3
1
If you have a Netgear router, you can visit routerlogin.net and it will resolve to the IP address of your router for easy access to the admin configuration interface. Previously I believed this was implemented by having the DNS forwarder inside the router respond with its own internal IP for any lookups for routerlogin.net.
However I recently discovered that routerlogin.net still resolved to the router's IP even when the unit was configured only as an access point, operating in a network with a separate router / external DNS server. That would seem to imply that it was able to hijack DNS requests to 8.8.8.8 even when it is only an access point and the computer and a separate router are both configured to use 8.8.8.8 for DNS.
How is routerlogin.net implemented?
Jacob Gillespie
Posted 2017-06-09T17:28:08.217
Reputation: 131
1You are correct that
routerlogin.netexists and resolves to those IPs, but when you're behind a Netgear router,host routerlogin.netwill give you192.168.1.1or whatever because the router responds to the DNS request locally. The bit that's interesting to me is that this behavior still happens if the router is no longer the router and is only an access point, i.e. it will respond with10.0.1.23or whatever the AP's IP address is, meaning that even when it's not the router, it must have some way of hijacking DNS. – Jacob Gillespie – 2017-06-09T20:37:44.110Or to put it another way,
routerlogin.networks on the DNS level, not by communicating with the Netgear servers you encountered (and will even work when there's no internet connection). – Jacob Gillespie – 2017-06-09T20:38:34.6871It's at layer 3, it can pretend to be the entire internet as far as its clients know...it's pretty simple really. It's exactly the same way captive portals work in hotel or airport wifi, libraries, etc... – quadruplebucky – 2017-06-11T21:25:30.653