dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3953
share rss forum feed

TheMayor

join:2002-05-09

2 recommendations

Microsoft serves court order on NoIp.com & seized 22 commonly used domains

»www.noip.com/blog/2014/06/30/ips···akedown/

Here are some bits & pieces from the above article.

"We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue. This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware"

"We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.

Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users."


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

Microsoft has become quite intrusive I will type that!!!!


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH

2 recommendations

reply to TheMayor

Re: Microsoft serves court order on NoIp.com & seized 22 commonly used domains

What i wonder is while they could have done so would they have done so? Free domains dns etc have always been used to host malware. And there is no way all these people offering free domains dns redirects etc can not know with out doubt they have tons of malware being hosted on their servers (or in this case are redirecting to hosts with it). While yeh ms can be heavy handed i have to say i think they did what many people would do if they could. Ask your self this what would you do if you happened accross a bot net hosted on a free dns site and found admin access by accident for the dns host. Would you just walk away or would you bulk delete every stinking site on the host out right?

All microsoft did in this case was do it by legal methods vs any user on this forum who regardless of if they want to admit it or not would just nuke and walk legal or illegal.

as for how many innocent users were really effected that is not even possible to know. My guess is it is less than the total number of those posting on the comments on the offical statement page.

So while there may be millions of accounts only some of those are even remembered by the people who set them up.

Ive played with the various dns services like this heck probably have a no ip account. Im well above average when it comes to being tech savvy and even I strait forgot i had the program running to update my ip for something like 6 months. So there's likely 1000s or 10000s of long forgotten accounts with the program still running. Add in a few 100 computers sold foolishly with the program still installed to update the account and you could be looking at a few 100k accounts that seem to be active but are long forgotten.

I would not be shocked to find out that there was really only a few 100 people who were innocent who got caught in the cross fire of this.

Some of the complaints i seen were thing like "people are using this service for their security systems dvr box" All i can say is what kind of stupid do you have to be to use a free dns service or your security? I would not trust some one offering a free dns with my security system. I would log in with a raw ip or even set up a dial up network connection if i need a higher level of security on the system. If i need a dynamic dns for it i will pay for it as it is to important.


Soup

@66.249.83.x
reply to Dude111

Re: ‏

said by Dude111:

Microsoft has become quite intrusive I will type that!!!!

Microsoft has to be tough with DNS providers like noip who despite their claims do absolutely nothing to clear malware providers and spammers from their service. They make a large part of their income servicing bad actors.

Until DNS providers are FORCED by international laws to VERIFY identities of lessees of domain names, they will continue to be the main source of spam and malware.


novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
Yep

Sometimes i think that if a group from with in say the linux community did this sort of thing they would be praised. But because it is the ultra mega evil company microsoft that did it they are a ultra mega evil company.

Lets look at some recent happenings. Not so many months ago maybe 2 or 3 at most a major flaw in the linux kernal was patched after many years of not being patched. That story and post is long sense dead. MS leaves one unpatched for 6 months and gets blasted to bits by posters and article writers. It is like linux can do not wrong and windows can do no good. Use what ever os you want but when it needs to catch some flack over foolishness on the developers part who ever they are well take the hit and fix it move on apologize and pay back your customers if it is warranted even if they paid you nothing.

TheMayor

join:2002-05-09
reply to novaflare

Re: Microsoft serves court order on NoIp.com & seized 22 commonly used domains

NoIp also has a paid service. It's possible some of those domains taken down were under the paid service.


Chubbzie

join:2014-02-11
Greenville, NC
reply to TheMayor
»www.noticeoflawsuit.com/

Evidently NoIp/VitalWerks Internet Sol. were already warned about the malicious activities coming from their network(s) and did nothing. That completely contradicts NoIp's press release if that is true.


humanfilth

join:2013-02-14
cyber gutter

2 edits
reply to TheMayor
So, anyone got a good recommendation for another "free" DDNS provider? Or at least a very low cost paid service that Microsoft(plus the man behind the curtain) isn't going to kill. Since Telus does not provide static IP's for home users.

Through browsers, I can't even get to No IP domains .org .com from Telus(DSL/Cell) or a couple of Proxies.

