Step by Step Mitigation for New DNS Attack on Routers

Taiwanese router company DrayTek has had a tough month.

"In May 2018, we became aware of new attacks against web-enabled devices, which includes DrayTek routers. The recent attacks have attempted to change DNS settings of routers," the company says.

It then outline the consequences of a DNS attack: "If someone can redirect you to a rogue DNS server, they can misdirect your browser to a fake site when you think you're going to your favourite web site. You login but now the criminals have your username and password (another reason people should use 2FA). The site will normally redirect you back to the genuine web site to avoid arousing suspicion.  This could be a banking site, social media, other financial site or anything else."

Here are steps to mitigate against a DNS attack.

5 Steps to remediate DNS attack

1. Update your firmware immediately
2. Check your DNS and DHCP settings on your router
3. If your settings appear to have been compromised, restore a config backup or manually check and correct all settings
4. If you have remote access enabled on your router, disable it if you don't need it, and use an access control list if possible
5. Always use secured (SSL/TLS1.2) connections to your router, both LAN and WAN side

See visuals and supporting documention on the DrayTek website.