Some DNS Requests Ruled Illegal in North Dakota

← Back to Stories (view on slashdot.org)

Some DNS Requests Ruled Illegal in North Dakota

Posted by samzenpus on Thursday January 17, 2008 @12:53AM from the that's-a-paddling dept.

jgreco writes "A judge in North Dakota has just ruled that requesting a zone transfer from a public DNS server is criminal activity within the meaning of the North Dakota Computer Crimes Law. A zone transfer is a simple request that a DNS server hand over information in bulk, and a DNS server may be configured to allow or deny such requests. That the owner of a DNS server would configure the server to allow such requests, and then claim such requests were unauthorized, is simply stunning."

9 of 331 comments (clear)

Min score:

Reason:

Sort:

DNS illegal now? Read again. by Anonymous Coward · 2008-01-17 01:03 · Score: 5, Informative

Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement.
1. Re:DNS illegal now? Read again. by tgd · 2008-01-17 01:13 · Score: 5, Insightful
  
  See this is why we need a (-1 Informative) moderation... because clearly from the tone of the post and the the majority of the replies, rational response is not the goal of this story submission.
2. Re:DNS illegal now? Read again. by autocracy · 2008-01-17 01:25 · Score: 5, Informative
  
  TFA really sucks. The linked judgment is much more useful to read. I'm kind of saddened by the judges focus on "zone transfers," but it's clear that the issue is not about zone transfers. The issue is a pattern of malicious activity that the defendant had an injunction placed on him for. He violated that injunction. It was corporate cyber-stalking harassment, really. I'd say that the zone transfer was illegal in context, especially with an outstanding injunction to stay off the company's servers.
  
  --
  SIG: HUP
Re:consequence of bad computer crime laws by morgan_greywolf · 2008-01-17 01:43 · Score: 5, Insightful

It IS completely ridiculous. I doubt very much that OSDN or SourceForge (or whatever they're called this week) wants to have to give explicit permission to each and every user on Slashdot, but that's what it appears to have come to because judges are techno-illiterates.

If a service is running on a machine connected to the Internet and that service is obviously not secured, then the only thing that can be assumed is that permission to use that service is implicitly granted, especially in absence of notices stating otherwise.

IOW, if you run a Web server on port 80 and require no authentication, then it can be easily assumed that you intend to publish any materials served via the Web server to the public Internet -- you expect people to access it.

Ditto if you run a DNS service that allows zone transfers to all comers -- you expect that DNS zone transfer will occur and no one will need permission from you to do so.

To rule otherwise is nothing but pure stupidity.

--
My blog
Re:Why am I not suprised? by plover · 2008-01-17 02:00 · Score: 5, Insightful

That's not at all true. The judges I've had dealings with have been damn smart people.
What you're forgetting is that in most court cases, the defendant is there for one of two possible reasons: they really weren't responsible, or they were responsible but are now lying about it. And the plaintiff or complainant is there to make sure something "legal" happens in their favor, and they're not above lying to get their desired outcome, either. Usually there's a lot of both. That means the judges are professionally sitting at the mouth of a never ending river of bullshit, and they have to keep control of the situation.
It's not that judges can't or refuse to understand the technology; it's that the cases are about the people, which is where their focus must remain. The computer didn't act of its own accord. It operated under the direction of its owner. The question of "was there malicious intent?" has nothing to do with DNS or any other logic-based technology and everything to do with the two guys standing in the courtroom.

--
John
Re:Unbelievable by MyLongNickName · 2008-01-17 02:07 · Score: 5, Insightful

What is more unbelievable is that you'd take an article summary like this as being the gospel. More often than not, it is someone who hasn't really read the whole article, but wants to see his name on the front page of Slashdot. Dispense with a few facts, create some sensationalism, and the crack Slashdot editing team puts it up without fact checking.

--
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Best. Ruling. EVER! by InfinityWpi · 2008-01-17 02:26 · Score: 5, Interesting

Why the hell aren't we celebrating this, people? Okay, for DNS, it sucks... but look at it this way...

It doesn't matter if you set up your system to 'automaticly' share the files you just downloaded... people who accessed them did so without authorization. It can't be considered 'sharing' if you didn't authorize people to download them from you... could this ruling be a tool agaisnt the MAFIAA?
Re:consequence of bad computer crime laws by jvkjvk · 2008-01-17 03:21 · Score: 5, Informative

No, it's not completely ridiculous. We can talk about generalities as long as we want but they are nothing but straw men. This is a specific case, and it appears to be a special case, where the defendant had an injunction against him to prevent him from harassing the company in question.

Essentially, the judge ruled that the injunction did indeed include the DNS servers the company had. Imagine that, he got that one right!

IOW, even if the company was running a web server on port 80 and require no authentication, it can easily be assumed that --- the defendant would still be barred from making requests to that page. No, not people in general one specific individual who was barred from interacting with the company.

To rule otherwise is nothing but pure stupidity.
Re:Unbelievable by orclevegam · 2008-01-17 03:59 · Score: 5, Informative

There's actually a good deal of information in there if you read between the lines a little. What I gathered from it and one of the sites linked by it, is that this guy is well known in the anti-spammer circles as a spam investigator that can compile loads of detailed info on spammers. Apparently Sierra (the plaintiff) is notorious for spam and also for suing anti-spam activists. During the course of compiling evidence against Sierra, this guy performed a DNS Zone transfer (most likely to prove that the source of some spam was actually a server hosted by Sierra). Sierra then sued him claiming the zone transfer wasn't authorized by them, and therefore it was illegal (not going to argue if that's logical or not, just summarizing here). Up to this point any technically minded person would probably think the plaintiff was on pretty shaky ground. However, the defendant screwed himself over it seems by annoying the judge various ways. According to the findings, the defendant gave false testimony on several occasions. It may or may not have been false testimony, it's sometimes hard to say when lawyers get involved, but the judge perceived it as such and that's what counts. Much worse it seems, is that the judge ordered the defendant not to perform certain scans of Sierras network, but he then proceeded to ignore those orders. This action seems to be the one that really blew the case for him, as it's apparent the judge was really not happy with him for that one.

--
Curiosity was framed, Ignorance killed the cat.