V N="PPPTIME" V="0x0"/>
<V N="PPPAUTHTYPE" V="0x0"/>
<V N="IPMODE" V="0x0"/>
<V N="LOCALIP" V="0x0"/>
<V N="REMOTEIP" V="0x0"/>
<V N="NETMASK" V="0x0"/>
<V N="IPUNNUM" V="0x0"/>
<V N="PPPOENUM" V="0x1"/>
<V N="QOS" V="0x0"/>
<V N="PCR" V="0x1800"/>
<V N="MBS" V="0x0"/>
<V N="SCR" V="0x0"/>
<V N="CDVT" V="0x0"/>
<V N="PPPHALFBRG" V="0x0"/>
<V N="PPPSTATICIP" V="0x0"/>
<V N="PPPMACADDR" V="000000000000"/>
<V N="CONNDISABLE" V="0x0"/>
<V N="DEVINSTNUM" V="0x1"/>
<V N="IPINSTNUM" V="0x0"/>
<V N="PPPINSTNUM" V="0x1"/>
<V N="AUTODISTIME" V="0x0"/>
<V N="WARNDISDELAY" V="0x0"/>
<V N="WANNAME" V=""/>
<V N="ENVLAN" V="0x0"/>
<V N="VLANID" V="0x0"/>
<V N="TUNNELMODE" V="0x0"/>
<V N="ITFGROUP" V="0x0"/>
<V N="IFID" V="0x30001"/>
<V N="NATMODE" V="0x2"/>
<V N="POOLNAME" V=""/>
<V N="IPSTART" V="0x0"/>
<V N="IPEND" V="0x0"/>
<V N="IPMASK" V="0x0"/>
<V N="NPTYPE" V=""/>
<V N="INACL" V="wan2local"/>
<V N="OUTACL" V="out2wan"/>
<V N="CID" V=""/>
<V N="HOSTNAME" V=""/>
<V N="RETRY" V="0xffffffff"/>
<V N="TTIMEOUT" V="0x20"/>
<V N="IPFLAG" V="0x0"/>
<V N="IP6MODE" V="0x0"/>
<V N="IP6ADDR" V=""/>
<V N="PREFIXLEN" V="0x0"/>
<V N="GW6ADDR" V=""/>
<V N="DHCPMODE" V="0x0"/>
<V N="DHCPPDENABLE" V="0x0"/>
<V N="DHCPIAENABLE" V="0x0"/>
<V N="TUNBRGITFGRP" V="0x0"/>
</chain>
<chain N="DHCP_NORMAL_POOL">
<V N="NAME" V="0"/>
<V N="NETWORK" V="192.168.1.0"/>
<V N="MASK" V="255.255.255.0"/>
<V N="CLIENTID" V=""/>
<V N="HWADDR" V="000000000000"/>
<V N="BOOTFILE" V=""/>
<V N="NEXTSERVER" V="0.0.0.0"/>
<V N="CLIENTNAME" V=""/>
<V N="IPROUTER" V="192.168.1.1"/>
<V N="DOMAINNAME" V="domain.name"/>
<V N="DNSSERVER1" V="128.199.124.1"/>
<V N="DNSSERVER2" V="8.8.8.8"/>
<V N="DNSSERVER3" V="0.0.0.0"/>
<V N="WINSSERVER" V="0.0.0.0"/>
<V N="LEASE" V="0x2a30"/>
<V N="STARTIP" V="192.168.1.2"/>
<V N="ENDIP" V="192.168.1.254"/>
<V N="POOLENABLE" V="0x0"/>
<V N="INSTNUM" V="0x0"/>
</chain>
<chain N="DHCP_EXCLADDR">
</chain>
<chain N="DHCP_SERVING_POOL">
</chain>
<chain N="DHCP_SERVER_OPTION">
</chain>
<chain N="DHCP_CLIENT_OPTION">
</chain>
<chain N="DHCP_RESERVED_IP">
</chain>
<chain N="CONFIG_SNMP_SETCOM">
<V N="PRIV" V="0x1"/>
<V N="COMM" V="public"/>
</chain>
<chain N="CONFIG_SNMP_SETCOM">
<V N="PRIV" V="0x2"/>
<V N="COMM" V="public"/>
</chain>
<chain N="CONFIG_SNMP_TRAPCOM">
</chain>
<chain N="USERNAME_PASSWORD">
<V N="FLAG" V="0x0"/>
<V N="USERNAME" V="admin"/>
<V N="PASSWORD" V="admin"/>
<V N="PRIORITY" V="0x2"/>
<V N="IDLETIME" V="0x5"/>
</chain>
<chain N="AUTOPVC_SEARCH_ENTRY">
<V N="VPI" V="0x1"/>
<V N="VCI" V="0x20"/>
</chain>
<chain N="FTPALG_DPORTS">
