Slashdot Mirror


TimeWarner DNS Hijacking

Exstatica writes "It looks like TimeWarner is taking vigilante action on the botnet problem. They've hijacked DNS for a few IRC servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet. (irc.vel.net was hijacked earlier but has been restored.) Using ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that forces the user into a channel and issues a set of commands to clean the drones. There have been different reports of other IRC networks being hijacked and other DNS servers involved. Is this the right way to handle the botnet problem? Is hijacking DNS legal?" Botnets are starting to move off of IRC for command and control, anyway.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.

5 of 339 comments (clear)

  1. This is a DNS hijacking. by woodchip · · Score: 5, Funny

    OK DNS Server resolve me to .cu and no body gets hurt.

  2. The Right Way? by Kozar_The_Malignant · · Score: 5, Funny

    >Is this the right way to handle the botnet problem?

    No. The right way involves castration with rusty linoleum knives, Turkish prisons, and rabid wolverines. If that doesn't work, we should quit being nice and get nasty with these folks. Seriously, this problem will not go away until people start doing some hard time, preferably with a cell mate who does not need Erct|le Member Help!

    --
    Some mornings it's hardly worth chewing through the restraints to get out of bed.
  3. Re:IRC networks must police themselves by Assassin+bug · · Score: 4, Funny

    Do do do do, dah dah dah dah, is all I have to say to you.

  4. Re:The criminal code calls it "Theft of Services" by wik · · Score: 3, Funny

    Hey, not so fast!

    PA recently became the 50th state in the union to put their laws online.

    --
    / \
    \ / ASCII ribbon campaign for peace
    x
    / \
  5. Re:New Update since i submited this yesterday by Skrynesaver · · Score: 5, Funny
    Realistically anyone attempting to prosecute Cox for exploiting a backdoor in a botnet is going to have a hard time keeping their client out of jail.

    I look forward to Cox meeting their lawyers.
    Evil_lawyer_dude: You have exploited a vulnerability in my clients software
    Cox Communications: Ooops, so we have, would you care to name your client
    Evil_lawter_dude: I don't have to
    Cox Communications: Well, without evidence of harm done to your client we can't be held liable for anything
    Evil_lawyer_dude: My client has been unable to carry on his business using the resources of your customers
    Cox Communications: Yes, and we have a list of customers who would be part of a counter suit, no go away or we will taunt you some more.

    --
    "Linux is for noobs"-The new MS fud strategy