Chinese DNS Tampering a Real Threat To Outsiders

Trailrunner7 writes "China has long used the Internet's Domain Name Service to censor Web sites and information that the ruling Communist Party deems threatening. But now security experts warn that the government's censorship is in danger of spilling over China's borders, suppressing the ability of those living outside of China to find information online. An estimated 57% of all networks on Earth passed DNS requests through a Chinese DNS rootserver at some point in 2010, according to data from security firm Renesys. Tampering by the Communist Party there poses a danger to Internet security and freedom. In fact, DNS tampering may be a bigger threat than techniques like BGP (Border Gateway Protocol) hijacking, which is believed to be responsible for an unexpected shift in Internet routing in April that has recently been the subject of mainstream media reports in the US. There is already evidence that China's efforts to tamper with DNS have bled outside the country's borders. The same report to Congress from the US-China Economic and Security Review Commission that called attention to the BGP hijacking incident from April, 2010 also mentions a March, 2010 incident in which Internet users in the US and Chile attempted to connect to social networking websites banned by the Chinese government. However, their DNS requests were handled by a Beijing-based Domain Name Server, which responded with incorrect DNS information that directed the surfers to incorrect servers, the report says."

So, which is worse?

So, is it better to have China fucking around with the internet, or the US?

Quite frankly, I don't think either of them should be able to do it.

Fuck the both of them.

Re:So, which is worse?

So just leave it up to Comcast to fuck with your internet then? :)

Probably what you are actually saying is that you would like to see governmental regulation of internet, but only if it is non-nationalistic and enormously democratic. In other words, you want the Metagovernment

Maybe a bit of chicken-and-egg there, though, since Metagovernment is internet-based government.

Re:So, which is worse?

[MightyMartian]

Comparing the US and China as far as the Internet goes kind of indicates who the asshat is here.

Re:So, which is worse?

I'm glad there are some dissenting views on slashdot this time, since when stories about China come up I usually end up feeling like we're living in a new McCarthy era.

The status quo is that the US has very disproportionate influence on the internet technically and otherwise, and (especially for non-Americans) it's far from clear that this is a good thing for the world. Of course the abuse by the US doesn't make it okay for other countries to meddle with the internet to adverse effect.. but we have to keep things in perspective rather than get silly (e.g. the people here who say we should "boot China out", and other jingoistic nonsense).

Re:So, which is worse?

Countries in different states of development may need to consider different solutions. Recently, looking back on the past 50 years, it has become quite commonplace for China's decision making to be praised in contrast to that of India, including even the low-points during Mao's time as it did lay a foundation for progress. From a traditional western perspective.. yes it's wrong, it's impossible, it's horrendous, it's a miracle.. and yet there it is. If you want to judge things in black and white and apply the same solutions to all situations, it is you who is the asshat.

Re:So, which is worse?

So you probably didn't notice, then, that Metagovernment is not any nation at all? It certainly is not America. It is you.

Re:So, which is worse?

[Paracelcus]

So, I'm kind of dense, are you implying that the irredeemably evil nightmare that is China is worse or better than than the corrupt (government by bribery) and (police state in training) that is the USofA?

Re:So, which is worse?

Have you been listening to the news lately? The USA is basically doing the same thing as the chinese, shutting down websites they don't agree with and/or corps paid them to shut down.

Re:So, which is worse?

Think about that one for a minute...

Re:So, which is worse?

[nhat11]

Eh you do know that without the "Americans" you won't be having the internet in the first place right? Keep burning bridges for the rest of your life, I don't really care.

In Soviet China...

[Marthis]

...DNS routes you! Oh, wait...

Re:In Soviet China...

[Qlither]

While in China, DNS....Page cannot be found....

GWB the prophet

[DigiShaman]

"I hear there's rumors on the Internets that we're going to have a draft."

He knows something we don't? Hmmmm

Re:GWB the prophet

[mcgrew]

As he was US President for eight years, it's a certainty that he knows a LOT of stuff that we won't ever hear about.

Re:GWB the prophet

And some it might even be correct!

Re:GWB the prophet

[slick7]

As he was US President for eight years, it's a certainty that he knows a LOT of stuff that we won't ever hear about.

Wait until the next installment of WikiLeaks. There, fixed that for ya.

Re:GWB the prophet

[mcgrew]

I would guess that the information wikileaks gets compared to what is there is probably trivial.

Re:GWB the prophet

[hitmark]

Then comes the question about how much of that gets read by those in charge...

Proverbial needle in haystack and all that...

Root servers?

[just_another_sean]

I understand the need for mass replication of the DNS root servers and appreciate both the cultural and technical needs to spread them fairly evenly throughout the world but is it really necessary for China to replicate F, I and J at the root level? Would performance and the world perception of a US controlled internet really suffer if China was denied access to the root level? Let them replicate all 13 for their internal use but remove any server's root status if the server is hosted in China... Maybe I'm missing something here but is this not a reasonable stance on preventing this type of collateral damage?

Re:Root servers?

[metamatic]

Yeah, why does anyone trust any root server located in China? (They can set up servers that claim to be root servers all they like, but that doesn't mean the rest of the root servers have to trust them, so why do they?)

Re:Root servers?

[Monkeedude1212]

Would performance and the world perception of a US controlled internet really suffer if China was denied access to the root level?

I think it would. I wouldn't be surprised if China happens to hold some control over the network (if it exists much) in North Korea, and doing something like that might cause even more tensions in what is already a difficult situation.

Re:Root servers?

[guruevi]

Why should you trust the US with anything? China has so far not been tampering with the worldwide independent organization of either DNS or ICANN. Something the US can't really say anymore.

It would be similar to saying, should we give control to Hitler, Stalin or Mussolini.

Re:Root servers?

[kindbud]

Because DNS is fundamentally insecure and there is no way to secure it without a re-write from the ground up. DNSSEC is a bandaid with a limited window of effectiveness. Ultimately, a cache receiving root glue has no way to validate that the glue is the legit root glue. And so they will become poisoned.

Re:Root servers?

[AdamThor]

Let them replicate all 13 for their internal use but remove any server's root status if the server is hosted in China... Maybe I'm missing something here but is this not a reasonable stance on preventing this type of collateral damage?

NOOOOO! We must rebuild the entire interweb! Tiered service plans with CIA backdoors and automatic killswitches for stolen intellectual property!

It's the ONLY WAY to stop the China from routing your traffic!

Re:Root servers?

Really? My DNS Servers I can configure quite easily to ignore update request from any host except from a couple of selected ones. But perhaps everybody is using something different than my very obscure and commonly unknown software by the name of bind.

Re:Root servers?

[mysticalreaper]

DNSSEC *does* prevent against this man-in-the-middle attack, that's in fact its main feature.

You say that a cache receiving the root glue (data about the root servers) has 'no way' to validate that the glue is legitimate. That's totally not true. There are many ways to validate the data, including verifying against an SSL website, well known public servers, etc.

Re:Root servers?

[gclef]

That's not the point...the update requests you get from the "selected" ones: how do you know those are right? You don't. You're choosing to trust that select few. In this case, also, F, I, and J.root-servers.net are anycast...meaning that the IP you're trusting actually appears in multiple places at the same time, one of which is in China.

Better question: How do you know that the i.root-servers.net system that you're talking to is not the one in China?

Re:Root servers?

[xnpu]

Because your ISP hired a lazy ass admin, that's why. Run your own DNS, remove the Chinese root servers from it. Problem solved.

Re:Root servers?

There are 'behind the back' measures to accomplish validation, but I believe his point is they aren't 'built-in' to DNS or even DNSSEC at a fundamental level.

Re:Root servers?

Why do you focus on the Chinese? DNS tampering is a world-wide habit. Some countries have laws compelling ISPs to manipulate DNS. Commercial DNS manipulation is almost the norm, not the exception. DNSSEC is going to solve both of these problems (and more).

Re:Root servers?

[by+(1706743)]

...has no way to validate that the glue is the legit...glue. And so they will become poisoned.

Well, alcohol is a "poison" too, but I don't see you ranting about non-legit beer (Keystone, Natty, etc.)...

Re:Root servers?

[Jah-Wren+Ryel]

Because DNS is fundamentally insecure and there is no way to secure it without a re-write from the ground up. DNSSEC is a bandaid with a limited window of effectiveness. Ultimately, a cache receiving root glue has no way to validate that the glue is the legit root glue. And so they will become poisoned.

So, you are saying that DNS ought to mean Do Not Sniff glue?

Re:Root servers?

[Peeteriz]

Have someone that you trust sign the root data - it can be ICANN, it can be some other organization like FSF or ACLU or whomever you like, it can be any random individual that happens to have your trust and is willing to do the signing periodically.

Re:Root servers?

[kindbud]

There are many ways to validate the data, including verifying against an SSL website, well known public servers, etc.

And how do you get the IP address of this SSL web server? You must look up the domain in DNS. SSL certificates are tied to the domain, not the IP address. If you must use a service you don't trust to get the crypto tokens that allow you to trust it, you cannot trust it.

We have a way to address this (at least, mostly)

[autocracy]

DNSSEC. Get on it.

Wikileaks...

[orphiuchus]

Isn't this a more deserving target than the US? Oh wait, they would immediate assassinate you if you leaked any of their information. Better keep going after the guys who don't fight back.

Re:Wikileaks...

The Chinese have largely had cynical resignation and morbid sense of humor about their government for millennia. Most of them just aren't driven to do such things, or even feel that it has any lasting positive impact in the end.. since there are always winners and losers and winners need losers. (paraphrasing, this is a core concept of Confucianism, and of older indigenous beliefs)

Regarding Wikileaks.. If they get it, they'll publish it. They are not a spy agency. They solicit leaks from outsiders and use what they get.

Re:Wikileaks...

[xnpu]

Wikileaks is a government operation. China is well aware of that. Just like (if you did read Wikileaks) the US was well aware of China's attack on Google but chose not to tell anyone. China and US are on much better foot that you think, the theater is just for the populace.

And ?

[unity100]

u.s. just grabbed 12 domain names, on the whim of some private interests inside usa. not only that they dropped an 'for other purposes' clause, in the bill/whatever that is going to allow them to do more.

'for other purposes'. you can even put 'daydreaming' in it, and legally grap domains that help people daydream.

Re:And ?

[nbossett]

There's a difference between:
having a legal fight over who owns abc.com
and
deliberately misleading people and pretending to be/own abc.com

There can be abuses of either system, but rerouting traffic on the sly is potentially more dangerous to users than openly seizing a domain name.

Re:And ?

[erroneus]

This case wasn't about one site pretending to be another. These were domain names allegedly used in copyright infringement activities. Domains used by others for typo-squatting is usually done through the courts system quite successfully.

Re:And ?

There is a difference between something that is already done and something that might possibly happen.

United States DNS Tampering a Realer Threat

The United States government has already stolen domain names without due process. They don't even have jurisdiction over some of them.

http://yro.slashdot.org/story/10/11/27/1910232/DHS-Seizes-75-Domain-Names

Re:United States DNS Tampering a Realer Threat

[jbonomi]

They have jurisdiction over all of those, actually. Not necessarily the server/data, but certainly the .com and .net domains.

peter's wolf...

[X0563511]

At what point are we going to get sick enough of this garbage to just completely segregate China from the rest of the internet?

Re:peter's wolf...

[mr_lizard13]

Who is "we"?

You're speaking on behalf of a western nation I assume?

Re:peter's wolf...

Same time we get tired of the US pulling the same shit: apparently, never.

Re:peter's wolf...

