Slashdot Mirror

← Back to Stories (view on slashdot.org)

TimeWarner DNS Hijacking

Posted by kdawson on from the can-you-spell-ham-handed dept.

Exstatica writes "It looks like TimeWarner is taking vigilante action on the botnet problem. They've hijacked DNS for a few IRC servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet. (irc.vel.net was hijacked earlier but has been restored.) Using ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that forces the user into a channel and issues a set of commands to clean the drones. There have been different reports of other IRC networks being hijacked and other DNS servers involved. Is this the right way to handle the botnet problem? Is hijacking DNS legal?" Botnets are starting to move off of IRC for command and control, anyway.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.

4 of 339 comments (clear)

  1. The criminal code calls it "Theft of Services" by cenonce · · Score: 5, Interesting

    In Pennsylvania, it sounds like it might fall under Theft of, or Diversion of Services.

  2. This will NOT raise awareness or work in any way. by twitter · · Score: 5, Interesting

    Wired found someone who approves of breaking the internet:

    Frankly, redirecting requests to malware sites, or IRC communication channels, to cleaner-sites sounds like a practical short term tactic to me. And if it raises awareness around the seriousness of the bot problem I'm all for it.

    Right, because the kind of people who might actually use IRC know nothing about botnets and the kind of Windoze users who are part of the botnet care about IRC. This is just another attack on the free software community as outlined in the Haloween Documents.

    Once again, the ISP has punished the good guys for problems crated by the bad guys. The root cause of the botnet is Windoze. Fixing it and raising awareness is as simple as cutting the problem computers off your network and telling their owners why. This is as it should be and pretending otherwise props up third rate software and threatens the stability of the net.

    --

    Friends don't help friends install M$ junk.

  3. What??? by bogie · · Score: 5, Interesting

    You mean you actually talked to someone in tech support who not only knew what a packet was but also looked up what was happening on their end at a technical level? How many drones did you have to speak to telling you to A)reboot or B)reinstall your machine? Did you use chicken blood or ox blood to perform this magic?

    --
    If you wanna get rich, you know that payback is a bitch
  4. No, probably not by Sycraft-fu · · Score: 5, Interesting

    Since it sounds like they were doing it with their DNS servers. While it would be illegal for me to break in to your DNS server and modify it, it is not illegal for me to modify my DNS server, even if you use it. If you dislike it, you can use another service, but unless I have a contract with you there's nothing wrong with it (legally). You can argue it is a bad idea, but changing their equipment on their network is well within their rights.