The real question is "how many people actually check this sort of thing?" I would be willing to bet that few, if any, smaller organizations (i.e. ones who have essentially static zone info) ever check the contents of their DNS once it's been set up.
Interesting. I tried zone transfers on some of the first domains I found, but gave up on them because I wasn't getting anywhere. What you're seeing is very odd -- almost like DNSExit is treating buy-viagra.4kidsnus.com like a domain itself rather than as a sub-domain of 4kidsnus.com.
In addition to sending notifications to site owners, I did communicate with several of them and they were shocked to find out about the alteration of their domain information. I also spoke with some of the DNS providers and I found nothing to indicate that they were involved (also, from TFA, the domains are spread across multiple DNS providers). As I said in the write-up, my bet is on a combo of poorly chosen passwords and overly generous/non-existent account lockout policies on something like a cPanel interface.
I'm not disputing the "negligent" issue. You're correct.
However negligent they may be, the facts are:
~72% of DNS servers run BIND.
~28% of those run versions less than 9
Also, the BIND servers themselves aren't poisoned. When they do the initial lookup, they forward the poisoning information along, but don't cache it themselves. Subsequent lookups come from cache (and therefore don't contain poisoning info), but by then, it's too late.
So much for "only affects MS servers" although the article does mention, and plays down ("ancient versions") the bind4/8 vulnerabilities.
I'm left wondering how many admins have their dns servers in forwarding mode, and how many of those are forwarding to bind4/8 servers? Very few, I'd think.
Think again.
You don't seem to be understanding the terminology. It isn't talking about situations where MS DNS will "forward to" BIND4/8. You receive DNS information from a "forward". Many/most ISPs run BIND and quite a few are running version 8. It appears that any MS DNS server using those servers as a forward will be vulnerable.
I have recently begun beta testing of an extended-functionalty version of my original Open Source application, LaBrea, mentioned in the article. The new software, known as LaBrea Sentry, uses the same methods of trapping and holding connection attempts by worms and scanners. It also proactively defends real machines from attack from those same worms and scanners as well as communicating all log information to a central server which provides updated "Bad Guy" lists to the entire network of Sentry boxes. Scanning IPs that make it onto the "Bad Guy" list are blocked from access to all monitored networks while they continue to scan. (And before you even ask, yes, there are many safeguards on the system to prevent spoofing...)
In initial tests, the system knocked down 94.7% of the scripted, scanning attacks against a live webserver, BEFORE those attacks ever made it to the server or IDS logs. That's what it's designed for: not to replace firewalls or IDS systems, but to simply cut down on all of the crap that they see...
Note: There seems to be a great deal of confusion about the "countermeasures" mentioned in the article. In the case of both LaBrea and LaBrea Sentry, these are "passive" countermeasures, consisting of trapping or tarpitting connection attempts. I agree that the idea of "actively" attempting to patch a machine is frought with legal issues.
More information on LaBrea Sentry can be found here.
So? Until a court holds that those interpretations are valid, it's all Chicken Little stuff.
Don't you think it's a little late then?
Speaking as someone who has been affected by the law, my choice to stop distributing potentially illegal software from my website in Illinois is based on my desire not to end up as a test case.
These laws have an effect long before they ever end up in court.
And, by the way, you need to be more careful: your "This law, if implemented, would affect NOBODY who is not currently doing something illegal" line of reasoning appears to be infringing on
IP belonging to the MPAA.
Perhaps a concrete example would help people to understand the impact of legislation like this.
I am an Open Source developer, and in the spring of 2001, I created LaBrea, a network defense application. LaBrea puts unused IP addresses on your network to use, creating a "network tarpit" that traps and holds connection attempts from worms and scanners.
On April 15th of this year, it came to my attention that a nearly identical version of the proposed Tennessee law had been enacted in Illinois and had become law as of January 1.
As I read through the law, I discovered that LaBrea appeared to meet the criteria for what was called an "unlawful communication device" because it both disrupted and concealed the true origin and destination of communication.
If, indeed, LaBrea represents an "unlawful communication device," then my continued distribution of LaBrea from my website within Illinois placed me in violation of the law, and opened me up to incredibly punitive criminal and civil penalties.
Additionally, on January 14th I had contacted the developers of every Windows personal firewall that I could find to explain a flaw that I had discovered under WinXP and Win2K. The firewall vendors had worked out patches and rolled them into their products, and I was in the process of coordinating the publication of the vulnerability information with the various organizations when I discovered that this provision was law in Illinois.