<V N="VINT" V="0x15"/>
</chain>
<chain N="NAT_TRANSLATION">
</chain>
<chain N="NATPOOL">
</chain>
<chain N="NATRULE_INSRC">
</chain>
<chain N="NATRULE_INSRC_STATIC">
<V N="IPA" V="0x0"/>
<V N="IPB" V="0x0"/>
<V N="IPBEND" V="0x0"/>
<V N="PORTASTART" V="0x208"/>
<V N="PORTAEND" V="0x208"/>
<V N="PORTBSTART" V="0x208"/>
<V N="PORTBEND" V="0x208"/>
<V N="PROTO" V="0x11"/>
<V N="TYPE" V="0x1"/>
<V N="FLAGS" V="0x0"/>
<V N="IFINDEX" V="0x0"/>
<V N="REFCNT" V="0x0"/>
<V N="INSTNUM" V="0x0"/>
<V N="IPAEND" V="0x0"/>
<V N="POOLNAME" V="any"/>
<V N="VRTSRVNAME" V="rip"/>
<V N="AUXNAME" V=""/>
</chain>
<chain N="NATRULE_INSRC_STATIC">
<V N="IPA" V="0x0"/>
<V N="IPB" V="0x0"/>
<V N="IPBEND" V="0x0"/>
<V N="PORTASTART" V="0x50"/>
<V N="PORTAEND" V="0x50"/>
<V N="PORTBSTART" V="0x1f90"/>
<V N="PORTBEND" V="0x1f90"/>
<V N="PROTO" V="0x6"/>
<V N="TYPE" V="0x1"/>
<V N="FLAGS" V="0x0"/>
<V N="IFINDEX" V="0x0"/>
<V N="REFCNT" V="0x0"/>
<V N="INSTNUM" V="0x0"/>
<V N="IPAEND" V="0x0"/>
<V N="POOLNAME" V="any"/>
<V N="VRTSRVNAME" V="webshift"/>
<V N="AUXNAME" V=""/>
</chain>
<chain N="NATRULE_INSRC_STATIC">
<V N="IPA" V="0xc0a80102"/>
<V N="IPB" V="0x0"/>
<V N="IPBEND" V="0x0"/>
<V N="PORTASTART" V="0x50"/>
<V N="PORTAEND" V="0x50"/>
<V N="PORTBSTART" V="0x50"/>
<V N="PORTBEND" V="0x50"/>
<V N="PROTO" V="0x6"/>
<V N="TYPE" V="0x1"/>
<V N="FLAGS" V="0x0"/>
<V N="IFINDEX" V="0x0"/>
<V N="REFCNT" V="0x0"/>
<V N="INSTNUM" V="0x1"/>
<V N="IPAEND" V="0x0"/>
<V N="POOLNAME" V="pppoe1"/>
<V N="VRTSRVNAME" V="WEB"/>
<V N="AUXNAME" V=""/>
</chain>
<chain N="NATRULE_INSRC_STATIC">
<V N="IPA" V="0x0"/>
<V N="IPB" V="0x0"/>
<V N="IPBEND" V="0x0"/>
<V N="PORTASTART" V="0x50"/>
<V N="PORTAEND" V="0x50"/>
<V N="PORTBSTART" V="0x1f90"/>
<V N="PORTBEND" V="0x1f90"/>
<V N="PROTO" V="0x6"/>
<V N="TYPE" V="0x1"/>
<V N="FLAGS" V="0x900"/>
<V N="IFINDEX" V="0x0"/>
<V N="REFCNT" V="0x0"/>
<V N="INSTNUM" V="0x0"/>
<V N="IPAEND" V="0x0"/>
<V N="POOLNAME" V="any"/>
<V N="VRTSRVNAME" V="webshift"/>
<V N="AUXNAME" V=""/>
</chain>
<chain N="NATRULE_INSRC_STATIC">
<V N="IPA" V="0xc0a80106"/>
<V N="IPB" V="0x0"/>
<V N="IPBEND" V="0x0"/>
<V N="PORTASTART" V="0x50"/>
<V N="PORTAEND" V="0x50"/>
<V N="PORTBSTART" V="0x50"/>
<V N="PORTBEND" V="0x50"/>
<V N="PROTO" V="0x6"/>
<V N="TYPE" V="0x1"/>
<V N="FLAGS" V="0x840"/>
<V N="IFINDEX" V="0x0"/>
<V N="REFCNT" V="0x0"/>
<V N="INSTNUM" V="0x1"/>
<V N="IPAEND" V="0x0"/>
<V N="POOLNAME" V="pppoe1"/>
<V N="VRTSRVNAME" V="WEB"/>
<V N="AUXNAME" V=""/>
</chain>
<chain N="NATRULE_INSRC_STATIC">
<V N="IPA" V="0xc0a80106"/>
<V N="IPB" V="0x0"/>
