Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DNS hijacking - how to disable / opt out?

cds84
Tuning in

on ‎03-02-2020 21:29

All machines are my LAN are configured via DHCP.

This gives me nameservers 194.168.4.100 and 194..168.8.100. (Virgin Media's DNS servers).

while trying to debug some issues i was having with NETBIOS, I noticed i was getting some strange results!

```bash

[cds@xps13 ~]$ ping this_is_a_made_up_invalid_domain
PING this_is_a_made_up_invalid_domain (92.242.132.24) 56(84) bytes of data.
64 bytes from unallocated.barefruit.co.uk (92.242.132.24): icmp_seq=1 ttl=242 time=22.9 ms

```

How odd!?

So, lets check-out barefruit.co.uk..

The website says that it...

```

The Barefruit Solution Generating highly targeted traffic by replacing DNS and HTTP errors with relevant advertising

```

No thank-you!

So, now my software has cached the wrong IP address of my resolve... which is annoying!

Also, there are security implications, are there not?

Can I opt out of this advertising rubbish?

I would like to receive my DNS and HTTP errors.

 

0 Kudos
14 REPLIES 14

legacy1
Alessandro Volta

on ‎03-02-2020 21:32

You could always run your own DNS resolver.

Or some times this works
https://my.virginmedia.com/advancederrorsearch/settings

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

cds84
Tuning in
In response to legacy1

on ‎03-02-2020 21:51

Awesome!

Thanks!

opting out here did the trick!

https://my.virginmedia.com/advancederrorsearch/settings

 

[cds@xps13 ~]$ ping super_wrong_name
ping: super_wrong_name: Name or service not known

I was a little disappointed that there was no way to over-ride DNS in the router... My old router allowed me to select other providers.. OpenDNS for example.

THANKS ANYWAY, this closed my issue.

0 Kudos

nleaney
Dialled in

on ‎01-06-2020 23:38

I was just about to post something similar - it appears the DNS name of my work email server appears to be somehow included in the Virgin DNS with an IP address pointing at barefruit.co.uk. It was only spotted when I reported access issues to the email service and a strange IP address was detected.

The IT Team have asked me to raise it as an incident with my ISP ant they are going to flag it with IT Security as a potential issue. The implications in my case are that my email credentials may have been passed via this intermediary.

Something I'm unsure of though is whether this has been done with the knowledge of Virgin Media or whether this is somehow opportunistic activity on behalf of barefruit? Anyone have any ideas?
0 Kudos

用心棒
Very Insightful Person
Very Insightful Person
In response to nleaney

on ‎06-06-2020 16:15

@nleaney wrote:
I was just about to post something similar - it appears the DNS name of my work email server appears to be somehow included in the Virgin DNS with an IP address pointing at barefruit.co.uk. It was only spotted when I reported access issues to the email service and a strange IP address was detected.

The IT Team have asked me to raise it as an incident with my ISP ant they are going to flag it with IT Security as a potential issue. The implications in my case are that my email credentials may have been passed via this intermediary.

Something I'm unsure of though is whether this has been done with the knowledge of Virgin Media or whether this is somehow opportunistic activity on behalf of barefruit? Anyone have any ideas?

Concerning the former, if your client is setup to securely exchange data with your work email server then it will fail to authenticate the connection and terminate; your email authentication credentials would not have been sent.

And the latter, of course it has been done with Virgin Media's knowledge as part of their Advanced Network Error Search feature; is it a good idea, no IMHO because it lacks consent and contributes nothing of value to a user's experience.

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

  Use Kudos to say thanks

  Mark as Helpful Answer if I've helped

.

0 Kudos

cds84
Tuning in

on ‎30-04-2021 06:06

They are doing it again!!!!

 

I opted out if DNS hijacking in the router settings... But now, after debugging another connection issue, I find that they are doing it again?? They auto opted me back in!?

After a router firmware update, I suspect.

How can I disable firmware updates in the router?

Virgin media clearly cannot be trusted.

0 Kudos

gary_dexter
Alessandro Volta
In response to cds84

on ‎30-04-2021 07:47

@cds84 wrote:

They are doing it again!!!!

 

I opted out if DNS hijacking in the router settings... But now, after debugging another connection issue, I find that they are doing it again?? They auto opted me back in!?

After a router firmware update, I suspect.

How can I disable firmware updates in the router?

Virgin media clearly cannot be trusted.

You’ve never been able to opt out of it via the hub settings.

You have to do it via your online account. 


*****
If you think my answer has helped - please provide me with a Kudos rating and mark as Helpful Answer!!
I do not work for Virgin Media - all opinions expressed are of my own and all answers are provided from my own and past experiences.
Office 365, Dynamics CRM and Cloud Computing Jedi
0 Kudos

cds84
Tuning in
In response to gary_dexter

on ‎30-04-2021 09:11

Ah, yes. Sorry. I misremembered.

I used the inline firm again, it said I am already opted out..

 

but still, my DNS lookups are hijacked to barefruit!

Can I replace my router with one that supports custom DNS settings?

Virgin medias are malicious/broken.

 

I know I can put the hub into modem only mode... But I would rather not waste power running 2 routers.

0 Kudos

lotharmat
Community elder
In response to cds84

on ‎30-04-2021 09:36

AFAIK the only way to do it is either change the DNS on the device (which should ignore the ones set by DHCP) or get your own router and specify there!

The Hub will not let you specify your own



------------------------------------------------------------------
Hub 3 - Modem Mode - TP-Link Archer C7

0 Kudos

Anonymous
Not applicable
In response to lotharmat

on ‎30-04-2021 09:55

you do not need your own router. you just need a DHCP server on your network. If you have a raspberry pi you can run PiHole as your DNS/DHCP server and disable the DHCP in the hub.

No one will have gotten your email credentials as they will have been encrypted even if sniffed. If you are not using a secure connection for email then you have much bigger security problems than a DNS catch all
0 Kudos
Top