[X0563511]

No, I'm speaking on behalf of everyone that isn't China.

You should read what I wrote, not the words that you assume are between the lines.

Re:peter's wolf...

[shoehornjob]

Well that would cetainly deter them from hacking our computers and stealing state and industrial secrets.

Re:peter's wolf...

You realize then that we would also need to segregate out Turkey, Brazil, Pakistan, Thailand, heck many others who either actively do or recently have been blocking "offensive" (to some government wanker) material.

Re:peter's wolf...

[mr_lizard13]

And you shouldn't assume the rest of the world thinks what you think.

Last time I checked, China only caused pain and suffering to it's own citizens, not those of other nations.

There's a ton of other countries that inflict genocide on other countries' citizens without batting an eyelid.

USA and UK, I'm looking at you. How about "we" segregate those countries from the rest of the world.

Re:peter's wolf...

I agree. We need a threshold of accountability at some point.

If China does, (and they do), play games with the world's traffic...

There needs to be a consequence at SOME designated line @ sand.

Re:peter's wolf...

[X0563511]

There's a large difference between censoring what goes in or out, and manipulating the system so things that were not intended to go in do so (supposedly for intelligence gathering)

Made in China

...I noticed a lot of DNS reponses had these black-on-gold Made in China stickers on them!

right now..

China almost looks free compared to the nazi regime USA is trying to have on the web, randomly yanking dominas(70+ recently) because american business interests were supposedly suffering. ..

DNSSec?

[Kamamura]

Why do we have it then? AFAIK root zone was signed in May, so just don't send those super secret root zone KSKs to red commies and every validating resolver is safe!

Hooray for advanced protocol beating the red threat back!

Re:DNSSec?

[just_another_sean]

If China has the legitimate* right to host three replicas of the root servers they would need the KSKs, no?

Which in my mind would lead to more potential for abuse as even the technical among us think "It's OK, I'm using DNSSEC!".

* which according TFA they do now...

Definitive/Caching/Chinese

[RichMan]

So do we need a new way of describing DNS servers ?
We also probably also need a new way of describing DNS entries so you can tell the difference between an actual DNS for a site and a DNS for an edge caching site.

Re:Definitive/Caching/Chinese

[ADRA]

How? How many clients will actually work their way up the chain to resolve against the hosted DNS server? That makes any initial engagement with raw (or cache expired) domains much slower. For a web site that is a looking for drive by service, this would be less appealing than say going to a Google derived alternative which is always well buried in cache. If you really want is a way of verifying that the upstream data source isn't tampered with, and I'm sorry but that's not going to happen, at least not on a root server level.

After reading the article, its still entirely unclear. There's a person referred only as Zmijewski who is never given context at all in the story. Their talk points are half the story and you don't even have the wit to say who the person is.

Going back to the original US document, it seems the Chinese root server was erroneously sending censored responses to non-chinese IP blocks and was for a while pulled of its authority until the problem was resolved. As bad as national censorship can be, I suppose its acceptable to be able to pull the cord on issues of the sort. After all the news of having the US seize domains, is it really worth noting a bug in the great firewall's DNS processing that was fixed months ago?

Re:Definitive/Caching/Chinese

[Todd+Knarr]

DNSSEC. If the root-zone keys are distributed through an independent channel (ie. downloaded from ICANN and loaded into the local resolver/server software configuration), then even running a root DNS server won't let you forge responses for any part of the DNS tree you don't actually control (ie. have the private keys to generate new signatures for).

I am safe...

[Kamamura]

... I use the fantastic, free OpenDNS, and I have set resolv.conf to ns1.opendns.ch and ns2.opendns.ch years ago... crap! John, tear the wire from the wall, fast!

Re:I am safe...

[psyclone]

No, you are not safe. It is trivial for someone between you and ns*.opendns.ch to intercept the DNS response and modify it.

Only DNSSEC can save you here.

Re:I am safe...

[Thinine]

Actually, OpenDNS is supporting a DNSSEC alternative, DNSCurve, which gives many of the same benefits, including the preventions of MitM attacks.

Re:I am safe...

[psyclone]

DNSCurve looks pretty sweet; especially how it encrypts packets, instead of just signing them (like DNSSEC). Hiding the query and response seems very useful to avoid prying eyes.

US DNS Tampering a Real Threat To Outsiders

[mlawrence]

Just this past week the US government seized 75+ domains without any notice. Is this any different?

Re:US DNS Tampering a Real Threat To Outsiders

The US took domains under US law. Chinese DNS poisoning is afflicting unrelated parties.

Re:US DNS Tampering a Real Threat To Outsiders

[Antisyzygy]

Its quite a bit different. China is attempting to control the internet, most likely for use as propaganda and as leverage in a cyber conflict. The DHS is being used by special interest groups to enforce IP law.

Re:US DNS Tampering a Real Threat To Outsiders

That was as the .com level not at the . level. The US has not redirected .com somewhere else....

Re:US DNS Tampering a Real Threat To Outsiders

Same thing.
The US disabled domains under US law, the Chinese disable domains under Chinese law.
What is your point exactly?

Or are you somewhat delusional to think that the US is the center of the universe I wonder...
What the US did affects unrelated parties, namely THE REST OF THE WORLD!

Re:US DNS Tampering a Real Threat To Outsiders

Its quite a bit different. China is attempting to control the internet, most likely for use as propaganda and as leverage in a cyber conflict. The DHS is being used by special interest groups to enforce IP law.

Please explain the difference between propaganda and intellectual property.

Re:US DNS Tampering a Real Threat To Outsiders

that sites operated by us citizens, hosted on servers located on US soil are subject to US law.

If the chinese tamper with DNS requests there is the very real, very illegal possibility of a computer outside of chinese juristiction requesting the address of server which is also outside of chinese juristiction getting redirected. see the difference?

Re:US DNS Tampering a Real Threat To Outsiders

[Monkeedude1212]

Okay - then which is worse?

I mean I am not condoning everything the Chinese do but nationalism isn't always a bad thing and there wouldn't BE a cyber conflict without the US. Essentially what you've got is 1 country attacking another country and you've got 1 country attacking it's own citizens. Which is which and which is worse?

Re:US DNS Tampering a Real Threat To Outsiders

[X0563511]

SOMEONE has a fucking clue!?!?

(go figure it's an AC)

Re:US DNS Tampering a Real Threat To Outsiders

[Antisyzygy]

Both are bad, but neither excuses the other.

Re:US DNS Tampering a Real Threat To Outsiders

[metrix007]

What has being an AC got do do with anything?

Re:US DNS Tampering a Real Threat To Outsiders

Good point. I did not think of that. I generally don't think of websites as tied to a specific jurisdiction. Guess I want to live in denial when it comes to regulating the internet:).

My only worry is that this is a test case to possibly drive an alternate agenda.
I notice that one of the sites was a torrent link portal, hidden inbetween the fake Prada bag store domains and what not.

It will be interesting to see where this goes over the next couple of months.

Re:US DNS Tampering a Real Threat To Outsiders

[jbonomi]

Please explain the difference between makeup and cinnamon rolls.

Re:US DNS Tampering a Real Threat To Outsiders

[yuhong]

And the US is just trying to suppress illegal content, while China is actually trying to censor criticism. The latter is IMO much worse.

Re:US DNS Tampering a Real Threat To Outsiders

[0123456]

And the US is just trying to suppress illegal content, while China is actually trying to censor criticism. The latter is IMO much worse.

But, uh, criticisim _is_ 'illegal content' in China.

Re:US DNS Tampering a Real Threat To Outsiders

[Husgaard]

IMHO a fine example of the difference between communism and fascism.

Re:US DNS Tampering a Real Threat To Outsiders

[erroneus]

"Illegal" is a word whose meaning is quite relative. It also leads to discussion about whether or not a law is just even if the law itself is plain. Enforcing a "whites only" bathroom law might be an easy to appreciate law that is unjust. Many people hold that copyright law in the U.S. is unjust and I certainly support that. (I wouldn't download stuff nearly as much if content from 14 years ago actually went into the public domain -- I'd be busy being all retro in my downloads) But that's not how it is -- the copyright industry bought the laws that make things that should be legal illegal.

Re:US DNS Tampering a Real Threat To Outsiders

For the love of $SACREDCOW, is it possible to discuss the problems of one country without bringing up the problems of some other country? It is possible for two countries to be equally wrong in their action without their actions negating each other.

Re:US DNS Tampering a Real Threat To Outsiders

[wynterwynd]

Touche.

I think the term "illegal" isn't the right one to use. Which one is more immoral is probably more accurate.

One country is revoking DNS service for a relatively small list of sites when its investigations show these sites violate that nation's (and in some cases international) trade or copyright laws. These sites are shut down without due process or prior notification. There is fear that if unchecked, this power could be extended to remove ideas that are unwelcome to those in control of these mechanisms.

Evil, yes. But our own brand of evil, evil that benefits our own subtly neo-feudal power structure and shores up the foundations of our capitalist economic structure. It does this by directly preventing the operation of some who seek to circumvent established monetary contribution channels for intellectual and real property holders. Whether you agree with the core concept of monetizing intellectual property or not, the rules guarding it are pretty clearly and publicly defined and this action supports enforcement of those ideals. So I would say there is a potential for evil in this if taken to extremes, but by and large it mainly supports the established tenets of the nation.

Another country has been caught using the trust extended to them in the form of DNS root servers to change the information provided by these servers to prevent access with the country's political interests and restrictions on tolerated ideals. The country's agencies have been known to intercept and effectively hijack the Internet connection of an uncertain number of global users whose traffic happened to be entrusted to their equipment due to load balancing. It is not known what the intention was, the extent of the data captured was never fully understood, there was no overt manipulation or presentation of purposely deceptive information, all that is truly known is that China has a policy of strict regulation of ideas of its people and that a great potential for harm exists if the country chose to pursue it.

This is evil, but it is evil defined by ideals that happen to be antithetical to our core belief structure. Looked at (mostly) objectively, this has the ring to me of something that was a toe in the water or groundwork laid towards true purposeful evil, but in and of itself was not deliberately harmful. Everyone can point to how bad it COULD be, but nobody can clearly define how bad it actually was. Policing the exploration of ideas is widely considered to be much more evil than policing the exploitation of others' ideas, however one of the core principles of said nation is enforced unity of ideals and purpose. So I would say there is a large potential for evil in this if taken to extremes, but it mainly supports the established tenets of the nation.

So I would say when looked at this way that both countries are nearly as morally in the wrong, but that our level of perceived "transparency" in the process is greater in that we are told a version of what is going on and then can vent our frustrations by complaining about it. With China there is a long history of secrecy, double dealings, and heavy spin, so there's the same level of abuse potential combined with MUCH greater levels of mistrust due to the lack of transparency. The actions were essentially the same, only the methods were different. Whether that means we're more honorable or just more subtle than China, I'll let you decide.

Re:US DNS Tampering a Real Threat To Outsiders

[Antisyzygy]

I did actually read your whole post. Either way you swing it its the rich/powerful controlling the lesser classes. In China, the higher-ups in the party want to control the workers otherwise they lose their status and benefits. In China, I would bet career politicians have opulent lifestyles far surpassing the average worker. Here in the US you have huge disparities in wealth whereby 10 percent of the population controls 70 percent of the wealth. Furthermore, In the US you have career politicians that get handouts from lobby groups (controlled by the rich) and essentially have a revolving door with executive positions in industry and media. Perhaps in the US we live better than the average Chinese worker, but the sad fact remains, no matter where you are, the wealthy have greater access to government as well as greater influence in government and thus bias 90 percent of the benefits of their society for themselves.

