Slashdot Mirror

← Back to Stories (view on slashdot.org)

Number of Rogue DNS Servers on the Rise

Posted by Zonk on from the servers-what-fib dept.

bosoxsux writes "Rogue DNS servers are an increasingly popular tool for scam artists, according to a new report. Their numbers are on the rise, in part because they're difficult for antivirus software to deal with. 'There are now approximately 68,000 rogue DNS servers across the Internet, The authenticity of the sites such servers redirect to varies greatly, from near-perfect copies to laughably bad, but the problem they represent is quite serious. Once an end user's computer has been modified to use a poisoned DNS server, the system can be directed to any fake web site the malware author feels like serving up.'"

6 of 154 comments (clear)

  1. Re:Simple fix for those running Windows? by TripMaster+Monkey · · Score: 4, Insightful

    Of course it's not difficult to fix...the problem is that most users aren't going to check their DNS settings like you or I would...heck...most users don't even know what a DNS server is.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  2. Re:Simple fix for those running Windows? by Penguinisto · · Score: 2, Insightful
    Even worse - sometimes an ISP will refuse to tell you what their DNS IP addys actually are.

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  3. How can they not? by davidwr · · Score: 3, Insightful

    If an ISP expects me to use their DNS service, they have to tell me, either up-front or as part of the DHCP configuration request.

    Otherwise, I'll have to use someone else's DNS or do without.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  4. Re:read more, submit less by Anonymous Coward · · Score: 4, Insightful

    Easier than you think to use a rogue DNS server. Two words: Open WIFI.

    The default networking settings in a computer is to grab IP and DNS settings from the WIFI. This will get the rogue DNS right in.

    The way around is to change networking settings to have the DNS to point to a pre-chosen known ISP, but how many are doing that.

  5. Re:Suddenly, by lintux · · Score: 2, Insightful

    > You'd have to edit the cache so that the new key matches though (because it won't be the same one).

    Heck, when you have enough access to a machine to change its DNS settings, you have enough access to flush the cache or to just disable all SSL safety checks.

  6. Re:Is this about OpenDNS redirecting www.Google.co by Niten · · Score: 4, Insightful

    FUD? There's no FUD about it: if you use OpenDNS and perform a Google search, your search queries are being proxied through OpenDNS's servers. That's quite a breach of trust because -- unless they've changed something since I last checked -- this proxying of search data isn't exactly advertised to the user in advance. Even if I felt I could absolutely trust OpenDNS with all my data, such covert behavior would still make me uncomfortable.

    As for the Google/Dell deal: yeah, it's evil, and the OpenDNS guys are right to bring attention to it. But it's a problem that needs to be solved at the application level, not by mucking around with users' DNS whether they're on an affected Dell or not. It's the wrong place and the wrong approach to solve this problem, and borderline creepy to boot.

    I'm not sure why you're so angry with the Anonymous Coward for pointing this out; everything he said was unbiased and factually accurate. If the truth is going to "convince people not to use OpenDNS," then so be it.