A tracert, resolves, as if I am getting there without timing out.
I can't reboot my network until later...... Edit:: Rebooted and it took a couple of minutes to get to noip.com
Eddddiiiitttt: I see that noip has a few fallback domain names. Until Microsoft kills them too.

--
When peasants own the government, there is freedom. When the government owns the peasants, there is tyranny
Knowledge and curiosity are not crimes and those who are curious should not be treated like criminals.. »www.eff.org/https-everywhere


beerbum
Premium
join:2000-05-06
Reading, PA
kudos:1
Reviews:
·Comcast
said by humanfilth:

So, anyone got a good recommendation for another "free" DDNS provider? Or at least a very low cost paid service that Microsoft(plus the man behind the curtain) isn't going to kill. Since Telus does not provide static IP's for home users.

if you are not picky about the domain name and if you have an Asus router, you can use the built in ddns client on the router through their (Asus) asuscomm.com domain.. it's free and it works. It also supports other ddns services, no-ip included.. I've been using the Asus service for some time and I have no complaints.

dickie541

join:2013-04-30
Redmond, OR
reply to TheMayor
New at 6:00...Pfizer closes medical marijuana dispensaries...

I am pissed. How does the court allow such bullshit? Microsoft is not the malware police.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 recommendation

reply to beerbum
said by beerbum:

if you are not picky about the domain name and if you have an Asus router, you can use the built in ddns client on the router through their (Asus) asuscomm.com domain.. it's free and it works.

D-Link offers a similar service on dlinkddns.com. It is actually hosted by Dyn, and you get one free dlinkddns.com hostname and one free hostname that you can chose from several dyndns domains in addition to the dlinkddns.com hostname (which must be used on a compatible D-Link router).
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower

The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to dickie541
said by dickie541:

I am pissed. How does the court allow such bullshit? Microsoft is not the malware police.

There is a legal framework by which a complainant can apply for a court order to permit domain takedown. The theory seems to be that the court can seize any asset (i.e., the domain registration) that has been used to commit a crime. You yourself could (I presume) request such a takedown if you had sufficient evidence, and money to pay a lawyer.

Here is a paper on the subject, by no means sympathetic to such seizures,


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

1 recommendation

reply to TheMayor
MS must of had enough evidence to convince the courts that the action was both needed and appropriate, nuke'em till they glow and put some of these other services on notice that this crap doesn't fly.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to TheMayor
The kind of activity that prompted this court ordered take down is the officially published reason that Dyn discontinued their free DDNS service. There are many who think that greed was the prime motivation, but I think that fear of future legal actions as well as damage to their reputation were equal motivating factors. Dyn has been for many years trying to be a major player in the Enterprise market, and being labeled as even indirectly supporting the dark side did not fit the image they want/need to present.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower

The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
-- Thomas Jefferson


mackey
Premium
join:2007-08-20
kudos:12
reply to novaflare

Re: ‏

Please. Linux was blasted back when the news came out just like MS was. In 2-3 months the MS bug will be forgotten about also.


mackey
Premium
join:2007-08-20
kudos:12

3 recommendations

reply to Soup
said by Soup :

Microsoft has to be tough with DNS providers like noip who despite their claims do absolutely nothing to clear malware providers and spammers from their service.

Since when is it Microsoft's job to police the internet? How about they leave the policing to the police, mmmk?

said by Soup :

Until DNS providers are FORCED by international laws to VERIFY identities of lessees of domain names, they will continue to be the main source of spam and malware.

Oh, so you're one of those people. Nothing to hide and all, right? As you post as anonymous. I hate to burst your bubble bud but requiring identities will do NOTHING. The criminals will just use stolen identities. The only thing forcing verification would do is reduce legitimate personal websites while giving criminals more targets to steal identities from.

And compromised legitimate web servers are still the #1 source for malware. A domain by itself doesn't get you jack.

/M


fartness
computersoc dot com
Premium
join:2003-03-25
Look Outside
reply to TheMayor

Re: Microsoft serves court order on NoIp.com & seized 22 commonly used domains

What damage did MS have done because of noip?

