Slashdot Mirror

← Back to Stories (view on slashdot.org)

TimeWarner DNS Hijacking

Posted by kdawson on from the can-you-spell-ham-handed dept.

Exstatica writes "It looks like TimeWarner is taking vigilante action on the botnet problem. They've hijacked DNS for a few IRC servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet. (irc.vel.net was hijacked earlier but has been restored.) Using ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that forces the user into a channel and issues a set of commands to clean the drones. There have been different reports of other IRC networks being hijacked and other DNS servers involved. Is this the right way to handle the botnet problem? Is hijacking DNS legal?" Botnets are starting to move off of IRC for command and control, anyway.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.

2 of 339 comments (clear)

  1. Re:This will NOT raise awareness or work in any wa by thegrassyknowl · · Score: 5, Insightful

    Once again, the ISP has punished the good guys for problems crated by the bad guys. The root cause of the botnet is Windoze. Fixing it and raising awareness is as simple as cutting the problem computers off your network and telling their owners why. This is as it should be and pretending otherwise props up third rate software and threatens the stability of the net.

    I wish I hadn't run out of mod points; this is gold.

    That's a pretty cut and dried way of reducing the number of bots. Cutting the user off forces them to understand what is wrong and why they're cut off. If you just give them information most will just click past it and continue on their merry way. Users don't want information. They want the pr0nz as quick as possible. Didn't you know that?

    I can think of one case where a (now ex) friend of mine would email To: every single person in her work address book with SPAM for her work. I started out telling her to use the Bcc: field at least and pointed her to a web page describing why you'd want to do that. she replied "I don't want to read all that technical garbage" then carried on the same. Then I asked her to remove me from her list. She replied "I am going to send you this stuff because I know you want it" (it really was SPAM for her work, it wasn't even jokes or chain mail). There ended our friendship as I reported them to their ISP. They were warned by their ISP and still continued doing what they did. They lost hosting pretty quick after that.

    People don't want to learn. They are, by and large, idiots. Heavy handed measures are the only way to force them to realise that fact.

    --
    I drink to make other people interesting!
  2. Re:Alternative DNS? by dissy · · Score: 5, Insightful

    I thought OpenDNS was the greatest thing, until I noticed if you type in a URL that isn't valid it doesn't deliver the standard "non-existent domain" return, but instead gives you an OpenDNS search results page. Bleh. I'll stick with running Bind on my own server, thank you. Actually, if you signup for a free account, and add your IP(s) in their dashboard webapp, you can configure all sorts of things, including to return NXDOMAIN on resolution failure.

    I too agree that breaking NXDOMAIN is a bad thing, but OpenDNS at least does let you change this yourself. It just has the wrong default, so to speak.

    I strongly urge you to signup for a free account, and look over their settings available, before you judge.

    -- Jon