Jul 26, 2015 Support for new Belkin Products. I have a Belkin N300 Model. This is a photo of the main board from erlyer today when I restored the belkin firmware.

My son is running a WNDR-3700v3 router behind a Motorola 6812 Cable Modem on Cox Cable internet. He uses three Macs running OSX on his home network.

Recently, the DNS servers in his router have been repeatedly hacked and changed to, for example, 199.182.166.168. The result is incessant popups and redirects to inappropriate sites. I have fixed the settings, both by changing the DNS servers to the OpenDNS servers, and by re-checking 'obtain from Internet Provider'. Both fix the problems for a day or two, but the popups return, and sure enough, on logging into the router, the name servers have been changed again. This HAS been documented recently, and is not limited to the WNDR3700. It clearly represents a router firmware vulnerability, however, allowing some sort of malware to access router settings without an appropriate password. Remarkably, I opened a tech support ticket to advise Netgear of this, and the reply was that I don't qualify for free support!

One would hope they would be more concerned about their product, let alone grateful. I did have Remote Administration enabled, with a VERY secure password.

I have changed the port for remote access, so we'll see if that helps. I need the access, as my son doesn't know how to work on the router. Anyone else having this issue recently? Netgear, firmware fix?

WHY - since you have the router set to obtain it's DNS servers from the ISP are you assuming that the router has been 'hacked'? Install Brother Printer Driver Ubuntu. By setting the router to automatically obtain those settings you create a situation where the DNS settings can be changed from the ISP end. Have you brought this to the ISP's attention? Have you tried manually setting the DNS servers (try 8.8.8.8 & 8.8.4.4 - these are Google's public DNS servers) and leaving them set manually?

If not try that and see if the settings still 'change themselves'. When I first logged into my son's Router, 'Get Name Servers From ISP' was NOT checked (though by default it is, and I presume, was previously). I replaced the servers with the OpenDNS server IP addresses, and left 'Get From ISP' UNchecked.

The servers were changed again two days later. The name servers that then (see previous post) appeared were definitely sited as poisoned DNS servers causing spamming and redirects when I googled them. This time I CHECKED the 'Get From ISP' box, and got the same name servers that my own PC has and has had (we have the same ISP). I also, as mentioned, changed the Remote Admin access port from the standard 8080. As of this morning, name servers are still good. So clearly NOT related to the ISP changing - that setting was unchecked, and my own name servers have been constant. What do you think?

Changing from Fixed IP to DHCP should pose no risk at all. Simply resetting the router would cause this change.

Netgear routers can usually be changed via the LAN side without passwords if you know what your doing (I don't think it should be this way, but eh). I cant see NG changing this any time soon but perhaps they will. The only reason I bring that up is because changes like this are often due to exploits where the attacker is launching the attack through a pc on the network, be it something simple like CSS, or other more exotic exploits. If this has happened to you then I would first reset the router, THEN, look on each pc and see if any of them have those DNS servers set in as hard values. My guess is that a lot of you should find a infected PC on the network. If you use POP3 email then I would also advise you change your email passwords, as it is POSSIBLE that your email logins may have been proxied off and passwords caught.

Wilblake wrote: Same problem with N450 router after firmware update. ISP servce from Comcast, Zooom cable modem.

I changed the DNS to use Google, and disabled remote administration. Will consider firmware change to DD-WRT. Netgear Support has not proved very useful so far. Actually the router was the N750 running firmware recently upgraded 1.0.2.4_9.1.86. Remote administration on the router seems the most likely cause of the change to the DNS server settings. Similar incidents reside on support forums for apple, google, and other platforms. Since correcting the DNS server and disabling remote administration, network desktop clients appear free from malware and their DNS servers remain valid.

Internet searches reveal many articles on vulnerability of the remote administration interface on routers from Netgear, DLink, and other sources. I have the same problem. I have a Linksys e3000 router and I too get the popups on all of my devices. The biggest problem is that I am unable to connect to the Playstation Network from either my PS3 nor my PS4.