3
1
If you have a Netgear router, you can visit routerlogin.net
and it will resolve to the IP address of your router for easy access to the admin configuration interface. Previously I believed this was implemented by having the DNS forwarder inside the router respond with its own internal IP for any lookups for routerlogin.net
.
However I recently discovered that routerlogin.net
still resolved to the router's IP even when the unit was configured only as an access point, operating in a network with a separate router / external DNS server. That would seem to imply that it was able to hijack DNS requests to 8.8.8.8
even when it is only an access point and the computer and a separate router are both configured to use 8.8.8.8
for DNS.
How is routerlogin.net
implemented?
1You are correct that
routerlogin.net
exists and resolves to those IPs, but when you're behind a Netgear router,host routerlogin.net
will give you192.168.1.1
or whatever because the router responds to the DNS request locally. The bit that's interesting to me is that this behavior still happens if the router is no longer the router and is only an access point, i.e. it will respond with10.0.1.23
or whatever the AP's IP address is, meaning that even when it's not the router, it must have some way of hijacking DNS. – Jacob Gillespie – 2017-06-09T20:37:44.110Or to put it another way,
routerlogin.net
works on the DNS level, not by communicating with the Netgear servers you encountered (and will even work when there's no internet connection). – Jacob Gillespie – 2017-06-09T20:38:34.6871It's at layer 3, it can pretend to be the entire internet as far as its clients know...it's pretty simple really. It's exactly the same way captive portals work in hotel or airport wifi, libraries, etc... – quadruplebucky – 2017-06-11T21:25:30.653