[153147] in North American Network Operators' Group
=?windows-1252?Q?Re=3A_Vixie_warns=3A_DNS_Changer_=91blackouts=92_inevita?=
daemon@ATHENA.MIT.EDU (cncr04s/Randy)
Thu May 31 09:16:18 2012
In-Reply-To: <87likculjh.fsf@mid.deneb.enyo.de>
Date: Thu, 31 May 2012 08:14:40 -0500
From: "cncr04s/Randy" <cncr04s@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, May 28, 2012 at 2:56 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
>
> [Dnschanger substitute server operations]
>
> > One thing is clear, Paul is able to tell a great story.
>
> PR for ISC is somewhat limited, it's often attributed to the FBI:
>
> | The effort, scheduled to begin this afternoon, is designed to let
> | those people know that their Internet connections will stop working
> | on July 9, when temporary servers set up by the FBI to help
> | DNSChanger victims are due to be disconnected.
>
>
> <http://news.cnet.com/8301-1009_3-57439407-83/google-will-alert-users-to-=
dnschanger-malware-infection/>
>
> | The FBI has now seized control of the malicious DNS servers, but
> | countless computers are still infected with the malware.
>
>
> <http://www.h-online.com/security/news/item/Google-warns-DNSChanger-victi=
ms-1583037.html>
>
> | The malware is so vicious =97 it can interfere with users' Web
> | browsing, steer them to fraudulent websites and make their computers
> | vulnerable to other malicious software =97 that the FBI has put a
> | safety net of sorts in place, using government computers to prevent
> | any Internet disruptions for users whose computers may be infected.
>
>
> <http://www.technolog.msnbc.msn.com/technology/technolog/infected-users-g=
et-legit-warning-about-july-9-internet-doomsday-751078>
>
> (I'm justing quoting what I found. =A0Some of the linked articles
> contain bogus information.)
>
> In any case, this isn't what bugs me about the whole process. =A0I don't
> like the way this is implemented=97mainly the use of RPZ, but there are
> other concerns. =A0The notification process has some issues as well, but
> it's certainly a great learning exercise for all folks involved with
> this. =A0To me, it doesn't really matter that Dnschanger is fairly minor
> as far as such things go. =A0Hopefully, the knowledge and the contacts
> established can be applied to other cases as well.
>
Exactly how much can it cost to serve up those requests... I mean for
9$ a month I have a cpu that handles 2000 *Recursive* Queries a
second. 900 bux could net me *200,000* a second if not more.
The government overspends on a lot of things.. they need some one whos
got the experience to use a bunch of cheap servers for the resolvers
and a box that hosts the IPs used and then distributes the query
packets.