Re:US DNS Tampering a Real Threat To Outsiders

[Antisyzygy]

I wouldn't call the US fascist. Its more of an Oligarchy.

Re:US DNS Tampering a Real Threat To Outsiders

eh, "China is attempting to control the internet, most likely for use as propaganda and as leverage in a cyber conflict"
and what difference is there to the US administration ?

Re:US DNS Tampering a Real Threat To Outsiders

Morality in my view is something that's trained into you.

I prefer ethics (a sense of right and wrong that a thinking person works out for himself), and I think that's what you really mean.

Otherwise, spot on.

Re:US DNS Tampering a Real Threat To Outsiders

Or are you somewhat delusional to think that the US is the center of the universe I wonder...

To be fair, the US doesn't actually call itself "The Country in the Middle [of the world]".

Or do you think it's not possible that non-Chinese know what "Zhongguo" really means?

Re:US DNS Tampering a Real Threat To Outsiders

[TheLink]

Opulent lifestyles maybe, but there seems to be a bit more accountability in China.

Many top Chinese officials have been executed for corruption. Just google for: chinese official executed

In my opinion being executed is about as accountable as it gets. And certainly a lot more scary than being paid off with a golden parachute/handshake, or getting bailed out.

Someone might claim the executions are faked, but they (and their family) must be pretty good actors given their responses to the verdict. And even if so their lifestyle certainly would be drastically affected - hard to live like a king while resembling an executed official...

As for the topic, when I checked some years ago, China regularly tampered with DNS as part of censorship (related to national security I suppose).

The US DHS has tampered with DNS, not as extensively as China did, but since it's the DHS, I guess it's "national security" too?

Re:US DNS Tampering a Real Threat To Outsiders

China is attempting to control the internet, most likely for use as propaganda and as leverage in a cyber conflict. The DHS is being used by special interest groups to enforce IP law.

What the DHS did is it not a "Control" on the Internet? What is the difference of a Communist state establishing a control and a Fascist state establishing a control? Both are a control both are wrong.

Re:We have a way to address this (at least, mostly

[Kamamura]

Since Chinese control 3 of the root DNS servers, I bet they are given the root zone KSKs.. and with them, you can spoof any record.

Mod server down

[jbeaupre]

If only you could mod servers up or down, giving them some sort of reputation history. The your OS could determine a trusted anchor based on a server's "karma" and your requirements*. A system parallel to DNSSEC for apportioning, updating, and validating trust.

* yeah, I'm borrowing Slashdot terminology. But what the heck, it kind of works.

Re:Mod server down

[arachnoprobe]

* yeah, I'm borrowing Slashdot terminology. But what the heck, it kind of works.

No. I saw your comment.

Secure BGP

[Monkius]

I know of folks working currently on secure BGP. I would imagine that's part of the solution.

Re:Secure BGP

[xnpu]

BGP knows filters and communities. It's just that those need to be setup by admins, which often don't feel like doing the work and will tell you it's too complex to deal with such a large dynamic network as their.

Red vs effing Blue

[MRe_nl]

(tl;dr version)
Big Threat Internet Security
China censor Web sites and information ruling Communist Party threatening security experts warn government's censorship danger spilling China's suppressing China Chinese Tampering Communist Party danger security and freedom tampering bigger threat hijacking unexpected China's tamper bled
U.S.-China Economic and Security Review Commission hijacking incident incident.

(And when I count to three you will awaken and be VERY AFRAID).

Im confused

I thought "The Internet sees censorship as damage and routes around it."

Is that not true anymore?

Wow!

[Slutticus]

This post went from "Interesting" to "Flamebait" in 3.5 seconds!

Re:Wow!

[Monkeedude1212]

Those are pretty weird DNS names - and that's some serious latency. How many hops did it have to go through?

Re:Wow!

[mcgrew]

Looks to m like a bad mod was corrected in 3.5 seconds. I didn't like Bush and I don't care much for Obama, but comparing them to Godwin's Ghosts is indeed flamebait.

Had he omitted that last line, it would have been interesting.

Agreed on DNSSEC, but until then?

I use a "hard-coded" HOSTS file entry for my "fav" websites (like this one for example) that allows me to reach what ping'd off as "legit" @ the start of the year here, and remains so today (which is how I validate it, against the TLD that does nothing but resolve IP addresses to their correct domainname/hostname).

Additionally: This allows me to also reach them faster by not making DNS requests for them, which involves turn around response times from DNS servers, which this technique avoids said "lag"...

(Especially since 200 of my favs. are done thus in my HOSTS file, and I block out KNOWN bad sites/servers in it as well to avoid "sucking in" malscripted or other types of exploits via malevolent people)

This practice also allows me to be less "trackable" (sure, I'm still trackable by ISP/BSP, but not as easily) since I am NOT showing up on DNS request logs for my favs (where I spend a GOOD 95% of my time online each day anyhow).

Lastly, this practice also allows me to reach said sites IF my DNS servers I do use "go down" or are "misdirected" via the Kaminsky 'hack' (since they're hardcoded)... I do so, because I can't do the entire net in my HOSTS file as "hard-codes"!

Now, IF a site I like & hardcode "turns up bad" or "infected"? I get notification via the sources listed below ... and it gets blocked, even if temporarily only (& if they clean themselves up, it shows in the removal lists those sources provide too, & those sources also have "validation" screens where you can check if a site is currently "a plague ship" too - can't beat that!).

As far as DNS servers though?

Well, I use either ScrubIT DNS or OpenDNS (both are good & fast + per many DNS flaws, OpenDNS is KNOWN to "patch right away" if possible + they DO pay attention to blocking out various forms of "questionable" or "threatening" material). I also "alternate them", periodically, between those 2 (for avoiding tracking a BIT better, yes, & even from they, via DNS requests logs).

APK

P.S.=> What I do know though, is that it makes me FASTER online & SAFER TOO, by far!

My friends + family & even customers, plus others in forums I have "turned on" to this very old technique (that nowadays seems forgotten) also note it!

E.G.-> My best pal says "my online speed has DOUBLED using HOSTS files" & he used to get 200++ infestations a month (no joke) & he's down to MAYBE 2 a yr. now using HOSTS alone! We even setup his system for 8++ months without a firewall, on older Windows 2000 unpatched, & no firewall... he still had a much lower infection rate!

I also block out adbanners (sorry webmasters - I pay for my online time out of my own pocket)

I want ALL the speed I pay for, & I get a "no commercials/HBO internet" this way, much faster & safer too (since adbanners have been found w/ malicious script content in them many times the past 4-5 yrs. now no less),

This also protects myself vs. the "Kaminsky security crack" in DNS, noted above!

I also protect users & myself via HOSTS files, vs. KNOWN bad sites, via these reputable sources (others too, but here are the "bulk" of them I use to populate my HOSTS file for these purposes):

http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts

Re:Agreed on DNSSEC, but until then?

[X0563511]

The only problem with that is when IPs change. For major sites, it doesn't happen often, but when it does it may toss you through a loop.

You might find it easier (and more efficient) to just build yourself a caching nameserver and set the TTLs high (hell you can do this on the workstation itself). Couple this with your existing method if you wish, there's no reason they can't work together.

Re:Agreed on DNSSEC, but until then?

[metrix007]

I just don't get what APK's deal is. He is clearly ignorant/misinformed and surely knows better...but I don't think I have ever seen a more dedicated troll than WillyonWheels. I mean..., he has been posting this same shit for years now, slightly customizing it for each story. It must be nice to have that much free time.

Re:Agreed on DNSSEC, but until then?

[marcello_dl]

a hosts file in a git distributed repo would be a nice idea for small organizations, provides a way to safely add/update entries.

Re:Agreed on DNSSEC, but until then?

[icebraining]

Or they could just install a DNS caching server, it's not that hard. And besides the static hosts information, it would also share the DNS cache between all the clients, so if two of them accessed the same sites, it would be faster for the second client.

Debian comes with a few an aptitude install away.

Re:Agreed on DNSSEC, but until then?

[marcello_dl]

I use dnsmasq myself often. I thought that people in organizations that fear government censorship are better with a hosts file on each computer than with a number of dns caches. The response can still be spoofed or the servers DoSed. Git can do signed commits and updates over ssh.
Also one could exploit virtual hosting configuration and gave a server that returns normal content if accessed through its normal domain, and special content if accessed through an entry in the hosts file (good against casual surfers and bots, useless against a determined attack)

Re:Agreed on DNSSEC, but until then?

[icebraining]

I was thinking of a DNS server in-LAN, not geographically distributed. In that case, I agree that a hosts file is more robust.

Re:Agreed on DNSSEC, but until then?

dnsmasq has had a rather poor track record, I wouldn't be surprised if there are still some exploits left in it. It makes BIND9 look good in comparison.

Just take a look at the source code of both.

WTF happened this weekend?

[GPLDAN]

To Comcast?

http://news.cnet.com/8301-1023_3-20023949-93.html


Because I can damn well tell you that spilled over into other New England area networks, including the SAVVIS and Cogent networks in Boston area. Comcast says their DNS system failed, so how the fuck does a DNS attack knock out all the peering/routing/IP transport up there?

That whole thing smells bad, and I wonder if anyone knows the truth about wtf happened.

Re:WTF happened this weekend?

From my previous experience with Comcast, sounds like typical service level. I don't see anything sinister, just typical Comcast service quality.

They had improved in the past year or so, but it used to happen at least twice a year.

Re:We have a way to address this (at least, mostly

[PiSkyHi]

Not only that, but they intercept requests made to external DNSs as well - altering the results before arriving at your PC in China.

Porn!

[toastar]

NOO!!!

I don't want some red china man stealing all my porn!
They might start Blurring it on the fly!!!

Re:Porn!

[xnpu]

Eh. Many porn sites were unblocked months ago and still are. I don't notice any blurring here.

Whitelisting

[iamsolidsnk]

Wouldn't whitelisting known good IPs of frequent internet destinations within your hosts.conf (or equivalent) file provide at least moderate protection against IP hijacking?

Thanks to Cisco..

[formfeed]

..for providing the technology that makes it possible to censor, track, and imprison.

Re:Thanks to Cisco..

[xnpu]

Thanks to the American people for allowing their government and corporations to participate in these deals. Did you call your ISP and complain about their use of a company that actively participates in subjecting over a billion people to heavy censorship? I didn't think so.

DNS shall not be abridged

[snsh]

In the USA, DNS needs to be woven into the first amendment as one of those things the government shall not fuck with, but I doubt the Roberts court will see it that way.

Re:We have a way to address this (at least, mostly

[TheRaven64]

Why would they be given the keys? Surely they'd just be given the signed root zone file - it's not like it changes very often.

Solution: de-root them

[theNAM666]

Someone's already said this too, but it seems obvious. Don't trust the Politburo. Simple. Don't trust a root server run by the Politburo. Then implement DNSSec. :)

Re:We have a way to address this (at least, mostly

Actually, no, the Root server operators do not need access to the private key used for key-signing. They only get a copy of the root zones, all signed ahead of time.

DNSSEC would solve this from a mis-information stand-point. It doesn't stop it from a DoS attack (just not answering, or even answering with bogus DNSSEC replies, which the DNS resolver will discard, but the end result is that you don't get your query answered).

Remove the ability of countries to censor the web

[jack2000]

Tell me, why is it still possible for private parties to change things like this on a whim?
There needs to be a system where if the domain record returned from a dns server differs from the ones returned by say 4 others is different, it is discarded and the record returned by the 4 dns servers is used.