That link no longer works. My hostname with noip no longer works.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to TheMayor
Microsoft's takedown of No-IP pushes innocents into the crossfire
quote:
On Monday, Microsoft said they were taking No-IP (noip.com) to task, "as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware."

Post takedown - MS stated.
quote:
“Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”
»www.csoonline.com/article/244950···ire.html


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

1 recommendation

reply to TheMayor
Does no ip have a guaranteed service level and if not then what are their users bitching about? No IP was saying they couldn't deal with the malware because they don't have enough staff, Microsoft is just helping them out.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool

wssddc

join:2001-08-21
Bedford, MA
reply to siljaline
Microsoft may claim to have restored service, but my noip address still does not resolve. I checked that I'm not on the list of bad names. If I do an nslookup of a name from the list, I get 204.95.99.x while my noip.com address returns the name but no ip at all.

dickie541

join:2013-04-30
Redmond, OR

1 recommendation

reply to Link Logger
They carpet bombed us, that is not helping.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

reply to wssddc


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6

1 recommendation

reply to TheMayor
The Microsoft OS is now safer to use.
/dry humor


DigitalXeron
There is a lack of sanity

join:2003-12-17
Hamilton, ON
reply to novaflare
said by novaflare:

-snip-
Ask your self this what would you do if you happened accross a bot net hosted on a free dns site and found admin access by accident for the dns host. Would you just walk away or would you bulk delete every stinking site on the host out right?

All microsoft did in this case was do it by legal methods vs any user on this forum who regardless of if they want to admit it or not would just nuke and walk legal or illegal.
-snip-

No, This is the most Incorrect way to go about this. Removing DNS records en-masse does nothing but makes the resource unavailable and impacts many innocent service operators, it doesn't actually do anything about the computers hosting the malware, including botnets, or the like.

I get the initiative about trying to make the malware "spread less" however, what should be done is Internet Service Providers (including hosting providers) themselves must be taken to task about customers on their network hosting this kind of stuff, at the moment not a lot is being done about the physical networks that are hosting malware, or having infected bots on their systems or the like, everyone is trying to prevent distribution while not cutting stuff off at the source.

The actual problem is that there's not much that can be done legally about these botnet operations and so forth since a lot of the jurisdictions malware is coordinated from have lax computer laws. The top two in my organization's research is China and Russia as far as aggression, both of which are grossly corrupt and lacking any legal structure to deal with systems on networks in their borders that routinely attack other systems.

Now, what should be done from a legal standpoint? Things should keep going up the chain until things get to a level where the bad actors along with ISPs on the Internet who don't keep their networks clean can be brought to account. Governments spend so much time and money talking about "Cybercrime" but not working sufficiently to bring said bad actors and their ISPs to account, this may involve governments bringing other governments to task about having this activity going on in their borders that's harming citizens across the globe, with identity theft, computers being hijacked and so forth, even corporate, enterprise and government systems are being compromised in the same manner.

Many networks do not have abuse departments at all or have abuse departments that have no teeth or anything of the sort to disconnect customers on their networks that have infected systems. Abuse departments are often seen as a "money loser" in an ISP structure as they only deal with complaints and "scaring away customers", rather than bringing sales in and keeping customers, thus they eventually get declawed for "being politically incorrect" by intimidating old grannies with infected computers or something.

ANOTHER problem is the users themselves, ultimately at the end of the day, users aren't taking into account their actions, most malware infections are the result of clicking a link or installing "That nifty smiley program" or "That free coupon program" or the like. A lot of users don't critically think if they're walking into scams or the like and will actually go out of their way to say "It just showed up on my computer!", may that as could be it got installed by some venue and given the advent of firewalls, worms are becoming more based on what sites you visit or what you click, etc.

ANOTHER problem is advertisement networks are not keeping their services clean of scams and things that eventually trace to malware.. Know those ads "Click here to install this video codec to watch this" or "CONGRATULATIONS, you are the 1 billionth visitor, click here for a free whatever"? Those are predominantly malware or other scams, malware ad networks do little to nothing about because they operate on the Internet with impunity given today's climate about advertisement networks in how they can hide behind the sites they advertise on that are at the behest of the advertisers.

