"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:i3i7s002u63@news6.newsguy.com:

> From: "smurf" <smurf@smurf.com>
>
>| Spotted it today, a dg834g netgear router was accessed by some
>| malicious software which followed a limewire download. The software
>| logged onto the router (using default password) and changed dns
>| settings from automatic to a set of manual addresses.
>
>| The consequence was, of say a google search, any link had a results5
>| prefix.
>
>| The standard fix for results5 infections was the tdds killer etc, of
>| course no good here as the source of the problem was hte router.
>
>| removed the dns addresses, changed the password on the router and
>| flushed the dns cache of the connected machines.
>
>| First time come across this.
>
>
> http://www.trustedsource.org/blog/42...n-hacks-into-r
> outers
>
> http://www.pc1news.com/news/0017/war...n-modifies-wir
> eless-router-settings.html
>
> http://vil.nai.com/vil/content/v_141841.htm

OK, now you have *me* nervous. I had a problem earlier day with newegg.com
getting redirected to dpbolvw.net. The latter is bad news and is blocked in
my HOSTS file. So I got to reading this thread and decided to check my
firewall settings in my D-Link 604 router.
Look at http://mewnlite.com/di-604.gif
The 4 circled items were not put there by me. The rest of them are all
items I have listed under virtual server. According to what I've Googled,
the legit Teredo has something it do with IPv6. The LIMExxxxxxxxx entries
do not ring a bell with me - do they to anyone else?

--
--- Everybody has a right to my opinion. ---