No.

The root zone is distributed already signed to everybody. It is signed using special hardware in the US. Look up on the key signing cerimony to see the details.

This is just about lazy admins.

[xnpu]

Since when are you obligated to use the Chinese root servers? And have you heard of DNSSEC? This is really just an issue of lazy admins. Same story with the root SSL certificates browsers ship with that include a lot of questionable organizations and governments. You are free to remove them, and no, it's not hard. The BGP hijack was no different. Carriers that have their shit organized have their filters configured and would not participate in the hijack.

so ?

[unity100]

difference ? chinese pretend to be abc com for their own aims, usa 'legally' grabs domains pretending to anyone worldwide, for their own aims. not to mention that, it makes the law that legalizes it.

Re:Remove the ability of countries to censor the w

[0123456]

Tell me, why is it still possible for private parties to change things like this on a whim?

Uh, this isn't a 'private party', it's the Chinese government. DNS generally worked fine when it was controlled by 'private parties' and governments weren't meddling with it.

Re:Solution: de-root them

[xnpu]

De-root is a useless measure. You don't trust China, someone else doesn't trust some other country hosting a root. DNSSec is the only acceptable solution currently available.

Also it's a little naive to think that Chinese cyberspace ends at it's physical borders. China's telco's have controlling stakes in many foreign communications companies as well. Not to mention lots of western ISP's are installing Huawai equipment, etc, etc.

You're off topic & trolling (step inside)... a

TL:DR metrix007 for Off topic trolling.

"It must be nice to have that much free time." - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

I post what works, point-blank man. As to free time? I have as much as the next guy does (and my home, car, & all else is FULLY paid up/I am the "clear-title" owner also, so, I am fortunate enough to not have to work 2-3 jobs to make ends meet is all - I wonder, can YOU say the same?).

---

"I just don't get what APK's deal is." - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

We know what yours is, because you don't even SAY what you feel it is I am "doing wrong", first of all.

Secondly? Well, you can read my 1st post, and get an idea (as far as how I use HOSTS files), provided you can read (but it's pretty clear you are just trolling).

---

"He is clearly ignorant/misinformed" - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

Well, to that? I can only say, the day you've done more & better (& earlier) than I have in the field of computing:

---

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

Lastly, lately (this year)?

It's also been myself helping out the folks at the UltraDefrag64 project (a 64-bit defragger for Windows), in showing them how to do Process Priority Control @ the GUI usermode/ring 3/rpl 3 level in their program (good one too), & being credited for it by their lead dev & his team... see here -> http://ultradefrag.sourceforge.net/handbook/Credits.html

----

What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):

"But by the grace of God I am what I am: and his grace which was bestowed upon me was not in vain; but I labored more abundantly than they all: yet not I, but the grace of God which was with me." - Corinthians Chapter 10, Verse 10

Re:Remove the ability of countries to censor the w

[xnpu]

Nice idea, but this doesn't help one bit if the censorship is done close to home. E.g. on "my" network I intercept DNS and have my name server send the reply. It doesn't matter if the users are talking to Google DNS, OpenDNS or some other service, it's always my DNS server that replies. DNS is extremely easy to intercept and spoof.

Cut China off

[kheldan]

If you were found to be tampering with DNS, at the very least you'd have your internet service cut off, at worst you'd be arrested. The equivalent of "arresting" China would be called "World War III" and that's not going to happen (yet). We can, however, cut them off from the rest of the internet, can't we? Why haven't we? They refuse to behave, they don't own the internet (nobody does and everybody does, really), they don't have the right to do this. Cut them off until they learn to behave. Besides, to hear them talk, they'd probably prefer being cut off from the rest of the world so they can literally force their citizens to use only the sites the State wants them to.

Re:Cut China off

[xnpu]

It wouldn't net a China-cutoff. It would be a net-split.

Re:Cut China off

[GPLHost-Thomas]

I'm a French guy living in China, and married with a Chinese, and all what I earn for a living comes from the net. To such a comment, I have only one thing to answer: go to hell, with your "recommendations". How about we do a global embargo on USA (not only on Internet) because you guys think you own the planet and make endless wars? They don't have the right to do this. Let's cut them until they learn how to behave.

Re:Cut China off

[kheldan]

married with a Chinese

Yeah, I'm sure she's real proud of the high regard you hold her in, referring to her in such a manner. Do you fondly refer to her in casual conversation as "my slant-eyed sweetie"?
Also, you're French, your whole country hates us, so I'm supposed to listen to you why?
By the way, how are those rapant human rights violations sitting with you, friend? You're living there and married to someone of Chinese ancestry, you might just be as OK with those as you apparently are with every other crappy thing that the Chinese government and military keeps doing. I may not be as proud to be an American as I once used to be, but I don't see where you have a single leg to stand on so far as defending China against this or any other crimes against the rest of the world they've committed.

Re:Cut China off

[GPLHost-Thomas]

What a jerk. Not only you are insulting and racist, but you didn't even car reading what I wrote. Where exactly did you see that I was proud of what the Chinese gov. is doing? All what I was thinking is that there's no reason to add more crap to what we have already from the gov. I was also only returning the compliment you had, to see your reaction. Clearly, you don't like reading them, so why people living in China would?
Lucky, I know a few Americans that aren't like you.

You skimmed (I do a PING validate)... apk

A quote from the VERY START of my init. post here on HOSTS files you replied to:

I use a "hard-coded" HOSTS file entry for my "fav" websites (like this one for example) that allows me to reach what ping'd off as "legit" @ the start of the year here, and remains so today (which is how I validate it, against the TLD that does nothing but resolve IP addresses to their correct domainname/hostname).

(NOTE THE BOLDED PART & MY SUBJECT LINE PLEASE, thanks!)

Ping? It's your friend!

APK

P.S.=> You're not trolling though, I think you just 'skimmed' & missed the PING part (as well as the DNS servers I use, especially OpenDNS - it was "THE FIRST" to make patches for which Dan Kaminsky found errors in DNS servers for in fact):

"You might find it easier (and more efficient) to just build yourself a caching nameserver and set the TTLs high (hell you can do this on the workstation itself). Couple this with your existing method if you wish, there's no reason they can't work together." - by X0563511 (793323) on Monday November 29, @01:52PM (#34377330) Homepage

I think that due to Dan Kaminsky's findings on DNS servers being exploitable (easily & by anyone via port 53 "enmasse sends" of incorrect info. for domain/host name resolves to IP addresses being 'spoofable') should be reason WHY I don't use one... too easy to "redirect"...

In fact, even SECUNIA.COM got "hit" that way this week -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

The problem? YOU GUESSED IT - the "Kaminsky FLAW" in DNS! Being exploited right there, this week!

(And those guys? They're SECURITY PROS - there is no real defense vs. that weakness in DNS servers... especially if set into "recursive mode")

Additionally - not only are DNS servers "weak", but they eat up CPU cycles I don't need to be using up on something I truly do NOT need!

However, since HOSTS files are the 1st thing your system looks to for resolving IP-hostname/domainname resolutions? Yes, you can have HOSTS & DNS work together, even locally, just fine! It's just as waste of resources to me is all... this isn't a server I am using here, nor do I use AD (heavy dependency on DNS in ANY directory services system pretty much is why)...apk

Good man but, HOSTS need updating... apk

Just like antivirus &/or antispyware do... which is the "why" of why I posted where I get some of my information from valid & reputable sites for doing the updating of my HOSTS file (that & a custom Win32 app I wrote in Delphi? Makes it short work... around 20-30 minutes of my day, every day!).

And you're right: It works. Especially for tinier places... every workstation I'd ever put it on of TONS of them in the workplace tends to stay A LOT CLEANER than others without it (an experiment that both myself & my network admins on an AD network have been doing in fact on the job!).

It works, more speed, and better "layered security" (which IS "the way" @ present - multiple layers of "armor as defense").

APK

P.S.=> However - Putting a CUSTOMIZED hosts into a distro (hosts come in Linux, and heck, even ANDROID (I mounted the system read/write & did a PULL/PUSH via ADB, & copied in my HUGE hosts into ANDROID two days ago, works like a DREAM, once I "pushed" it to the production distro via the ADB SDK toolkit that is!)?

Well - It'd be out of date, fast (unless you go to mvps.org once a month etc. to update - they're another bunch of fellows that do as I do, because it works (just as you said))... apk

Re:We have a way to address this (at least, mostly

[autocracy]

Root servers point to top-level domains. com, net, org, cn, us, uk... these would all have their own keys. China would only have access to one of those. As pointed out by others, the roots are pre-signed and just passed around for mirroring.

This doesn't prevent China from doing various nuisance activities such as replying with unresolvable, bogus unsigned answers, or bogus answers with wrong signers. That said, you'd at least have some level of verification available that a DNSSEC signed answer is appropriate, and you could ignore anything but.

Imposter APK is trolling...step aside...

The above is a troll...a clever troll no doubt but a troll none the less.

I have come to realize that using an extensive-to-the-point-of-absurdity hosts file in place of or in addition to abstracted protections such as a decent firewall, NoScript, staying patched, not running as admin and perhaps an AV or Malware scanner is simply a waste of time not worth the benefit.

I do apologize for all my previous hosts file trolling nonsense and admit it was out of ignorance and being starved for attention. You have my word I will stop. Anyone else posting hosts file nonsense is not me, but someone impersonating me such as the above troll because I live on as an immortal meme, just like Kanye.

APK

P.S.=> Above all else though, I know I was wrong and that the fact I was once modded insightful for pointing out how Vista handles Hosts files differently to XP did nothing to legitimize my crazy ramblings.

ridiculous.

It is very funny to read such bs from people that don't even know how root zone is distributed and monitored. And what do they offer? Maybe we should gather all root servers under control of the US, so it would be easier for DHS to start stealing not only gtld based domains, but all other domains in cctld zones? No, thanks.

Point taken, but I addressed it here already...

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34378254

See near the bottom of that thread, we got into this here already!

Still, yes: You CAN use both a DNS server and HOSTS, no problem...

However, due to the Kaminsky flaw in DNS (especially if the DNS server is in recursive mode) and the fact you're burning CPU cycles & RAM on something you do NOT truly, REALLY need when you have a decent HOSTS file in place?

Why bother??

I also recall that DJBDNS was allegedly "invulnerable", & what happened? Dan J. Bernstein had to payout $10,000 for others that found flaws in it... nearly right after he posted his "reward" (he was honorable though - he paid up fast!).

They did he a favor, they pointed out holes in his supposedly "bug free & bulletproof" DNS server program...

Problem is? It's a PROGRAM, like any DNS server is! Hosts, by way of comparison however?

HOSTS are just a file & one you already have, and you have complete control of them for editing & securing them (Read Only, or MAC/ACL in NIX/Windows) plus updating them, yourself, via a text editor (which anyone can use).

APK

P.S.=> Plus, there's always OpenDNS or ScrubIT (they're known as fast fixers of DNS flaws (I cover that in that URL above - OpenDNS was the first to respond and fix that Kaminsky found before in fact)) too, for "end users"... they're fast, good, and well maintained! apk

Billions and billions...

[TiggertheMad]

If only you could mod servers up or down, giving them some sort of reputation history. The your OS could determine a trusted anchor based on a server's "karma" and your requirements*. A system parallel to DNSSEC for apportioning, updating, and validating trust.

Doesn't china have like, 1.2 billion people? If all the people in china mod up the Chinese DNS servers, and a the people in the US mod them down, I'm pretty sure they will still have a pretty good score...

