Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Botnet Security The Internet Technology

Taking Down DNSChanger: A First Person Account 46

Posted by Unknown Lamer from the vixie-with-a-vengeance dept.
penciling_in writes "Paul Vixie shares his personal account of the DNSChanger takedown operation, working with the FBI and a worldwide team. He also explains the delay issues in identifying and notifying victims, which resulted in the FBI asking the judge for an extension. They were given four more months. 'On July 9 2012 the replacement DNS servers operated by ISC will be shut down and any victims who still depend on these servers will face new risks,' he warns. A half-dozen national Internet security teams around the world have created special websites that will display a warning message to potential victims of the DNS Changer infection. The full list of these 'DNS Checking' websites is published by the DNS Changer Working Group."
This discussion has been archived. No new comments can be posted.

Taking Down DNSChanger: A First Person Account More

Taking Down DNSChanger: A First Person Account

Comments Filter:

  • Stupid (Score:5, Interesting)

    by DarkOx ( 621550 ) on Wednesday March 28, 2012 @01:01PM (#39498133) Journal

    They never should have setup replacement DNS servers.

    At most they should have put up a special server that just pointed every A record request to webserver with page explaining that you have or have had some malware on your system and are vulnerable, some instructionss to fix your DNS and patch your box or call your Administrator for help. Simply return NXDOMAIN for everything else.

    All this has accomplished is keeping a bunch of un-patched machines which lets face it most likely have or will have other malware on them as well in use by users making the possible victims of someone else.

    I have not bought into the argument about ISPs or corporate uses being effected severely either. Anyone effected by this thing is not using DNSEC. It would be trivial to NAT tcp53/udp53 requests to the addresses of the malicious DNS servers to safe in house one. ISPs and corporations then could go through those logs with their own resources and contact those users / customers for a fix, instead of being allowed to just shift the cost of their security failure onto the tax payer as they have. Such organizations should be going after the estate of the perps for damages and eating the costs that cannot be recovered or forcing their insurers to do it.

    This was just another abuse of the public.

  • I still disagree with the delays (Score:5, Interesting)

    by Skapare ( 16644 ) on Wednesday March 28, 2012 @01:02PM (#39498141) Homepage

    There should have been a period of time to do the notifications with the DNS running "normally". At the end of that (no extension), change the DNS servers so they return an IP for ALL domains that directs everything to a single page that tells them that their computers and/or network is infected, and they need to contact a security consultant, their ISP, or a specified contact at the FBI. After that time, the DNS should go dead (route those IPs into a blackhole). That all should have been overwith by now. There's no justification to delay further for stupid people.

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close