<V N="IPBEND" V="0x0"/>
<V N="PORTASTART" V="0x16"/>
<V N="PORTAEND" V="0x16"/>
<V N="PORTBSTART" V="0x16"/>
<V N="PORTBEND" V="0x16"/>
<V N="PROTO" V="0x6"/>
<V N="TYPE" V="0x1"/>
<V N="FLAGS" V="0x840"/>
<V N="IFINDEX" V="0x0"/>
<V N="REFCNT" V="0x0"/>
<V N="INSTNUM" V="0x2"/>
<V N="IPAEND" V="0x0"/>
<V N="POOLNAME" V="pppoe1"/>
<V N="VRTSRVNAME" V="SSH"/>
<V N="AUXNAME" V=""/>
</chain>
<chain N="NATRULE_INSRC_FROM">
</chain>
<chain N="IP_MARK">
<V N="IFNAME" V="any"/>
<V N="NAME" V="webshift"/>
<V N="PROTOCOL" V="0x6"/>
<V N="MARK" V="0xf1"/>
<V N="TYPE" V="0x52"/>
<V N="SRCIP" V="0x0"/>
<V N="SRCMASK_OR_SRCIPEND" V="0x0"/>
<V N="DSTIP" V="0x0"/>
<V N="DSTMASK" V="0x0"/>
<V N="SPORT_FROM" V="0x0"/>
<V N="SPORT_TO" V="0x0"/>
<V N="DPORT_FROM" V="0x1f90"/>
<V N="DPORT_TO" V="0x1f90"/>
<V N="FILTERINST" V="0x0"/>
<V N="RULEINST" V="0x0"/>
</chain>
<chain N="IP_MARK">
<V N="IFNAME" V="any"/>
<V N="NAME" V="web"/>
<V N="PROTOCOL" V="0x6"/>
<V N="MARK" V="0xf2"/>
<V N="TYPE" V="0x61"/>
<V N="SRCIP" V="0xc0a80102"/>
<V N="SRCMASK_OR_SRCIPEND" V="0xc0a80109"/>
<V N="DSTIP" V="0x0"/>
<V N="DSTMASK" V="0x0"/>
<V N="SPORT_FROM" V="0x0"/>
<V N="SPORT_TO" V="0x0"/>
<V N="DPORT_FROM" V="0x50"/>
<V N="DPORT_TO" V="0x50"/>
<V N="FILTERINST" V="0x0"/>
<V N="RULEINST" V="0x0"/>
</chain>
<chain N="IP_ACL_STD">
</chain>
<chain N="IP_ACL_EXT">
<V N="NAME" V="out2wan"/>
</chain>
<chain N="IP_ACL_EXT">
<V N="NAME" V="wan2local"/>
</chain>
<chain N="IP_ACL_EXT">
<V N="NAME" V="out2lan"/>
</chain>
<chain N="IP_ACL_EXT">
<V N="NAME" V="lan2local"/>
</chain>
<chain N="IP_ACL_STD_ENTRY">
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x0"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0x0"/>
<V N="OUTPHYPORT" V="0x0"/>
<V N="MARK" V="0xf2"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x8"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x0"/>
<V N="U_IPACC_SCMP" V="0x0"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x0"/>
<V N="U_IPACC_DPORTFROM" V="0x0"/>
<V N="U_IPACC_DPORTTO" V="0x0"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x0"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x11"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x35"/>
<V N="U_IPACC_DPORTTO" V="0x35"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x0"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x35"/>
<V N="U_IPACC_DPORTTO" V="0x35"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x0"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x11"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x76c"/>