Discourse...

[WSOGMM]

Hmmm...

The general public:

"What's net neutrality? Meh, I don't care... WAIT, The Communist Party can censor and limit the information I receive?? BLASPHEMY. MAKE THE INTERNET FREE AND UNTAINTED BY CENSORSHIP!! RALLY RALLY RALLY!"

Ha. Slashdot: 1, Stupids: 0. ;)

8.8.8.8

[dargaud]

Easy to remember

From Mr. Oliver Day of SECURITYFOCUS.COM... apk

http://www.securityfocus.com/columnists/491

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, from my initial & subsequent posts here in this very exchange no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially).

In fact, even SECUNIA.COM got "hit" that way this week -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

The problem? YOU GUESSED IT - the "Kaminsky FLAW" in DNS! Being exploited right there, this week!

(And those guys? They're SECURITY PROS - there is no real defense vs. that weakness in DNS servers... especially if set into "recursive mode")

Additionally - not only are DNS servers "weak", but they eat up CPU cycles I don't need to be using up on something I truly do NOT need!

---

"Malware writers in particular started using it heavily to block all communications with antivirus and patch servers. Others used it as a way to give servers nicknames that are frequently used."

Which is WHY I put up the list of sources I use to populate my hosts file daily, vs. EXACTLY that quote above, & guess what? IT WORKS! I can't get burned if I don't go into a "malware kitchen"... to block out KNOWN compromised or infected sites, AND to make sure I get going where I am going reliably (and the file is protected via not only READ only attribs here, but also ACL protections).

---

(Need more? Just ask & "ye shall receive" - that's only a SMALL sampling of what I could put up in favor of HOSTS files over DNS servers lately, & even browser addons like AdBlock (which cannot speed you up in as many ways as a hosts file, and is stuck to only what? 1 browser type (FF), & is a program & thus subject to bugs, and doesn't cover EVERY webbound app for speed & security the way a HOSTS files can & does!).

That's just a tidbit for your to chew on troll.

APK

P.S.=> Of course, you could also go to mvps.org & see their forums and try to debate them on HOSTS files too, metrix007... GOOD LUCK - you'll need it, & just as you would vs. that "tidbit" from a security pro above!

(Whi

Re:From Mr. Oliver Day of SECURITYFOCUS.COM... apk

For goodness sake, ignore APK's posts, replying only encourages him, and he is a moron of the highest order.

IMPERSONATING ME NOW? Please...

"The above is a troll...a clever troll no doubt but a troll none the less. I have come to realize that using an extensive-to-the-point-of-absurdity hosts file in place of or in addition to abstracted protections such as a decent firewall, NoScript, staying patched, not running as admin and perhaps an AV or Malware scanner is simply a waste of time not worth the benefit. I do apologize for all my previous hosts file trolling nonsense and admit it was out of ignorance and being starved for attention. You have my word I will stop. Anyone else posting hosts file nonsense is not me, but someone impersonating me such as the above troll because I live on as an immortal meme, just like Kanye. APK
P.S.=> Above all else though, I know I was wrong and that the fact I was once modded insightful for pointing out how Vista handles Hosts files differently to XP did nothing to legitimize my crazy ramblings." - by Anonymous Coward on Monday November 29, @03:07PM (#34378446)

You can stop impersonating me now, metrix007 - you're a troll and now everyone knows it. Do you think everyone will believe that was ME? Once they see my replies to they, they'll know otherwise.

You though? Yea, well, "somehow" I think I hit you RIGHT ON THE HEAD, in my thinking you're a disgrunted malware maker who knows HOSTS files put a HUGE DENT in your heinous activities by protecting users who are aware of them.

(Call it a "hunch" - because just as Mr. Oliver Day knows (see URL)? So do I, as does anyone that realizes the myriad of benefits for speed & security that HOSTS files can give a user!)

APK

P.S.=> This ought to "do you in" as well as anything else I can say, & it comes from a RESPECTED SECURITY PRO from SecurityFocus.com:

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34379040

Man - lol, I suppose I can say this now (the trolls are attempting to "impersonate me" here now, not a first):

"IMITATION IS THE SINCEREST FORM OF FLATTERY"

Only thing is, you have to do a better job of it, I'll spot it you know! Lmao... hilarious! Funny part is the captcha for me now is "pretends"... very ironic!

I don't think others will believe you metrix007... especially after all my other posts, & directed YOUR way? See Mr. Oliver Day's A RETURN TO THE KILLFILE" article.

apk

Re:We have a way to address this (at least, mostly

So ditch the 3 Chinese root servers from your root.hints file if you don't trust them? Better yet, use your edge firewall to proxy them in round-robin fashion onto the other half-dozen root servers?

Small "addendum" here (ping AND WHOIS)... apk

Sorry, I neglected HOW I "double validate" sites IP addresses here (I did say PING, but I omitted WHOIS here -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34378254

APK

Re:We have a way to address this (at least, mostly

[slick7]

Since Chinese control 3 of the root DNS servers, I bet they are given the root zone KSKs.. and with them, you can spoof any record.

Let me see...1.5 billion Chinese or the rest of the planet. Who would you not want to piss off?

Agreed, I trust Google more than China

[lullabud]

I've had so many DNS problems in Asia (not China) and 8.8.8.8 solved them all. It was such a problem while I was there that I'd log into any default password routers in the hotels I stayed at and change their configs to that.

On top of that, since China is responsible for hacking Google earlier this year, Google will be taking special care to make sure their services will be protected from future attacks, and thus will likely fortify their DNS against root hijacking.

Good job to you, that's "layered security"!

"I use dnsmasq myself often. I thought that people in organizations that fear government censorship are better with a hosts file on each computer than with a number of dns caches. The response can still be spoofed or the servers DoSed. Git can do signed commits and updates over ssh. Also one could exploit virtual hosting configuration and gave a server that returns normal content if accessed through its normal domain, and special content if accessed through an entry in the hosts file (good against casual surfers and bots, useless against a determined attack)" - by marcello_dl (667940) on Monday November 29, @03:20PM (#34378624) Homepage

Per my subject-line above? Marcello, you're using the "BEST WAY" to secure yourself - you're using MULTIPLE layers of defense (that speed you up also), otherwise called "layered security".

I covered the DNS "kaminsky" flaw in my responses here, and it's good to see you are AWARE of it, & how it works (e.g./i.e.-> Enmasse spoofing of DNS replies to main & subordinate ones in recursive mode - too bad DNS was written to "accept the first answer", because THAT is "the problem" - that, along with proliferation to subordinates beneath any affected/bushwhacked servers - takes time!).

Now, on the Windows DNS clientcache:

The DNS local caching client has a problem (limited size queue, thank goodness turning it off allows the local diskcache kernel mode subsystem to CACHE the HOSTS file content, & if it doesn't change/get marked dirty? No problem: You STILL have reads/re-reads @ RAM speed that way if you turn off the DNS client cache service in Windows!)

See - they note it here @ mvps.org -> http://www.mvps.org/winhelp2002/hosts.htm and in Windows? IF You use a relatively "largish" custom HOSTS file? You MUST turn it off!

(I pointed that out to Foredecker, an MS senior mgt. figure who posts here and yes, who conceded other problems I have found in HOSTS also, here -> # http://slashdot.org/comments.pl?sid=1467692&cid=30384918 and here at MS -> http://blogs.msdn.com/b/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx?CommentPosted=true&PageIndex=3#comments also).

Linux? No such hassle... that's 1 thing I will give Linux, for sure/without question, over Windows.

Especially modern Windows 7 &/or VISTA per the above... it doesn't affect Windows 2000/XP/Server 2003 (where VISTA &/or Windows Server 2008 + Windows 7 won't use 0 anymore as a blocking addy, whereas Windows 2000 SP #2 onwards will up to even VISTA until MS pulled it on 12/09/2008 oddly, & 0 (vs. other blocking addys)? Hey - it's MORE EFFICIENT (since less chars to read than 127.0.0.1 by far, line by line, & also even 0.0.0.0 based blocking used in HOSTS files)).

I pointed it out, I only hope MS fixes it is all... that was YEARS ago in fact! They still have not... oh well!

APK

P.S.=> Good job though man, YOU sound as if you KNOW what you're about... which is good: Not everyone does. I suppose it's our "job" to set them straight, eh? Especially the trolling naysayers (one is even attempting to impersonate me here now, not a first (by metrix007 (200091))... I suppose though, THAT is when you know you've done a good job - when others have to resort to ad hominem attacks & trolling one, rather than disputing points I have made instead, eh?

Sorry for the delayed reply too - busy dealing with trolls & other responders here is all... apk

no news here...

[hesaigo999ca]

The fact that for a few minutes all packets were being rerouted to china and then sent back to its final destination means a good packet sniffer will give you lots of info, as well, the government now has some pretty big super computers at their disposal, as well as being the first to show ASH1 was able to be broken....it all adds up.

One thing about AD & DNS servers

One thing about AD & DNS servers (especially on an "in house LAN"): You, afaik so far from about a yr. of experiments on a LAN on the job, MUST use an AD DNS... or things like Outlook + Exchange tend to "hose up" & NOT work... just the way it goes (unless someone can show/tell me diff. & HOW (thanks, IF you can)).

I tried to direct my Windows rigs on an AD (active directory) to use OpenDNS &/or ScrubIT... didn't work out "too well" due to AD dependencies various apps & servers have working in combination!

(For reasons I noted to others here in posts replies on this subject)

Like I said above? Outlook (FULL, not "express") started "failing out"... so, I had to stick to an "in-house" DNS server.

I.E.-> You can't alter this to an external non AD DNS -> DhcpNameServer from here ( HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters ), yes, even though the entry is DHCPNAMESERVER...

(OR, you can do it "graphically" via GUI, here -> Local Area Connection (or whatever you called it) -> PROPERTIES button -> Internet Protocol Version 4 (TCP/IP) -> PROPERTIES button -> "Use the following DNS Server Addresses" (fill in the blanks - that's where I put in OpenDNS &/or ScrubIT DNS servers, vs. those from my ISP/BSP here @ home).

If any of you knows a way around that "hassle" on DHCP/DNS in an ActiveDirectory (AD setup)? Thanks!

(Yes - it's NOT dealing directly in HOSTS, they don't affect it, the DNS servers you use however, DO)

Thanks for the info., in advance...

APK

P.S.=> However, IF you want to alter the name resolution process? Look no farther than here in Windows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\ServiceProvider

Lower #'s are higher order of precedence there... MS has a GOOD solid writeup on it here too:

http://support.microsoft.com/kb/139270

(And newer ones than that also).

I.E.-> That's where you can change the order as to what is looked at, first & descending order, for hostname/domainname resolutions in Windows... you can make your DNS take precedence, IF you wish, over a HOSTS file! apk

Switch to the new root servers instead

[F.Ultra]

Simple solution is to switch to 3rd party root servers like the Telecomix ones: http://dns.telecomix.org/

So, better give the dns control to

the Somali pirates, pay them to do it and they might even stop pirating on the sea.

It is a win-win for us

Ah, yes: The trolls use ad hominem attacks.. apk

"For goodness sake, ignore APK's posts, replying only encourages him, and he is a moron of the highest order." - by Anonymous Coward on Monday November 29, @08:01PM (#34382614)

See subject-line: Very typical of you troll in using ad hominem attacks of myself (via effete name-tossing etc. on your part), rather than attacking the facts & findings of myself + respected others like Mr. Oliver Day, as regards HOSTS files.

