0

Norton360 says my network is hijacked...

I am constantly receiving warnings from Norton360 that my home network has been hijacked and I should turn Norton's VPN on. As far as I can tell my network is fine. It consists of a Sky broadband connection through a Draytek Vigor modem, connected to a Synology RT6600ax router, set up with multiple VLANs to segment the network. I have DNS over HTTPS set up in the router, so my devices all use NextDNS successfully. The router has a secure password and 2FA set up and is only accessible from one VLAN that I keep secure.

Could there be something lurking deep in my network that I'm not seeing, or is this Norton not liking NextDNS, or simply Norton wanting more customers for their VPN? (I use Proton VPN when necessary).

I've not found any answers to this question on Norton's community, so I was hoping NextDNS users might know more. TIA.

6 replies

null
    • R_P_M
    • 11 days ago
    • Reported - view

    If these warnings are vague then they are probably scare tactics to get people to buy the VPN.

    • Luna.1
    • 10 days ago
    • Reported - view

    Hijacked by Norton scam ...

    • PhilG
    • 10 days ago
    • Reported - view

    I'm interested to know if this is simply because I'm using NextDNS on the router - whether or not any other NextDNS users have experienced this. I'm enquiring of Norton as well. Here's the warning:

    • Daksani
    • 8 days ago
    • Reported - view

    You can check using ssl usually. Generally if a network isn't secure, you're getting intercepted either locally or down the line using DNS or some other overriding factor. If your router is using nextdns but the next hop down is forcing dns > naughty then you're still at risk, even if you're hitting NextDNS. An example of this is having your DNS queries come back unencrypted, even though you sent them via DoH.

    https://badssl.com/dashboard/

    That'll give you an idea at least. There are other things you can do to see if your network is compromised but usually when you get a warning like that (and it's not some advert) it means that your traffic is being intercepted.

      • R_P_M
      • yesterday
      • Reported - view

      Your example is entirely implausible. DNS requests sent by DoH will be encrypted both ways, there is no chance they will come back unencrypted.

      • Daksani
      • yesterday
      • Reported - view

      Fair enough, looking at the comment again I could've worded it differently. However, the example I gave was an attempt to explain a situation that did happen to me. I was using DoH to either Quad9 or NextDNS and my application firewall was complaining that the queries were coming back unencrypted. They were either being blocked upstream and leaking out UDP#53 because of a misconfiguration on my end or the laptop/certificates chain itself was compromised and they were being decrypted in the middle. It could've been either as it was a couple of months ago and I didn't really dive into the forensics before wiping it but my point still stands, if it leaks or if your chain is compromised, threat actors can still get around DoH. And if they're in your network, there's a good chance they're in your systems.

Login to reply

Content aside

  • yesterdayLast active
  • 6Replies
  • 102Views
  • 4 Following