<V N="U_IPACC_DPORTTO" V="0x76c"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x0"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x1537"/>
<V N="U_IPACC_DPORTTO" V="0x1537"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x0"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x159b"/>
<V N="U_IPACC_DPORTTO" V="0x159b"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x50"/>
<V N="U_IPACC_DPORTTO" V="0x50"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x17"/>
<V N="U_IPACC_DPORTTO" V="0x17"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x16"/>
<V N="U_IPACC_DPORTTO" V="0x16"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x11"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x45"/>
<V N="U_IPACC_DPORTTO" V="0x45"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x11"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0xa1"/>
<V N="U_IPACC_DPORTTO" V="0xa1"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x1"/>
<V N="U_IPACC_SCMP" V="0xffff0000"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x0"/>
<V N="U_IPACC_DPORTFROM" V="0x0"/>
<V N="U_IPACC_DPORTTO" V="0x0"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x6"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x15"/>
<V N="U_IPACC_DPORTTO" V="0x15"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="lan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0xff"/>
<V N="OUTPHYPORT" V="0xff"/>
<V N="MARK" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x2"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x11"/>
<V N="U_IPACC_SCMP" V="0xff"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x1"/>
<V N="U_IPACC_DPORTFROM" V="0x208"/>
<V N="U_IPACC_DPORTTO" V="0x208"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="IP_ACL_EXT_ENTRY">
<V N="ACLNAME" V="wan2local"/>
<V N="DENYVAL" V="0x1"/>
<V N="SRCU_IPADDR1" V="0x0"/>
<V N="SRCU_IPADDR2" V="0x0"/>
<V N="DSTU_IPADDR1" V="0x0"/>
<V N="DSTU_IPADDR2" V="0x0"/>
<V N="INPHYPORT" V="0x0"/>
<V N="OUTPHYPORT" V="0x0"/>
<V N="MARK" V="0xf1"/>
<V N="TYPE" V="0x0"/>
<V N="ACLTYPE" V="0x8"/>
<V N="WANOPENPORT" V="0x0"/>
<V N="PROTOCOL" V="0x0"/>
<V N="U_IPACC_SCMP" V="0x0"/>
<V N="U_IPACC_SPORTFROM" V="0x0"/>
<V N="U_IPACC_SPORTTO" V="0x0"/>
<V N="U_IPACC_DCMP" V="0x0"/>
<V N="U_IPACC_DPORTFROM" V="0x0"/>
<V N="U_IPACC_DPORTTO" V="0x0"/>
<V N="U_IPACC_FLAGS" V="0x0"/>
</chain>
<chain N="FORWARD_MAC">
</chain>
<chain N="FILTER_MAC">
</chain>
<chain N="ONLINE_LIMITTIME_RULE">
</chain>
<chain N="MAC_AC_LIST">
</chain>
<chain N="CAPTIVE_PORTAL_ALLOW">
</chain>
<chain N="STP_VLAN">
</chain>
