Slashdot Mirror
TimeWarner DNS Hijacking
Exstatica writes "It looks like TimeWarner is taking vigilante action on the botnet problem. They've hijacked DNS for a few IRC servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet. (irc.vel.net was hijacked earlier but has been restored.) Using ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that forces the user into a channel and issues a set of commands to clean the drones. There have been different reports of other IRC networks being hijacked and other DNS servers involved. Is this the right way to handle the botnet problem? Is hijacking DNS legal?" Botnets are starting to move off of IRC for command and control, anyway.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.
Bear is driving!
How can that be (first post)?
first post
AFT (About Fyucking Time) Defense/Offense Corporatist attack a real enemy of US. They (Corporations/associations/laws... RIAA, MPAA, DMCA ...) have been using the law to spy on and attack citizens, now they can attack with virtual-impunity some real criminals (maybe DoD, China, Halliburton ...) that can counter-attack with some real whoop-ass. This should be more interesting than anything on ESPN/HBO... I hope some folks are monitoring the start of one of the first cyberwars. God, I hope NSA, CIA, DoD ... collect enough data to make it worth their while in a non-simulation vicarious voyeuristic lessons-learned from real professionals fighting in cyber-warfare. If Vegas is taking bets, my money is on the prideful and vain counter-attackers. YaGo 31!t3CMF (Cyber Marine Forces).
...) are the problem. If someone a/o some country/religion tries to crack your network ... it is a hell of allot more reasonable to go on the offensive and destroy the enemy ... collecting forensics and bits/body data is important to defense (as defined above), but legally can be insubstantial false-trail/trap for debate and for court worthless.
PS: I have never claimed to be sane, just reasonable.
Defense/Offense, which is legal and why?
(Score:3)
by OldHawk777 (19923) * on 2007.07.18 14:21 (#19904495)
(http://www.mygothicheart.com/oh10101 | Last Journal: 2007.07.12 14:41)
Defense is legal, Offense is illegal, and why? "I don't know." THIRD-BASE!
My logic, you need defense to be able to do what you need/want to do (like go on the offense).
Also, you need offense to prevent others from doing what you don't want them to do (like they can't go on offense).
IOW: The real purpose of defensive action is to provide force/operations security, until offensive action is possible.
Intel/CoOps (like chicken "coops") are a defensive actions that disrupt the ability of others to take a successful offensive action, while allowing you to develop effective and successful offensive actions. It all (technology security) confuses an old war monger like me.
Anyway; any/all defense will fail, unless the purpose is "Offense". So; with my way of thinking, the laws/regs/policies for preventing the use of technology (gun, lock, Internet, encryption
If you want to win you must always be on the offense. Offense or Defense will always win a battle, but only offense can win the war.
So; put the criminal crackers out of business with brilliant offense, don't legislate technology out of business with draconian idiotic "defense-only". Defense-only is as dumb as all the ObSec (Obscurity Security) governments and business want to implement. Clear the decks, clear the laws, clear for battle, take the SOBs out, and don't provoke the good public and citizens with further legislative/regs/policies stupidity.
Advice: If you have a Defense-only/ObSec policy get rid of it quick (as legally as possible), If you have a Defense-only/ObSec consultant/service company get rid of it quick (as legally as possible). Always look to solve problems permanently, because always being reactionary is a dogmatic (non-thinking) suicidal tactic. Gut-feelings truthyness (comically) is always fun for the clueless losers.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Why can not people effected by this problem simply put the right answer in their hosts files?