Under this law, simply disclosing information describing a technique for "defeating or circumventing any technology, device or software used by the provider, owner or licensee of a communication service or of any data, audio or video programs or transmissions to protect any such communication, data, audio or video services, programs or transmissions from unauthorized access, acquisition, disclosure, receipt, decryption, communication, transmission or re-transmission" is treated as a felony. I will not publish this information, nor will I allow the vendors to credit me when/if they choose to publish it.
I have been contacted by the MPAA who has attempted to assure me that there is some sort of requirement for "intent to defraud" under the Illinois law, but I cannot find any such language. Lawyers from the EFF have, essentially, agreed that such language does not exist.
And so, where does this leave me? I've pulled LaBrea from distribution because I cannot justify placing myself in a position where I could be subject to criminal and civil penalties to give away software for free.
Is it illegal for me to distribute LaBrea? I honestly don't know. But I certainly can't justify hiring a lawyer to sort it all out. Quite frankly, I'm getting to the point where I really just don't care anymore. It's difficult enough to write good software-- trying to do it while walking through a legal minefield is impossible.
That is the result of this stupid legislation. If you live in Tennessee, or if you're in a position to influence what goes on there, do whatever you can to get it stopped. There is no justification for passing this law immediately. If there are legitimate questions surrounding this legislation (and I believe there are), then table the dang thing and sort them out now, before it is enacted.
Possession of cable descrablers that have been modified to decode all channels.
NEXT!
This is exactly the problem with laws like these. They make possession of tools that could be used for illicit purposes equivalent to the use of tools for illicit purposes. I have a crowbar in my basement, but that doesn't mean I'm out using it to break into houses. If someone actually uses a cable descrambler to steal service from the cable company, they're doing something illegal - it's called theft. You can't tell me that theft isn't currently illegal under Texas law.
The mere fact of ownership of a device that can be used for illicit purposes doesn't mean that it is being used in that manner. There is a presumption of guilt in these laws that runs quite counter to the concept of "innocent until proven guilty" on which our legal system is supposed to be founded.
In Illinois, this slipped in under the radar. Don't let this happen in Texas. I'm currently working to get the Illinois law changed, but if you can keep it from happening at all, you'll be much better off.
The killer question to ask on this is: "What specific illicit activity, that is not currently illegal under Texas law, is this new legislation targeting?" For further information on where things stand in Illinois, see the
HackBusters site.
Slashdot Mirror
The real question is "how many people actually check this sort of thing?" I would be willing to bet that few, if any, smaller organizations (i.e. ones who have essentially static zone info) ever check the contents of their DNS once it's been set up.
Interesting. I tried zone transfers on some of the first domains I found, but gave up on them because I wasn't getting anywhere. What you're seeing is very odd -- almost like DNSExit is treating buy-viagra.4kidsnus.com like a domain itself rather than as a sub-domain of 4kidsnus.com.
In addition to sending notifications to site owners, I did communicate with several of them and they were shocked to find out about the alteration of their domain information. I also spoke with some of the DNS providers and I found nothing to indicate that they were involved (also, from TFA, the domains are spread across multiple DNS providers). As I said in the write-up, my bet is on a combo of poorly chosen passwords and overly generous/non-existent account lockout policies on something like a cPanel interface.
Just enough to tell 'em what you think...
I'm not disputing the "negligent" issue. You're correct.
However negligent they may be, the facts are:
~72% of DNS servers run BIND.
~28% of those run versions less than 9
Also, the BIND servers themselves aren't poisoned. When they do the initial lookup, they forward the poisoning information along, but don't cache it themselves. Subsequent lookups come from cache (and therefore don't contain poisoning info), but by then, it's too late.
-TL
So much for "only affects MS servers" although the article does mention, and plays down ("ancient versions") the bind4/8 vulnerabilities. I'm left wondering how many admins have their dns servers in forwarding mode, and how many of those are forwarding to bind4/8 servers? Very few, I'd think.
Think again.
You don't seem to be understanding the terminology. It isn't talking about situations where MS DNS will "forward to" BIND4/8. You receive DNS information from a "forward". Many/most ISPs run BIND and quite a few are running version 8. It appears that any MS DNS server using those servers as a forward will be vulnerable.
-TL
I have recently begun beta testing of an extended-functionalty version of my original Open Source application, LaBrea, mentioned in the article. The new software, known as LaBrea Sentry, uses the same methods of trapping and holding connection attempts by worms and scanners. It also proactively defends real machines from attack from those same worms and scanners as well as communicating all log information to a central server which provides updated "Bad Guy" lists to the entire network of Sentry boxes. Scanning IPs that make it onto the "Bad Guy" list are blocked from access to all monitored networks while they continue to scan. (And before you even ask, yes, there are many safeguards on the system to prevent spoofing...)