APK

P.S.=> Better luck next time, troll... apk

DNS servers of all kinds have the "Kaminsky Flaw"

They're BOTH subject to the same problems I've been noting here though: The Kaminsky hack, and the fact you make calls to DNS servers period!

This is where a custom HOSTS file isn't subject to that, & allows you to bypass using a DNS server, altogether. So the Kaminsky flaw being used to misdirect DNS server entries (spoofing them), or even what the Chinese are doing here, is totally moot... why?

You're not doing to call out to a remote (or local) DNS server, if you already have the IPAddress-To-Host/Domain name resolved already in your local HOSTS file (and the HOSTS file gets read, first).

If you "bum rush" a DNS server service/daemon/server with a mass of false requests (as in the Kaminsky flaw), the 1st one that gets there IS the one the DNS will use: THIS IS THE PROBLEM (if said 1st reply is one that's "spoofed"/false).

You don't get that with a hardcoded HOSTS file entry.

Still - it's NOT going to hurt you, IF the hosts file entry is correct/straight, as to IP-to-DomainName/HostName resolution.

That's because the 1st thing your system reads for said IPAddress-To-Host/DomainName resolution IS the HOSTS file... I put up an article from MS regarding this in this exchange (and you CAN/COULD alter the order too, but by default? Your local HOSTS file gets read, first).

APK

P.S.=> Still, using multiple layers of this can be a good thing, but a custom HOSTS file is what can protect you here vs. the Kaminsky flaw, AND EVEN what the Chinese have done (because again - you'd never be calling out to DNS servers period IF your local custom HOSTS file has the IP-to-Domain/Host name resolutions in it - which PING &/or a WHOIS can get for you from the TLD that functions as a record of said data)... apk

metrix007, we know you use multiple reg'd accounts

and we know why you do: You never really post very much from this particular registered luser account (metrix007) of yours, but you do from your numerous other registered accounts. You collect up mod points on 1, such as you are doing now with this account, and then use those mod points to up moderate your other alternate registered luser accounts here, and you also down moderate anyone else that puts you in your place and shows you in error by use of your many registered accounts you keep here. Do you think you're fooling anybody here? Not.

Re:You're off topic & trolling (step inside)..

[metrix007]

Kid, you have no idea what you're talking about. Stop posting a link to this post behind every post I make...,really, do you have nothing better to do?

You are strongly misinformed on several points. I can't be bothered to respond to you, (i.e. feed the troll) because I don't think it would be worth my time. You're obsessed, and not interested in rational discussion. Please, stop following me.

Again: What's your specific problem w/ HOSTS files

"Kid, you have no idea what you're talking about." - by metrix007 (200091) on Monday December 06, @07:03AM (#34458496)

OK/again: Show us all where I have "no idea what I am talking about" then, & on any of the 15 or more points I put up on HOSTS files then.

Strange how you avoid doing that LMAO! That's all I have asked for here... you run away from it, each time too! Funny that (not), so, please, do "go for it", because I will make you eat your words (easily).

(I.E./E.G.-> I've had tons of trolls like you try it, and they fail on every "so-called point" they've stated, & for years now - that's because I've thought this out, too bad my naysayer trolls like you haven't (look at your b.s. response here, lol, after all. No specifics @ all from you...)).

Now, as to my "not knowing what I am talking about" as you stated above? The day you've done more, earlier, and in equally respected publications in the art & sciences of computing that I have (while you were still in diapers I also wager strongly):

---

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

Lastly, lately (this year)?

It's also been myself helping out the folks at the UltraDefrag64 project (a 64-bit defragger for Windows), in showing them how to do Process Priority Control @ the GUI usermode/ring 3/rpl 3 level in their program (good one too), & being credited for it by their lead dev & his team... see here -> http://ultradefrag.sourceforge.net/handbook/Credits.html

----

Once more - The day you can show more & superior accomplishments in computing than I have? THAT is the day you can talk like that to myself. Show us you have, ok?

I also possess 2 degrees related to and directly in the Computer Sciences (1 from a VERY respected college in the Northeast USA where the best schools are no less), both in MIS & CSC... do you? I doubt, just based on your trolling and avoiding disproving my points on HOSTS files.

(Why do I get the feeling that "Mr. Troll" here in metrix007 will avoid that too, just like he is avoiding telling us where my points on HOSTS files here are "wron

metrix007 prove yourself and quit trolling

Caught this in another thread of yours metrix007, after you gave a user named Zero Kelvin a lot crap trolling he as you have this ac. I'd like to see you go at each of the ac's points here he listed today on hosts and see you disprove and debunk every one of them also http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 please. Let's see how much you know and how *informed* you are, since you said he is misinformed and doesn't know what he's talking about. This ought to be funnier than hell, because it's already massively amusing watching you run from backing yourself up after you trolled this ac. It's obvious you don't have the education in the computer science area as he does, nor his accomplishments either. Saying what you did is only going to see you have posts like mine now that demand you back yourself up now. I'd like to see you do so. Thank you.

metrix007 disprove these points then on HOSTS

"Kid, you have no idea what you're talking about... You are strongly misinformed on several points. I can't be bothered to respond to you, (i.e. feed the troll) because I don't think it would be worth my time. You're obsessed, and not interested in rational discussion - by metrix007 (200091) on Monday December 06, @07:03AM (#34458496)

Ok, you FINALLY came back in, & NO: I am TRULY interested in "rational discussion", not avoiding it (as you obviously are with your 2 trollish replies here in this thread), so with that said? Disprove each of these 15 points on HOSTS files then:

15++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc.).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download
https://zeustracker.ab

Re:Again: What's your specific problem w/ HOSTS fi

[metrix007]

If you want me to addres you properly, then I want you to answer some questions.

1. Why do you put certain words in quotes or parentheses? WTF is up with that? E.G. your first line above, why is "go for it" in quotes?
2. Why do you cite work you allegedly have done, such as articles you wrote in various magazines, if you don't gives us a means to verify that information? Are you really hoping we will just take you at your word?
3. Likewise, why claim to have degrees or experience or whatever, if you don't give us a means to verify that information
4. Why do you bother mentioning that stuff at all? As an appeal to authority? If what you are saying has merit (which seems unlikely) it can stand on it's own. Your background is irrelevant to the point you are making.
5. Why have you been following around my posts insulting me linking back to this thread? It discredits you further, and makes you seem like you are a troll starved fro attention.
6. Why do you quote people in such a way? You get that it is completely redundant right? The name of the poster, post ID and time are all at the top of each post...adding it manually when you quote someone is just redundant, so why do you do this?
7. Why do you take 3 points (Kaminksy bug, Secunia hijack and Oliver Day's article) and misconstrue them? Do you not understand what they are actually about? Just because an article is about flaws in DNS, it does not automatically support your point.

If you have the courtesy to answer these questions, then I will address your main points as you ask.

You're full of it & evading this

Just disprove anything you feel is in "error" here on technical grounds:

http://slashdot.org/comments.pl?sid=1888084&cid=34459018

Nobody including myself at this oint wants to hear anymore of your evasive bullshit, least of all on logic... as you're obviously NO authority (since you troll you seem to *THINK* you are though, troll - HAVE YOU EVEN TAKEN LOGIC IN A FORMAL ACADEMIC ENVIRONS & PASSED IT? Somehow, I wager all you have is your "forums logic", lol...).

(By the way, since I took LOGIC in the A.A.S. portion of my CSC degree work & passed it with a good grade? Well, you can stop trying "forums logic" vs. the real thing - your evading disproving my points on HOSTS files in the URL above? Doesn't look good for you, now does it?)

---

Now, how I write though? LMAO - Either LEARN TO READ, or shut up and lose gracefully here for trolling me here off topic...

Also - Do you have a degree in English, especially a PHD? No?? Didn't think so (that's the "oldest troll trick in the book" & effete/useless). You're NO AUTHORITY here either, boy!

After all - You understood my posts well enough to reply, albeit apparently NOT technically, first of all!

---

Secondly, you have all the means you need to verify the posts of only SOME of my accomplishments in this art & science over 15 yrs. now in fact, & that's ONLY A PARTIAL LIST OF MY FAVS, those mags still exist too (many do, as well as the book publisher I noted as well).

See, unlike yourself?

I don't lie or evade questions!

In fact, since you mention it?

Well - Write SuperSpeed.com & speak to Mr. Eric Dickman their CEO for example... he'll verify the one I am most proud of in fact, easily, as 1 single example you can do easily (good man, fun to work with & actually KNEW his product)), or, the publishing house of the book I was featured in also.

---

As to my academia?

Well, not only was I an honors society, recently too while I am working on YET ANOTHER Computer Science oriented degree to my credit where I strongly believe you have NONE to your name?

(No, no presidents or provost type honors society lists here though)

I was also a decent "jock" as well, who played for the NATIONAL CHAMP team at its division II @ LeMoye also (I was also a letterman in fact, as well (meaning I played a lot, started or scored etc.):

http://lemoynedolphins.com/sports/mlax/history/1985.HTM

http://lemoynedolphins.com/sports/mlax/history/1984.HTM

(You've done the same, "big talker"? Somehow, I doubt it! All you do is troll others, go off topic in doing so, and evade questions!)

APK

P.S.=> No, your off topic trolling and b.s. is your undoing here... and you KNOW it! You've trolled others here this week I see as well, like Zero Kelvin who was mentioned here in fact... you keep doing it because nobody puts you in your place (the garbage), so here goes... let's see how well you do backing up your trolling off topic crap then, see the URL above... apk

You try "LOGIC" & U use "AD HOMINEM Attacks"?

By the way, I was also a LETTER WINNER for said champion in the sport of Lacrosse at the Division II level, since you *DEMAND* what you called "proofs" of myself, yet you never put out any you are asked for (see my PS below).

(I even scored on the national Div. I champ (Syracuse U. whose players I grew up playing in NY State Section III in highschool (at W.G. where I grew up young, most national titles of ANY highschool in fact nationwide in this sport over 24 yrs. now, & my other highschool team was an "honorable mention" also) & Div III contender (RIT))

Heh, @ the collegiate level? Hell - in doing so? I stopped shutouts too!

LeMoyne? WE'VE NEVER BEEN SHUT OUT IN THAT SPORT (besides being national champs for many years & also runners up many times as well)), EVER...

http://lemoynedolphins.com/sports/mlax/history/mlaxletterwinners

(See the "K" section, for more of your "demanded proofs" & quit evading what I ask of you below, or you'll just be further seen as a trolling "ne'er-do-well" that evades questions, & uses, lol, AD HOMINEM ATTACKS (logic, you started it after all) & acts as if he knows logic, yet VIOLATES IT HIMSELF!)

APK

P.S.=> There's more "proof" you demanded... now, let's see yours on:

1.) Whether YOU took & passed an accredited learning institutions formal logic courses

2.) Your PHD in English (since you resort to the "old troll trick" of "I can't read" etc.)

3.) Your list of accomplishments in the computer sciences (vs. my own, & that you did more of them and before I did)

4.) ABOVE ALL ELSE?

You disprove EACH OF THESE POINTS, stop evading it, face the music ->

http://slashdot.org/comments.pl?sid=1888084&cid=34459018

Which I put up, in favor of HOSTS files (since you came in and called me names in an "AD HOMINEM ATTACK") -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34377556

Good luck, you'll NEED it, troll... apk

Re:You try "LOGIC" & U use "AD HOMINEM Attacks

[metrix007]

1. We can't verify anything you say, as with out an account or given name we have nothing to check it against
2. No where in my previous post did I use an ad hominem attack. I guess you don't know what that actually is.
3. You have not answered any of my questions

Given your trollish behavior, i.e. stalking and insulting, you are clearly a troll. (note, that is also not an ad hominem attack). Given the way you obsessively stalk people, redundantly quote information and your strange use of quotes, I would say you also have some serious issues.