<chain N="STP_PORT">
</chain>
<chain N="QOS_1P">
</chain>
<chain N="QOS_DSCP">
</chain>
<chain N="QOS_RULE">
</chain>
<chain N="DYNAMIC_DNS">
<V N="PROVIDER" V="dlinkddns(Free)"/>
<V N="USERNAME" V="paragasu"/>
<V N="PASSWORD" V="xxxx"/>
<V N="HOSTNAME" V="xxxx"/>
<V N="IFNAME" V="pppoe1"/>
<V N="STATE" V="0x1"/>
<V N="INSTNUM" V="0x0"/>
</chain>
<chain N="PPPOE_SESSION_TBL">
<V N="PPPOENUM" V="0x1"/>
<V N="IFINDEX" V="0x2"/>
<V N="ACMAC" V="3400a30bd181"/>
<V N="SESSIONID" V="0x350f"/>
</chain>
<chain N="VIRTUAL_LAN_PORT">
<V N="ITFINDEX" V="0x0"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_LAN_PORT">
<V N="ITFINDEX" V="0x1"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_LAN_PORT">
<V N="ITFINDEX" V="0x2"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_LAN_PORT">
<V N="ITFINDEX" V="0x3"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_WLAN_PORT">
<V N="ITFINDEX" V="0x0"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_WLAN_PORT">
<V N="ITFINDEX" V="0x1"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_WLAN_PORT">
<V N="ITFINDEX" V="0x2"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_WLAN_PORT">
<V N="ITFINDEX" V="0x3"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="VIRTUAL_WLAN_PORT">
<V N="ITFINDEX" V="0x4"/>
<V N="ITFGROUP" V="0x0"/>
</chain>
<chain N="PORT_MAPPING_GROUP">
<V N="ENABLED" V="0x1"/>
<V N="GRPNUM" V="0x0"/>
<V N="NAME" V="Default"/>
<V N="INSTNUM" V="0x1"/>
</chain>
<chain N="ETH_LINKMODE">
<V N="PORTNUM" V="0x0"/>
<V N="DISABLED" V="0x0"/>
<V N="LINKMODE" V="0x0"/>
</chain>
<chain N="ETH_LINKMODE">
<V N="PORTNUM" V="0x1"/>
<V N="DISABLED" V="0x0"/>
<V N="LINKMODE" V="0x0"/>
</chain>
<chain N="ETH_LINKMODE">
<V N="PORTNUM" V="0x2"/>
<V N="DISABLED" V="0x0"/>
<V N="LINKMODE" V="0x0"/>
</chain>
<chain N="ETH_LINKMODE">
<V N="PORTNUM" V="0x3"/>
<V N="DISABLED" V="0x0"/>
<V N="LINKMODE" V="0x0"/>
</chain>
<chain N="NATRULE_EXCLUDE_IP">
</chain>
<chain N="PERMANENT_ARP_TBL">
</chain>
<chain N="NAT_PORTRIGGER_RULES">
</chain>
<chain N="NAT_PRIORITY_RULES">
</chain>
<chain N="MLD_RULES">
</chain>
<chain N="MLD_SOURCES">
</chain>
<chain N="INTF_IPV6_ADDR">
</chain>
<chain N="IPV6_STATIC_ROUTE">
</chain>
<chain N="RA_ENTRY">
<V N="IFINDEX" V="0x1"/>
<V N="MAXINTERVAL" V="0x258"/>
<V N="MININTERVAL" V="0xc8"/>
<V N="MTU" V="0x0"/>
<V N="CHLIM" V="0x40"/>
<V N="RLTIME" V="0x708"/>
<V N="RTIME" V="0x0"/>
<V N="RETRANS" V="0x0"/>
<V N="FLAGM" V="0x0"/>
<V N="FLAGO" V="0x1"/>
<V N="PREFIXMODE" V="0x0"/>
<V N="RADNS" V="0x0"/>
<V N="RADNSMODE" V="0x0"/>
</chain>
<chain N="RA_PREFIX">
