Paul Vixie: 100,000 DSL Modems May Lose Their DNS On July 9 193
Dante_J writes "Up to 100,000 DSL modems may lose access to DNS come July the 9th, due to scripted web interface changes made to them by DNSChanger. This and other disturbing details were raised by respected Internet elder Paul Vixie during a presentation at the AusCERT 2012 conference."
Captain Obvious (Score:2, Interesting)
The FBI has control of the DNS servers. Why can't they just resolve every address to point to a webserver instructing people how to fix their DNS settings?
Re:ISP should warn them (Score:4, Interesting)
Bonus douchebag points for any ISPs that have a large number of infected customers and have, purely coincidentally of course, moved support calls to a premium rate number in the last few months.
Re:8.8.8.8 (Score:2, Interesting)
feel free to operate your own resolvers
I do. It's easy. [unbound.net]
TR-069 (Score:5, Interesting)
duh (Score:4, Interesting)
So why not just go to the "bad" DNS servers, which they now control, find out the IP addresses of the compromised modems, and use the same vulnerability to reconfigure the resolver to point back to "good" DNS servers?
I don't put "everything" in my custom HOSTS file (Score:0, Interesting)
I only have 50 of my fav. sites "hardcoded" into it w/ their IP addresses resolved via reverse DNS pings (ping -a in Windows) to the ARPA "TLD" ( .in-addr.arpa ) that maintains that information (so it isn't bogus) via reverse DNS checks!
Then I block off 1,776,632++ KNOWN bad sites/servers/hosts-domains KNOWN to serve up malicious code or malware, botnet C&C servers, bogus DNS servers, adbanner servers & more threats or slowdowns online...
I do so, "automagically" every 15 minutes via a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++"):
---
1.) Offers massively noticeable increased speed for websurfing via blocking adbanners
2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).
3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malware makers (since host-domain names are recyclable by they, & the RBN (Russian Business Network & others)) were doing it like mad with "less than scrupulous", or uncaring, hosting providers)
4.) Better 'anonymity' to an extent vs. DNS request logs (not vs. DPI ("deep packet inspection"))
5.) The ability to circumvent unjust DNSBL (DNS Block Lists) if unjust or inconveniences a user.
6.) Protection vs. online trackers
7.) Better security vs. the DNS system being "dns poisoned/redirected" (a known problem for recursive DNS servers via port 51/53 misdirection)
8.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).
9.) Automatic downloading & Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually) from 15 reliable sources (of 17 I actually use).
10.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns ping to avoid DNS (noted above why)).
11.) Removal scanners (if the users decide to remove hosts entries from imported data they can check if the site is indeed known as bad or not (sometimes 'false positives' happen, or just bad entries, or sites clean themselves up after infestation due to vulnerable coding etc./et al)).
12.) Removal of bloating material in many hosts files like Comments (useless bulk in a hosts file that's "all business")
13.) Removal of bloating material in many hosts files like Trailing comments after records (produces duplicates)
14.) Removal of bloating material in many hosts files like Invalid TLD entries (program checks this in a BETTER method than the API call "PathIsURL")
15.) Removal of bloating material in many hosts files like Trims entries (vs. trailing blanks bloat on record entries)
16.) Removal of bloating material in many hosts files like the conversion of the larger & SLOWER 127.0.0