Computing just isn't your field kiddo, but I do hope you get the help you need. I won't be replying to you further until you answer my original questions in a polite manner.

Re:You try "LOGIC" & U use "AD HOMINEM Attacks

[metrix007]

Also, let me explain why I believe you misconstrue the 3 things you keep relying on for proof.

1. Oliver Days article. He talks about using a HOSTS file as a WHITELIST, and even then admits it has problems. You misconstrue him as advocating a HOSTS file as a BLACKLIST, which is false. Furthermore, he states he was using this back in 2004 to stop ads and tracking, something adblock plus is now far more efficient at.
2. The Kaminsky bug. This is no longer relevant, as ALL versions of DNS servers have been patched. I guess it's possible some idiots are running an unpatched server, but that is unlikely. It is also why there has not been an attack using the Kaminsky bug since 2008 or so.
3. The Secunia Hijacking. This was the result of someone breaking into the registrars account and modifying the DNS records directly. DNSSEC would not have helped here since they would have had access to the proper cert. If you used Secunia regularly and wanted to add it as a whitelist in your HOSTS file then yes, that would have prevented you having to see the redirected page for a few hours. It certainly isn't an argument to use HOSTS files in the way you advocate.

More evasions from metrix007? Of course!

You certainly avoid disproving all these points I put out in favor of HOSTS files:

http://slashdot.org/comments.pl?sid=1888084&cid=34459018

"2.No where in my previous post did I use an ad hominem attack. I guess you don't know what that actually is." - by metrix007 (200091) on Monday December 06, @01:01PM (#34461964)

LMAO - OH, really? You're continually trying to discredit me, ala ad hominem attack "attacking the man, rather than his points & data supplied", and you evade MY QUESTIONS which came well befor e yours (& I supplied you easily verified data on your quetions too, so learn to read, or just quit your trolling b.s before you embarass yourself here even more in front of the readers here).

You continually avoid where I provide data for you to disprove on HOSTS files, and I put it up putting a question to you to disprove what you can there... and you EVADE it constantly... do you really *THINK* you're fooling anyone here?

Guess again: YOUR OWN WORDS DO YOU IN BELOW ON THAT VERY ACCOUNT (logic & your use of adhominem attacks):

Even though you called me "ignorant" &/or "misinformed" (and more) in your first trolling reply here:

"He is clearly ignorant/misinformed" - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

FROM YOUR FIRST TROLLING POST HERE:

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34378092

(Care to deny your own words as an ad hominem attack you directed my way??)

After all - I quote you in it above...

Yet, you demand proof of expertise of others, I provided it on MANY grounds (academia, publication, accomplishments, & even sports (for academia)...

You by way of comparison? ZILCH! Just more "evasions" from you is all, (lol... typical of the "trolling 'ne'er-do-well' on your part!)

---

"1.We can't verify anything you say, as with out an account or given name we have nothing to check it against" - by metrix007 (200091) on Monday December 06, @01:01PM (#34461964)

LMAO, wtf? Look at my initials, & look here then (as to academia, where I was a letter winner for a national champ in lacrosse, & also a graduate with a B.S. degree in the sciences):

http://lemoynedolphins.com/sports/mlax/history/mlaxletterwinners

or here as to scoring for it as "added evidence" you demanded (yet you provide ZERO for yourself academically, professionally, in publication, etc. and even disproving the points I requested nicely that you do!)

You were also given a website, a CEO's name, and you can write him as to my accomplishments in publication from my list I put up of my favs. (only partial too)... don't bullshit us anymore, ok? Doesn't look too good for you as is, you're only evading questions, violating logic, and worse on your end as you go!

---

"2.No where in my previous post did I use an ad hominem attack. I guess you don't know what that actually is." - by metrix007 (200091) on Monday December 06, @01:01PM (#34461964)

Again, WTF? You violate logic in your first trolling reply here (you used ad hominem attacks & are continuing to TRY to do so) - care to deny it, because you called me "ignorant" & more?

See this quote of your words:

"He is clearly ignorant/misinformed" - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

FROM YOUR FIRST TROLLING POST HERE:

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34378092

(That denial of yours now? That also makes you, a damned LIAR as well!)

You're ALSO AVOIDING ATTACKING MY POINTS (first URL above) & instead, you are concentrating on trying to attack me? Good luck.

So much for YOUR use of "forums logic" (you can't even show you have a collegiate degree from a good college, lol, let alone having passed logic on your end).

---

3.You have not answered any of my questions... I would say you al

Re:More evasions from metrix007? Of course!

[metrix007]

LMAO, wtf? Look at my initials, & look here then (as to academia, where I was a letter winner for a national champ in lacrosse, & also a graduate with a B.S. degree in the sciences):

http://lemoynedolphins.com/sports/mlax/history/mlaxletterwinners

I can not see any name on that list that matches the initials APK. If I don't know your name, then I can not verify anything you say, regardless of who you give me as a reference.

Time to shoot you down even more... apk

"1.Oliver Days article. He talks about using a HOSTS file as a WHITELIST" - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

LOL, oh, really? See this quote from said article then specifically on how a highly esteemed program in SPYBOT "Search & Destroy" does what I state (blacklisting):

"More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware." Mr. Oliver Day of SECURITYFOCUS.COM -> Source Article quoted from here -> A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491

(Learn to read, it's securityfocus.com (a symantec subsidiary))

By the way, when he speaks of "internet communities at the beginning of the decade" speaking of hosts files, whose words do you think he was speaking of?

Mine!

(I've been advocating their use on forums since 1997 & earlier even, worldwide because they work & Mr. Day + many others (even in this thread) know so also as do I!)

---

"You misconstrue him as advocating a HOSTS file as a BLACKLIST, which is false." - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

I also speak of white listing, but see above... that quote does you in, quickly... from Mr. Day no less!

(Care to deny it troll?? Keep skimming. I love it!)

---

"Furthermore, he states he was using this back in 2004 to stop ads and tracking, something adblock plus is now far more efficient at." - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

LMAO, wtf? See above first, and adblock is FAR LESS EFFICIENT (it doesn't cover email programs that use HTML & SCRIPTING like Outlook &/or Outlook Express as 2 examples thereof).

I.E.-> HOSTS also operate as a filter for the IP stack... you trying to tell me that a kernel mode subsystem (pnp nowadays via a driver set as well) is "less efficient" than a usermode/RPL3/Ring 3 program that only operates on SOME browsers?

LMAO!

(I'd give up already were I you... you're screwing up more as you go. This is hilarious & "too, Too, TOO EASY" (just TOO easy)).

---

"2.The Kaminsky bug. This is no longer relevant, as ALL versions of DNS servers have been patched." - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

Oh sure, DNS servers're doing SO WELL vs. what the Chinese have been doing as well as other redirect/DNS poisoning attacks! See below!

(Recent too, you strangely "skim over them" as well, why is that? LOL, we know why!)

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

"I guess it's possible some idiots are running an unpatched server, but that is unlikely.." - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

Ahem: See the 2 URLs above, guess again... & you sure like tossing names!

---

"It is also why there has not been an attack using the Kaminsky bug since 2008 or so.
3.The Secunia Hijacking. This was the result of someone breaking into the registrars account and modifying the DNS records directly.." - by met

Re:Time to shoot you down even more... apk

[metrix007]

I give up...you really don't have any idea what you're talking about, and that joke a reply just shows it. I replied in good faith...and get religious shit in response. Best o luck dude. You're an idiot. (note, not an ad hominem, not dismissing you reply because I consider you an idiot, calling you an idiot as a consequence).

Re:Time to shoot you down even more... apk

[metrix007]

Actually, digging a bit further, and eliminate all the other people with your name (musicians, reporters, AIDS societies fellows etc), I find you on several forums, where you have been banned. Makes sense that you would come to the last refuge on the internet where you can't get banned. You have helped me cement your status as an ignorant troll who lies about his/her own accomplishments. Good job kiddo.

Re:Time to shoot you down even more... apk

[metrix007]

OK, final post and no more googling. For anyone sad enough to be reading this, this post discredits APK basically completely. http://tech.slashdot.org/comments.pl?sid=1300193&cid=28673669

I finished you off with your OWN mistakes 2x

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614

(Where you FINALLY *tried* (& failed at) disproving only 1 of my points, & even conceded my point works, lol... hilarious!)

So much for your "technical skills" in the URL above (And, you had the GALL to call ME "ignorant & misinformed" in your ad hominem attack quoted below) - hilarious!

ADDITIONALLY: You also "shot yourself down" even more, & about Mr. Oliver Day, stating he NEVER notes that BLACKLISTING via hosts files is effective -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614 where I show exactly where he notes Spybot "Search & Destroy", it's highly esteemed too, and it has the "IMMUNIZE" feature... guess what THAT does? You guessed it - blacklist fortification of a HOSTS file!

---

metrix007 also claimed he never "Ad hominem" attacked me also in posts here now? Funny:

"He is clearly ignorant/misinformed" - by metrix007 (200091) on Monday November 29, @02:08PM (#34377556)

FROM YOUR FIRST TROLLING POST HERE:

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34378092

That quote of your own trolling + off topic words here surely seems to indicate you have!

(Either you're a deluded liar, or just dim in the head, or you have dementia/alzheimers! Your OWN words are quoted to that effect... lmao, & YOU TRIED USING LOGIC vs. myself (I have taken & did well at LOGIC in academia during my 2 degrees around the computer sciences no less!)

Oh yes/lastly: Figure this one out, you "idiot savant": My initial I sign off posts with here are "APK" & in 1985? There is a letter winner with those initials (minus the P): Guess WHO that is??

Yours truly!

APK

P.S.=> Now you can write Mr. Eric Dickman, CEO of SuperSpeed.com & ask him what I wrote about BOTH SuperDisk (I posted ideas of DB usage alongside Mr. John Enck of Windows IT Pro mag on their site in fact back in 1996 & they used them @ Microsoft Tech Ed, & were a FINALIST 2 yrs. in a ROW 2000-2002 in the HARDEST CATEGORY THERE: SQLServer Performance Enhancement (he's a good guy, fun to work with, pays up honorably & fast also but MOST OF ALL? HE KNOWS HIS PRODUCT, inside & out!)) and, that I also improved their code for SuperCache/SuperCache II on a paid job, & by up to 40%...

Not bad for what you called me, eh? What was it again, oh yea: "IGNORANT & MISINFORMED"... you sure it's not the other way around? apk

Re:I finished you off with your OWN mistakes 2x

[metrix007]

OK, Alex Kowalski. Awesome.

Funny when I search your name of Google, I find absolutely nothing of prominence. Maybe in the next life, kid.

Damned straight "you give up" troll!

"I give up..." - by metrix007 (200091) on Monday December 06, @02:39PM (#34463470)

See subject-line, because this is only PART of the "knockout punch" of your OWN trolling and lying I used to do so:

YOU SAID THIS:

"1.Oliver Days article. He talks about using a HOSTS file as a WHITELIST" - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

Ok/again (so it sinks in):

See this quote from said article then specifically on how a highly esteemed program in SPYBOT "Search & Destroy" does what I state (blacklisting) & Spybot "S&D's" IMMUNIZE feature (adds HOSTS blacklist entries vs. KNOWN malicious sites/servers etc.):

"More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware." Mr. Oliver Day of SECURITYFOCUS.COM -> Source Article quoted from here -> A RETURN TO THE KILLFILE:
http://www.securityfocus.com/columnists/491

Yes, "another troll 'bites the dust'" in metrix007... too, Too, TOO EASILY! Just TOO easily...

