[DNS Hijack]

Hey guys,

I work in IT support and enjoy tinkering with things like Kali Linux, Raspberry PI, ect... My wife recently started seeing some vulger ads on normal websites like CNN, Local News, and others. I started seeing similar things on my laptop very soon after. I did tthe normal checking for malware and things.

I eventually checked the router settings nd found the DNS servers were set to static IPs instead of DHCP from he ISP. I chaged it back to auto, abd the vulger ads and things stoped. I checked the logs to see what happened but all the logs were deleted. After the reboot the logs were showing a DOS attack blocked.

[DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.111.185.178], Saturday, Jun 06,2015 01:16:25

[internet connected] IP address: 0.0.0.0, Saturday, Jun 06,2015 01:16:22

[internet disconnected] Saturday, Jun 06,2015 01:16:22

[initialized, firmware version: V1.0.45_1.0.45NA] Saturday, Jun 06,2015 01:16:21

I think this was something like a man in the middle attack or something simlar. I'd like to know how they were able to get into my router and change the DNS servers and delete the logs.

I've alredy did the basics post-attack steps like change passwords and things.

Thanks guys!