[ubuntu-us-mn] DNS Changer malware

Peter Gamache peter at duonet.net
Fri Jun 1 19:57:14 UTC 2012

Regardless of distro, look at the contents of /etc/resolv.conf.

NetworkManager (and others like it) write DNS data to that file, as it's
the standard location for configuring the system's resolver library.

If you want to lock down your DNS settings to something safe, this works for
most workstations:

sudo $EDITOR /etc/resolv.conf    - Remove other contents, add the following:


Save the file, and then:

sudo chattr +i /etc/resolv.conf

This sets the immutable bit on the file, preventing any future changes.  If
you don't trust your DHCP client/server to give you good DNS, this is the
ironclad way to lock the setting.


On Fri, Jun 01, 2012 at 10:22:53AM -0500, Tony Yarusso wrote:
> On Fri, Jun 1, 2012 at 4:06 AM, Fred H Olson <fholson at cohousing.org> wrote:
> > Anyone care to supply how to check DNS settings for Linux?
> > Has anyone heard of Linux systems being affected by DNS Changer
> > malware or other DNS related attacks?
> Checking your settings on Linux will vary by distro, so it's hard to
> write a single set of directions.  As one example though, in Ubuntu
> 12.04 with Gnome Shell, I click the little network icon in the top
> bar, select "Network Settings", and DNS servers are listed at the
> bottom of the screen that pops up.  In Ubuntu 10.04 you'd right-click
> the Network Manager icon and select "Connection Information".
> I have not heard of any normal Linux systems being affected, however
> it DOES affect a very large number of consumer routers, and I don't
> know whether that includes Linux-based firmwares or not.  This is the
> vector that is most likely to affect Linux users, since most people
> are just getting their DNS server settings through DHCP from their
> router anyway, so breaking the router is both easy (since their
> firmware receives far less scrutiny than a normal distro) and
> extremely effective.
>  - Tony
> -- 
> ubuntu-us-mn mailing list
> ubuntu-us-mn at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-mn

More information about the ubuntu-us-mn mailing list