(& only on 1 of my 15++ points in favor of HOSTS files usage no less (you still have 14 more to dispute & disprove mind you, see the URL next below)):

http://slashdot.org/comments.pl?sid=1888084&cid=34459018

---

Now on your calling me an idiot (on top of your calling me "ignorant and misinformed" and more in your 1st post here trolling me? Please, see my 'PS' below for a quote of your adhominem attack trolling slurring of myself!

(The quote is, after all, your own words and you are NOT attacking my points - only attempting to attack myself & failing, badly!)

Especially seeing as you have NEVER taken LOGIC in a formally administered academic environs and you violate the logic tenet of "Ad hominem" right off in your 1st post quoted above:

(So - prove you have at least TAKEN logic (not "Forums illogic" like you use, lol))

After all: You asked of such proofs of myself both academically & professionally too, I supplied them, and now?

NOW you "run" or "evade" the rest of my tech points as well, from here -> http://slashdot.org/comments.pl?sid=1888084&cid=34459018 in favor of HOSTS files, as per usual for you! Only 14 more to go, sure you don't want to be COMPLETELY "Charcoil Broiled & burned" by your own mistakes as usual?

LMAO! Please - don't go & give up already troll. You cannot PAY for this kind of entertainment, as it's so easy to catch you in lies, forums illogic, skimming over pertinent data and FAR more (like ad hominem attacks you use & yet you try to "quote logic" vs. myself, lol).

However - in the end?

Well - I certainly got the truth out of you, and also admissions my points ARE correct also here -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614 on the ones noted above specifically & more there (to the point it shut you up again, fast & easily))

---

"You're an idiot." - by metrix007 (200091) on Monday December 06, @02:39PM (#34463470)

Ah yes, the mark of the "Frustrated ad hominem attack utilizing troll", yet again from you!

(Along with impersonating me the way you did & failling and other failures as noted in just a single one above on technical points in favor of HOSTS files, and your initial ad hominem attacks too, quoted below also)...

Yes - that's "RIGHT UP THERE" w/ YOU not having a PHD in English (and trying to tell me how to write, funny you reply to my points though, eh?)

OR

You not even having ANY academic degrees from collegiate level academia apparently on your end...

OR

Noted & published accomplishments like mine I listed & asked if you have the same & before I did and more of them because you called me "ignorant & misinformed" in your ad hominem trolling attacks on myself here.

Watch metrix007 "knock himself out", LMAO! apk

"You have helped me cement your status as an ignorant troll who lies about his/her own accomplishments." - by metrix007 (200091) on Monday December 06, @02:44PM (#34463570)

See here on that account per my subject line above -> http://yro.slashdot.org/comments.pl?sid=1888084&cid=34463878

PERTINENT QUOTE/EXCERPT WITH RELIABLE & REPUTABLE SOURCE OF MINE I USED:

---
YOU SAID THIS:

"1.Oliver Days article. He talks about using a HOSTS file as a WHITELIST" - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

Ok/again (so it sinks in):

See this quote from said article then specifically on how a highly esteemed program in SPYBOT "Search & Destroy" does what I state (blacklisting) & Spybot "S&D's" IMMUNIZE feature (adds HOSTS blacklist entries vs. KNOWN malicious sites/servers etc.):

"More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware." Mr. Oliver Day of SECURITYFOCUS.COM -> Source Article quoted from here -> A RETURN TO THE KILLFILE:
http://www.securityfocus.com/columnists/491

Yes, "another troll 'bites the dust'" in metrix007... too, Too, TOO EASILY! Just TOO easily...

(& only on 1 of my 15++ points in favor of HOSTS files usage no less (you still have 14 more to dispute & disprove mind you, see the URL next below)):

http://slashdot.org/comments.pl?sid=1888084&cid=34459018

---

(YOU FRIED YOURSELF, lmao...)

---

"I find you on several forums." - by metrix007 (200091) on Monday December 06, @02:44PM (#34463570)

Aha: NOW, you seem to know my name (finally "he figures it out" lol, after how many evidences you asked me for, which I have in both academia, professionally via publications of respected note & more)

So, that all "said & aside" so you can no longer evade it as you have?

Well, again... you are free to write Mr. Eric Dickman of SuperSpeed.com & see if what I did for them is truth on my end, or not!

(On paid job for myself & they, where I improved SuperCache/SuperCache II by up to 40% & also on my contributions alongside Mr. John Enck, technical editor @ Windows IT Pro magazine, on how to employ RAMDISKS (or SSD's even which I did for CENATEK & it was featured as "the ARTICLE" on their website too) with databases, as far back as 1996 onwards!)

Go for it - I love to watch name tossing ad hominem attack using trolls do themselves in,c oontinually no less as you have, & especially after trying to "run me around" as you have, evading questions I asked of you, first.

APK

P.S.=>

"You have helped me cement your status as an ignorant troll who lies about his/her own accomplishments" - by metrix007 (200091) on Monday December 06, @02:44PM (#34463570)

WTF? More ad hominem attacks & you said you "knew logic" (lmao, FORUMS ILLOGIC is more like it).

ALSO?? It seems YOU LIED ABOVE... read it everyone, get a HUGE laugh!

(This joker metrix007 doesn't even know when he's beaten & funniest part is? He beat himself with ad hominem attacks (name calling instead of attacking my 15 points on hosts files), plus impersonating me in this thread, & then being caught skimming AND LYING too, (see above)).

Hilarious.

(Quit while you're behind man... you are serious "behind" (the 8 ball) & that's only a 1-3 of my points you lamely tried to disprove & you FAILED LARGE on doing!).

ROTFLMAO... Ah, just "too, Too, TOO EASY" (just TOO ez)... apk

Even MORE ammo to shoot you down with, lol!

http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

See that, it's in regards to that which you post (which was modded up by packs of trolls even though I posted contrary proof otherwise there no less after it)

That post above was +5 INTERESTING modded recently in fact, and shoots down that b.s. of yours, once again, easily!

LMAO!

Especially regarding Computer Associate being caught in an accounting scandal, & being FORCED to list my app w/ zero threat levels too because I passed every single one of their 21 point questionnaire for removal!

(This happens to "the best of us" @ times, alongside others they & those like they, low reputation, do that to!)

I'm not alone there, & I didn't write it as a malware either (which is why Spybot search & destroy, which you f'd up on (see below) is not attacked by they anymore, even though it alters HOSTS files, one of their criteria).

Even respected guys like Nir Sofer of NIRSOFT on many of his excellent tools (write him yourself, I have many times in regards to this & he helped me out), and even Dr. Mark Russinovich & his pstools have (some of them only here though)

Dr. Mark Russinovich of Microsoft no less has had it happen (additinoally? He is aa former coworker of mine for SunBelt software, & for whose work of his I have even corrected for he in pagedefrag.exe (he hardcoded & didn't realize logs can be moved from C: for higher performance - he emailed me thanks no less!))

Yup, "keep trying troll" - I love seeing you "SHOT DOWN IN FLAMES" on every "Adhominem attack" you try, now that you failed on the 3 points in my HOSTS files points I posted on you burnt yourself on.

---

Then also, there IS this (where you "shot yourself down" with your own trolling words no less & skimming too, lol):

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34464138

(Some "vintage quotes" of your words there are in order)

PERTINENT QUOTE/EXCERPT WITH RELIABLE & REPUTABLE SOURCE OF MINE I USED:

---
YOU SAID THIS:

"1.Oliver Days article. He talks about using a HOSTS file as a WHITELIST" - by metrix007 (200091)on Monday December 06, @01:23PM (#34462242)

Ok/again (so it sinks in):

See this quote from said article then specifically on how a highly esteemed program in SPYBOT "Search & Destroy" does what I state (blacklisting) & Spybot "S&D's" IMMUNIZE feature (adds HOSTS blacklist entries vs. KNOWN malicious sites/servers etc.):

"More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware." Mr. Oliver Day of SECURITYFOCUS.COM -> Source Article quoted from here -> A RETURN TO THE KILLFILE:

FROM http://www.securityfocus.com/columnists/491

Yes, "another troll 'bites the dust'" in metrix007... too, Too, TOO EASILY! Just TOO easily...

(& only on 1 of my 15++ points in favor of HOSTS files usage no less (you still have 14 more to dispute & disprove mind you, see the URL next below)):

http://slashdot.org/comments.pl?sid=1888084&cid=34459018

APK

P.S.=> metrix007's "troll theme song":

SHOT DOWN IN FLAMES AC/DC:

http://www.youtube.com/watch?v=y55wvdcCJfk

LMAO! Ah, man "too, Too, TOO EASY" (just TOO easy)... apk

metrix007's NEW "Troll theme song" & more, lol

Especially this one, where metrix007 further tried to libel me, & found out that my libellers (Computer Associates) , his "fine main source" (NOT), are KNOWN disreputable scoundrels:

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34464476

and where my post was VERY recently (a week or so ago here) modded up to the MAX +5 interesting, no less, where it disproves & disposes of metrix007 further attempts @ ad hominem attacks directed my way (& then he fails on technical grounds regarding HOSTS files below & more, hilarious!)

Oh, the "price of trolling" is this, metrix007, noone deserves it more than you (especially when you impersonated me too there).

---

Where metrix is caught again using "forums ILLOGIC" & far more (though he tried to say it was LOGIC & hasn't even taken that, lol) & further ad hominem attacking myself:

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34464138

---

metrix007 says "I give up" when caught skimming & missing points from my rather respected source on HOSTS files advantage (which only covers PART, 1-3 points maybe, of what I extoll on them & he FAILED HUGELY on):

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34463878

---

Where metrix007 is shown to have started trolling myself, & evading my questions (though I did not evade ANY of his):

http://slashdot.org/comments.pl?sid=1888084&cid=34463016

---

LASTLY & MOST IMPORTANTLY:

Where I FINALLY got him to "try" to attack & disprove 15 points on HOSTS files I put up here, instead of his std. evasions he used for, oh, 10 posts or so... and he failed on each one (only 3 attempted no less & he "gave up" per the above, & started his adhominem attacks again):

http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614

---

To quote Clint Eastwood, as Mr. Kowalski in "Gran Torino":

"Ever notice that every once in awhile, you come across someone you shouldn't have fucked with? THAT'S ME..." Clint Eastwood as Mr. Kowalski

Then, per my subject-line & the URL's above where metrix007 came into a thread, ad hominem attacked me, & lied, was caught lying, skimming, & making HUGE technical errors + far more!

(After his calling myself, an internationally multiple time published programmer/analyst of 17++ yrs., names & worse & finding out he was off, WAY off)

He finally tried to attack some points I challenged him to, & "knocked himself dead up out" with his own words, lies, skimming + trolling, & on only 1 of 15 points in favor of HOSTS files I made which he evaded to no end until those posts above?

ROTFLMAO!

(Mod me down if you like folks, but I am only paying him back, in kind, & letting HIS OWN WORDS do him in!)

APK

P.S.=> Oh, by the way: metrix007 has a NEW "Troll theme song" by AC/DC:

http://www.youtube.com/watch?v=y55wvdcCJfk

"SHOT DOWN IN FLAMES" by AC/DC!

Rotflmao... nothing could fit him better, especially after the above... apk