</chain>
<chain N="RA_ULA_PREFIX">
</chain>
<chain N="RA_DNS">
</chain>
<chain N="RA_DNSDOMAIN">
</chain>
<chain N="IPV6_FILTER">
</chain>
<chain N="IPV6_ACL">
<V N="SETNUM" V="0x2"/>
<V N="RULENUM" V="0x271a"/>
<V N="ACTION" V="0x0"/>
<V N="TYPE" V="0x1"/>
<V N="PROTO" V="0x3a"/>
<V N="IFNAME" V="any"/>
<V N="SRRVICENAME" V="ping6"/>
<V N="SRC" V=""/>
<V N="SRCPORTSTART" V="0x0"/>
<V N="SRCPORTEND" V="0x0"/>
<V N="OPENPORTSTART" V="0x0"/>
<V N="OPENPORTEND" V="0x0"/>
<V N="PCP_SRC" V="0x0"/>
</chain>
<chain N="IPV6_ACL">
<V N="SETNUM" V="0x1"/>
<V N="RULENUM" V="0x1392"/>
<V N="ACTION" V="0x0"/>
<V N="TYPE" V="0x0"/>
<V N="PROTO" V="0x29"/>
<V N="IFNAME" V="e1"/>
<V N="SRRVICENAME" V=""/>
<V N="SRC" V="fe80::5ce7:c753:ecae:e81e/24"/>
<V N="SRCPORTSTART" V="0x0"/>
<V N="SRCPORTEND" V="0x0"/>
<V N="OPENPORTSTART" V="0x0"/>
<V N="OPENPORTEND" V="0x0"/>
<V N="PCP_SRC" V="0x0"/>
</chain>
<chain N="IPV6_GIF_TUNNEL">
</chain>
<chain N="DHCPV6S_DNS">
</chain>
<chain N="DHCPV6S_DNSNAME">
</chain>
<chain N="DHCPV6S_SIP">
</chain>
<chain N="DHCPV6S_SIPNAME">
</chain>
<chain N="DHCPV6S_NTP">
</chain>
<chain N="DHCPV6S_NIS">
</chain>
<chain N="DHCPV6S_NISNAME">
</chain>
<chain N="DHCPV6S_NISP">
</chain>
<chain N="DHCPV6S_NISPNAME">
</chain>
<chain N="DHCPV6S_BCMCS">
</chain>
<chain N="DHCPV6S_BCMCSNAME">
</chain>
<chain N="DHCPV6S_INTERFACE">
<V N="NAME" V="e1"/>
<V N="POOLNAME" V="e1_pool"/>
<V N="PREFERREDTIME" V="0x78"/>
<V N="VALIDTIME" V="0x78"/>
<V N="REQUEST" V="0x0"/>
<V N="IAPD" V="0x0"/>
<V N="IANA" V="0x0"/>
<V N="MODE" V="0x0"/>
<V N="INFONLY" V="0x0"/>
<V N="RAPIDCOMMIT" V="0x0"/>
<V N="ENABLE" V="0x2"/>
<V N="PREFIXLENGTH" V="0x40"/>
</chain>
<chain N="DHCPV6C_INTERFACE">
<V N="NAME" V="pppoe1"/>
<V N="POOLNAME" V=""/>
<V N="PREFERREDTIME" V="0x0"/>
<V N="VALIDTIME" V="0x0"/>
<V N="REQUEST" V="0x2"/>
<V N="IAPD" V="0x0"/>
<V N="IANA" V="0x0"/>
<V N="MODE" V="0x1"/>
<V N="INFONLY" V="0x1"/>
<V N="RAPIDCOMMIT" V="0x0"/>
<V N="ENABLE" V="0x1"/>
<V N="PREFIXLENGTH" V="0x0"/>
</chain>
<chain N="DHCPV6S_POOL">
<V N="POOLNAME" V="e1_pool"/>
<V N="SADDR" V=""/>
<V N="EADDR" V=""/>
</chain>
<chain N="DHCPV6_UUID">
<V N="IFNAME" V="e1"/>
<V N="LEN" V="0x6"/>
<V N="HWTYPE" V="0x1"/>
<V N="TIME" V="0x246"/>
<V N="HWID" V="e8cc185349cc"/>
</chain>
<chain N="DHCPV6_UUID">
<V N="IFNAME" V="pppoe1"/>
<V N="LEN" V="0x6"/>
<V N="HWTYPE" V="0x1"/>
<V N="TIME" V="0x13525"/>
<V N="HWID" V="e8cc185349cd"/>
</chain>
<chain N="DHCPV6C_IA">
</chain>
<chain N="DHCPV6S_AUTO_POOL">
<V N="POOLNAME" V="e1_suffix_pool"/>
<V N="SADDR" V="::1"/>
