[LINK] US government running DNS botnet "as band aid"

Rachel Polanskis grove at zeta.org.au
Wed May 23 17:31:18 AEST 2012


The ISP's really should be doing a mailout campaign, in conjunction with perhaps AUSCERT
to provide some prestige and validity, with a small series of ad campaigns.    The user
could be guided to the most common bits of gear used and perhaps a small walkthrough
supplied online to get them through it.   

Meanwhile, the dark switches are all redirected at the trunk somehow to go to the ISP's tech web and nowhere else.   Dark MAC addresses
could be harvested and verified and an upload done to purge the junk on the user's device.
All it would take is a bunch of Perl scripts and hackers as clever as the bot programmers.
Note it only works for about 80% of devices, in this case most users using an exotic gadget
or config know how to fix themselves....

--
rachel polanskis 
<r.polanskis at uws.edu.au> 
<grove at zeta.org.au>

On 23/05/2012, at 16:54, Richard Chirgwin <rchirgwin at ozemail.com.au> wrote:

> I happened to be in Paul Vixie's keynote at AusCERT last week, where he 
> discussed this ...
> 
> He said he feared not an end user disruption, but that having hundreds 
> of thousands of users go dark, and hit the phones simultaneously would 
> overwhelm - possibly to the point of bankruptcy - smaller ISPs.
> 
> Regarding end users, he said many are very hostile to being told there's 
> a problem. They don't trust the government AND they don't trust 
> information coming from the ISP. So they reject it all.
> 
> Given his time over, Vixie thought it would have been a good idea to let 
> users go dark in a more managed way - thousands at a time rather than 
> hundreds of thousands. Here's what I wrote for The Register:
> http://www.theregister.co.uk/2012/05/17/dns_changer_blackouts/
> 
> (It doesn't have my byline because I was in Queensland and didn't have 
> access to the CMS!)
> 
> Cheers,
> Richard C
> 
> On 23/05/12 4:18 PM, Fernando Cassia wrote:
>> http://www.pcworld.com/article/254259/why_your_internet_might_disappear_this_summer.html
>> 
>> Interesting... I wonder if it would have been easier to just shut down the
>> botnet and users would immediately know something was wrong and, gee, fix
>> their computers?.
>> 
>> What purpose does it serve to just "turn the botnet into legitimate DNS
>> servers" and continue running it (basically providing the authorities with
>> the browsing habits of hundres of thousands of users...) if you' re
>> eventually going to shut those down, too?.
>> 
>> "The DCWG is an ad hoc group of subject matter experts, and includes
>> members from organizations such as Georgia Tech, Internet Systems
>> Consortium, Mandiant, National Cyber-Forensics and Training Alliance,
>> Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama
>> at Birmingham."
>> 
>> FC
> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link




More information about the Link mailing list