How to find out if nameserver is legit

Posted on 2005-05-06
Medium Priority
Last Modified: 2010-04-11
So I basically hit a website by mistake that had a ton of active x controls. viruses and spyware on it. I spent a good while using verious spyware removal tools and my virus scan to remove them. Plus I created a new profile and deleted the corrupt one in windows xp pro.

Anyways. I was checking the dns Servers my ISP is handing out ot me.  Are there any sites on the Internet to find out if the DNS servers you are pointed to are legit?  I'm just wondering if my arp has been poisoned by the viruses or something els is going on. I tired calling my ISP tech support but the help desk is clueless.
Question by:bboy77
LVL 51

Expert Comment

ID: 13945309
>  I'm just wondering if my arp has been poisoned
arp doesn't matter here 'cause it only handles IPs in the same logical subnet

> ..  if the DNS servers you are pointed to are legit?
if you doubt that your ISP is reliable, change it.
LVL 38

Accepted Solution

Rich Rumble earned 800 total points
ID: 13946125
You can use a program like ethereal to see if your getting responses from the servers, as far as legitmiacy goes, the helpdesk should know the ip's of their NS's... you can query other ns's if you want. If a NS has port 53 open and is serving DNS, then it's probably ok, but as of late there has been a bunch of NS posioning about http://isc.sans.org/presentations/dnspoisoning.php and your also correct to suspect spyware as messing with your responses, as there are many that do. If your using XP or winME, turn off system restore, then use AV and or AS (anti-spyware) to get rid of them perminatly: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

Assisted Solution

ITDharam earned 400 total points
ID: 13946604
While I wouldn't be surprised to see a virus that changes your name server to something that just serves bogus info, typically, you'll just have your host file populated with a bunch of fun stuff.

To check, browse to:  C:\WINDOWS\system32\drivers\etc and check each of the host files, unless you have gone in and edited the host file, you should only have one entry which should look like localhost

If you see a lot of bogus entries, maybe entries for Symantec, AVG, and other popular antivirus/anti-malware companies, then just delete them.

If you think your name server might be bogus, just to some nslookups against it, and post the results here as a comment, and then have the rest of us compare our responses, if 3 people get the same response you get, then there is a good chance that your NS is fine.

To do a lookup against your name server, go to a command prompt, type nslookup, and then type www.symantec.com, then post the results.  Do this for a few different domains that would most likely be targeted.  

Is there any thing you're seeing that makes you think you may still be infected?
LVL 25

Assisted Solution

by:Ron Malmstead
Ron Malmstead earned 400 total points
ID: 13946635

run a speed test...It will show you your ISP, and you can compare your speed to other users on the same isp...additionally it will provide information about the Primary and Secondary DNS servers for your C-lec.

It won't be on the first page, but you poke around a little it's in there.....

Or you could just call your ISP and ask them....it's not top secret.

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question