In initial tests, the system knocked down 94.7% of the scripted, scanning attacks against a live webserver, BEFORE those attacks ever made it to the server or IDS logs. That's what it's designed for: not to replace firewalls or IDS systems, but to simply cut down on all of the crap that they see...
Note: There seems to be a great deal of confusion about the "countermeasures" mentioned in the article. In the case of both LaBrea and LaBrea Sentry, these are "passive" countermeasures, consisting of trapping or tarpitting connection attempts. I agree that the idea of "actively" attempting to patch a machine is frought with legal issues.
More information on LaBrea Sentry can be found here.
Why? Why, why, why??
Just to look?
So? Until a court holds that those interpretations are valid, it's all Chicken Little stuff.
Don't you think it's a little late then?
Speaking as someone who has been affected by the law, my choice to stop distributing potentially illegal software from my website in Illinois is based on my desire not to end up as a test case.
These laws have an effect long before they ever end up in court.
And, by the way, you need to be more careful: your "This law, if implemented, would affect NOBODY who is not currently doing something illegal" line of reasoning appears to be infringing on IP belonging to the MPAA.
-TL
Perhaps a concrete example would help people to understand the impact of legislation like this.
I am an Open Source developer, and in the spring of 2001, I created LaBrea, a network defense application. LaBrea puts unused IP addresses on your network to use, creating a "network tarpit" that traps and holds connection attempts from worms and scanners.
On April 15th of this year, it came to my attention that a nearly identical version of the proposed Tennessee law had been enacted in Illinois and had become law as of January 1.
As I read through the law, I discovered that LaBrea appeared to meet the criteria for what was called an "unlawful communication device" because it both disrupted and concealed the true origin and destination of communication.
If, indeed, LaBrea represents an "unlawful communication device," then my continued distribution of LaBrea from my website within Illinois placed me in violation of the law, and opened me up to incredibly punitive criminal and civil penalties.
Additionally, on January 14th I had contacted the developers of every Windows personal firewall that I could find to explain a flaw that I had discovered under WinXP and Win2K. The firewall vendors had worked out patches and rolled them into their products, and I was in the process of coordinating the publication of the vulnerability information with the various organizations when I discovered that this provision was law in Illinois.
Under this law, simply disclosing information describing a technique for "defeating or circumventing any technology, device or software used by the provider, owner or licensee of a communication service or of any data, audio or video programs or transmissions to protect any such communication, data, audio or video services, programs or transmissions from unauthorized access, acquisition, disclosure, receipt, decryption, communication, transmission or re-transmission" is treated as a felony. I will not publish this information, nor will I allow the vendors to credit me when/if they choose to publish it.
I have been contacted by the MPAA who has attempted to assure me that there is some sort of requirement for "intent to defraud" under the Illinois law, but I cannot find any such language. Lawyers from the EFF have, essentially, agreed that such language does not exist.
And so, where does this leave me? I've pulled LaBrea from distribution because I cannot justify placing myself in a position where I could be subject to criminal and civil penalties to give away software for free.
Is it illegal for me to distribute LaBrea? I honestly don't know. But I certainly can't justify hiring a lawyer to sort it all out. Quite frankly, I'm getting to the point where I really just don't care anymore. It's difficult enough to write good software-- trying to do it while walking through a legal minefield is impossible.
That is the result of this stupid legislation. If you live in Tennessee, or if you're in a position to influence what goes on there, do whatever you can to get it stopped. There is no justification for passing this law immediately. If there are legitimate questions surrounding this legislation (and I believe there are), then table the dang thing and sort them out now , before it is enacted.
Further information can be found at the HackBusters website
-TL
Because BWK already said everything that needed to be said: Why Pascal is Not My Favorite Programming Language
-TL
The mere fact of ownership of a device that can be used for illicit purposes doesn't mean that it is being used in that manner. There is a presumption of guilt in these laws that runs quite counter to the concept of "innocent until proven guilty" on which our legal system is supposed to be founded.
In Illinois, this slipped in under the radar. Don't let this happen in Texas. I'm currently working to get the Illinois law changed, but if you can keep it from happening at all, you'll be much better off.
The killer question to ask on this is: "What specific illicit activity, that is not currently illegal under Texas law, is this new legislation targeting?" For further information on where things stand in Illinois, see the HackBusters site.