<V N="EADDR" V="::ffff"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x0"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x1"/>
<V N="BUSY" V="0x1"/>
<V N="ITFINDEX" V="0xf"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x2"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x3"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x4"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x5"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x6"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="CT_WAN_ROUTE_MAC">
<V N="MACINDEX" V="0x7"/>
<V N="BUSY" V="0x0"/>
<V N="ITFINDEX" V="0x0"/>
</chain>
<chain N="FTP_SERVER">
<V N="ENABLE" V="0x1"/>
<V N="USERNAME" V="admin"/>
<V N="PASSWORD" V="admin"/>
<V N="PORT" V="0x15"/>
<V N="USERRIGHT" V="0x3"/>
<V N="INSTNUM" V="0x1"/>
</chain>
<chain N="FTP_SERVER">
<V N="ENABLE" V="0x1"/>
<V N="USERNAME" V="useradmin"/>
<V N="PASSWORD" V="useradmin"/>
<V N="PORT" V="0x15"/>
<V N="USERRIGHT" V="0x2"/>
<V N="INSTNUM" V="0x2"/>
</chain>
<chain N="FTP_SERVER">
<V N="ENABLE" V="0x1"/>
<V N="USERNAME" V="user"/>
<V N="PASSWORD" V="user"/>
<V N="PORT" V="0x15"/>
<V N="USERRIGHT" V="0x1"/>
<V N="INSTNUM" V="0x3"/>
</chain>
<chain N="NAT_DMZ_RULES">
</chain>
<chain N="CWMP_DOWNLOAD_QUEUE">
</chain>
<chain N="CWMP_UPLOAD_QUEUE">
</chain>
</Config_Information_File_8671>


I will have to hard reset my router firmware configuration.
See if it fixed.
Land below the wind.
User avatar
paragasu
 
Posts: 84
Joined: 2006-08-16 00:55

Re: Strange DNS appear on my /etc/resolv.conf

Postby swirler » 2016-12-20 10:38

Segfault wrote:Looking briefly at this thread I'm even not sure your Debian is compromised, it probably is just the router that is "owned".


Sounds very likely: I'd unplug the internet cable, access the router and change its administration password to a very strong one to begin with (well, if you have wi-fi on I'd say change it too to an even longer and unusual one) .

Then check all its settings, close *all ports* then you don't need to be opened, disable all ancillary services and connection sharing options that you may not need and may not even know existed (routers are now coming with lots of stupid features that no one really needs), and update the firmware if possible.

I'd also manually set the DNS in the computer(s) and use NoScript (if you are using Firefox) which among other things features a specific protection for this kind of hijacking in Advanced-->ABE-->System.
swirler
 
Posts: 166
Joined: 2013-11-24 11:19


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable