Students Macbooks and weird DNS

[Craig Knights]

Hi all,

This has been happening for a while..

A student says they can't get on the internet.  About one a week.

So I check, and they have a DNS set of 114.114.114.114, which is some free DNS in China.  I remove it, it goes back to auto, they get our DNS, and all is good.

The weird thing is, none of the students have any idea why they have that set, or what they're trying to do..  like avoid a country block, or avoid our filtering...  or any idea how it happened...  malware?  Some VPN (I see no evidence of this)?

It's just weird.

Craig

[Clayton Hubbard]

Around the comment of users not setting the DNS, Found this one but could be unrelated, however, links to possible trojan's so not sure if these set the DNS - https://www.threatcrowd.org/ip.php?ip=114.114.114.114

Clayton Hubbard

Solution Architect

The Network for Learning Ltd

M +64 22 043 0155  DDI +64 9 972 2906  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Alistair Baird]

What browser are they using ? Sometime sites put in a search engine and keep resetting from there, check browser extensions, they are quite good for that kind of thing.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alistair Baird

IT Manager

St Peters College 

p 06 354 4198

m 021 482 937

e bai...@stpeterspn.school.nz

[Pete Mundy]

I've seen malware and browser extensions change DNS settings in macOS before. But normally the software wouldn't have the ability to do so unless the user account they're running under is an admin user (we all know users blindly type in their password whenever something prompts them). So it seems a bit weird on student devices, unless these are student-owned devices rather than school-owned devices in which case there is a good chance they are already an admin user.

Pete

[Craig Knights]

They are student owned, and they are admin.

I'll have a better look at the next one I see..

ta

Craig

[Kevin Whelan]

On Friday, May 11, 2018 at 8:41:46 AM UTC+12, Kevin Whelan wrote:

tell them to stop using vpns, we get it here all the time where vpns screw up their internet more on windows than mac but I just laugh and show them the door. They need to learn if they play with fire

they will lie and deny through their teeth that they have, or say I havn't used it today, sometimes a restart will show the vpn popup .VPNS generally  works ok until one day it doesn't and just removing it isn't enough sometimes, the network settings can get so screwed up it gets itself really tied up

[Blake Richardson]

I would say they have Malware, we have seen this before. We block all DNS from LAN>WAN apart from our own DNS servers and because students get they DNS via DHCP.

If they are using a Mac run MalwareBytes over the machine.