Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Networking The Internet Technology

Paul Vixie: 100,000 DSL Modems May Lose Their DNS On July 9 193

Posted by timothy from the blame-the-feds dept.
Dante_J writes "Up to 100,000 DSL modems may lose access to DNS come July the 9th, due to scripted web interface changes made to them by DNSChanger. This and other disturbing details were raised by respected Internet elder Paul Vixie during a presentation at the AusCERT 2012 conference."
This discussion has been archived. No new comments can be posted.

Paul Vixie: 100,000 DSL Modems May Lose Their DNS On July 9 More

Paul Vixie: 100,000 DSL Modems May Lose Their DNS On July 9

Comments Filter:

  • Captain Obvious (Score:2, Interesting)

    by stretch0611 ( 603238 ) on Thursday May 17, 2012 @04:03PM (#40032551) Journal

    The FBI has control of the DNS servers. Why can't they just resolve every address to point to a webserver instructing people how to fix their DNS settings?

  • Re:ISP should warn them (Score:4, Interesting)

    by Zocalo ( 252965 ) on Thursday May 17, 2012 @04:20PM (#40032791) Homepage
    That horse has long since bolted. The ISPs were notified, and it's also possible for them to check their IP space for infected hosts at the DNS Changer Working Group's website [dcwg.org]. The sad fact is that the ISPs in question have done the math and come to the conclusion that they can either:
    1. Notify their infected customers, at a cost of $x per customer, probably only to have most of their users either ignore the warning or contact the ISP's support line, potentially at additional cost to the ISP (unless they have a premium rate support service).
    2. Ignore the problem until the FBI's DNS servers are switched off, at which point, hopefully, many of the users will figure out the solution at no cost to the ISP reducing the burden on the ISP's support desk and costs. Hey, everyone has to keeps costs down, right?

    Bonus douchebag points for any ISPs that have a large number of infected customers and have, purely coincidentally of course, moved support calls to a premium rate number in the last few months.

  • Re:8.8.8.8 (Score:2, Interesting)

    by Anonymous Coward on Thursday May 17, 2012 @04:40PM (#40033117)

    feel free to operate your own resolvers

    I do. It's easy. [unbound.net]

  • TR-069 (Score:5, Interesting)

    by stewwy ( 687854 ) on Thursday May 17, 2012 @04:50PM (#40033313)
    Some modems implement this , TR-069 (remote config) protocol. At least some of the clueless should have this active, I'm surprised it's not used more widely by ISP's Of course anyone with half a brain will have it disabled,( do you want your ISP to control your router? ) and if you have it disabled at least you know your modem/router HAS a config page but still, it's for exactly this reason it's there.

  • duh (Score:4, Interesting)

    by IGnatius T Foobar ( 4328 ) on Thursday May 17, 2012 @05:03PM (#40033563) Homepage Journal
    So the malware guys found a bunch of unpatched DSL modems with a vulnerability that allowed the resolver to be reconfigured remotely, and pointed it towards the "bad" DNS servers.

    So why not just go to the "bad" DNS servers, which they now control, find out the IP addresses of the compromised modems, and use the same vulnerability to reconfigure the resolver to point back to "good" DNS servers?

  • I don't put "everything" in my custom HOSTS file (Score:0, Interesting)

    by Anonymous Coward on Thursday May 17, 2012 @06:22PM (#40034765)

    I only have 50 of my fav. sites "hardcoded" into it w/ their IP addresses resolved via reverse DNS pings (ping -a in Windows) to the ARPA "TLD" ( .in-addr.arpa ) that maintains that information (so it isn't bogus) via reverse DNS checks!

    Then I block off 1,776,632++ KNOWN bad sites/servers/hosts-domains KNOWN to serve up malicious code or malware, botnet C&C servers, bogus DNS servers, adbanner servers & more threats or slowdowns online...

    I do so, "automagically" every 15 minutes via a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++"):

    ---

    1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

    2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

    3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malware makers (since host-domain names are recyclable by they, & the RBN (Russian Business Network & others)) were doing it like mad with "less than scrupulous", or uncaring, hosting providers)

    4.) Better 'anonymity' to an extent vs. DNS request logs (not vs. DPI ("deep packet inspection"))

    5.) The ability to circumvent unjust DNSBL (DNS Block Lists) if unjust or inconveniences a user.

    6.) Protection vs. online trackers

    7.) Better security vs. the DNS system being "dns poisoned/redirected" (a known problem for recursive DNS servers via port 51/53 misdirection)

    8.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

    And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).

    9.) Automatic downloading & Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually) from 15 reliable sources (of 17 I actually use).

    10.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns ping to avoid DNS (noted above why)).

    11.) Removal scanners (if the users decide to remove hosts entries from imported data they can check if the site is indeed known as bad or not (sometimes 'false positives' happen, or just bad entries, or sites clean themselves up after infestation due to vulnerable coding etc./et al)).

    12.) Removal of bloating material in many hosts files like Comments (useless bulk in a hosts file that's "all business")

    13.) Removal of bloating material in many hosts files like Trailing comments after records (produces duplicates)

    14.) Removal of bloating material in many hosts files like Invalid TLD entries (program checks this in a BETTER method than the API call "PathIsURL")

    15.) Removal of bloating material in many hosts files like Trims entries (vs. trailing blanks bloat on record entries)

    16.) Removal of bloating material in many hosts files like the conversion of the larger & SLOWER 127.0.0

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close