On Sun, 28 Aug 2022 08:24:31 -0400 Greg Wooledge <g...@wooledge.org> wrote:
... > Not too long ago, I had to buy a new router. The one I bought was a > Netgear. As is typical, the router also acts as a DHCP server, and > has a web-based control panel. The instructions that came with the > router said to visit a certain URL (which I do not recall right now), > which did not contain an IP address, but instead, contained a "hostname". > > If you're a completely naive user, who sets up the PC to use DHCP, using > every piece of information from the router (IP, netmask, nameserver, > DNS search domain), then this would work. The special "hostname" in > the URL would be resolved by the router's internal mostly-forwarding > nameserver, to the router's IP address. > > If, however, your PC is set up to use its *own* DNS nameserver and search > domain, then the special "hostname" in the router's URL is resolved by > the global DNS infrastructure, to a *real* IP address. > > The real IP address in this case turns out to be a phishing site, set up > specifically to capture passwords and personal information from users who > are just trying to set up their router, which comes with *horribly* poor > instructions. This is wild. But according to official, publicly available Netgear documentation, the company uses www.routerlogin.net or www.routerlogin.com for router configuration, both of which seem to resolve / redirect to a legitimate Netgear site when not using a Netgear router: https://kb.netgear.com/27199/I-can-t-access-my-router-what-do-I-do https://www.netgear.com/home/services/routerlogincom/ If Netgear actually used an url that it didn't control, that would indeed be incredibly reckless and irresponsible. -- Celejar