ANOTHER problem is that companies that create "borderline" malware sponsor sites like cnet/download.com, which creates an environment where big brand names are proliferating malware, as insignificant as it may seem, software like Conduit is malware and no EULA or the like can say otherwise, meanwhile the company behind the Conduit malware is making money while they're not being clamped down on and dissolved. There are other similar companies too, but these business relationships should not exist as they exploit user trust in the big brands. Should download.com be shut down? Of course not, but they should be forced to stop bundling software with that malware.

So at the end of the day, DNS is only a tiny piece of the real puzzle to bringing closure to malware and won't do much to curb it, just directing malware operations to yet other free DNS providers, or possibly to purchase domains under a stolen identity or to perform "domain tasting" or the like, it won't address the origins of said malware because malware distribution is a very, very complex subject.

Disrupting thousands of legitimate services for the sake of disrupting a handful of botnets or malware distribution channels for a week or two won't solve anything. Malware operations are very adaptive and will adapt to this, I give it a week before things get back to the status quo.

The adversarial nature of the legal system is at a sheer disadvantage when presented with a problem like botnets or malware distribution because it's more than one company or individual doing these things, it's hundreds to thousands of companies along with tens of thousands of people involved. There's no way one can do a handful of lawsuits and solve this problem. There's no way a single company or even consortium of companies can solve this issue without either government support (sanctioning countries where the abuses come from) or performing illegal acts to counter these operations en-masse.

The root problem is that the current "legal" methods are like whack-a-mole, you're not going to make a dent until you have a counter mechanism on the scale that these operations perform at and able to affect the weak points, including inside jurisdictions they call home and to hold businesses (e.g. ISPs, banks, payment processors, etc) that deal with these operations accountable, and at the end of the day making the millions to billions of dollars these operations gain end.

Yes, you heard correctly, these operations have millions to billions of dollars cash flow, of all maliciously gained (e.g. stolen credit cards, bank accounts, through malicious advertisement methods) which they can use to pay off their local authorities to prevent laws and whatnot from coming into existence that may cause them grief and too, pay for additional advertisements and botnet operators for spam to spread their malware and such, if they don't operate a botnet themselves.

In summary, This won't do anything in the grand scheme of things.
--
--Kradorex Xeron
[an error occurred while processing this signature]


NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to TheMayor
There is a reason the service is free. What do people think they are entitled too for free?

If you don't like being impacted by things like this then use a service that is adequately resourced to prevent becoming a cesspool.

When Dyn went fully paid only service model, I set up my own DDNS (RFC2136).

Thank you Microsoft.

--
Be a Good Netizen - Read, Know & Complain About Overly Restrictive Tyrannical ISP ToS & AUP »comcast.net/terms/ »verizon.net/policies/
Say Thanks with a Tool Points Donation


DigitalXeron
There is a lack of sanity

join:2003-12-17
Hamilton, ON

2 recommendations

said by NOYB:

There is a reason the service is free. What do people think they are entitled too for free?

However a service operator of a free service themselves should be free of unjust interference of external parties if they are actively willing to take action against malicious activity conducted through their service. That service shouldn't be mandated to disrupt service to all of their clients and most certainly the control of the infrastructure (in this case, domains) should not be transferred to the complainant, no matter how competent they may be, ordered to work with the complainant? Perhaps, but no takeovers.

Just because one operates a free service it doesn't preclude them from the protections of due process and justice.

This situation is about due process, not whether someone has a right to free service or not.
--
--Kradorex Xeron
[an error occurred while processing this signature]


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to TheMayor
The court order:

»www.noticeoflawsuit.com/docs/Sec···ened.pdf

I should add the news certainly made the round in the hacker forums

»thehackernews.com/2014/06/micros···ons.html

Blake


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS
reply to DigitalXeron
Click for full size
»kb.netgear.com/app/answers/detai···1.0.2.68

Netgears new firmware touts no-ip support...lol

Velnias

join:2004-07-06

1 recommendation

reply to TheMayor
So, should the Microsoft be taken out of Internets, because Windows is a long time unchallenged champion in hosting all kinds of malware


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to TheMayor