North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A couple or advanced references...

  • From: Fred Heutte
  • Date: Tue Feb 19 04:05:53 2008

Follow-up to fergdawg, the Georgia Tech/Google study made it on
the wires today (including the front section of our local Oregonian,
below is the Times of India version).

Congrats to NANOG and all the presenters for the network center
energy efficiency segment today.  I'm not really active on the network
side these days (though a NANOG lurker since 1996 or so) but my
history in energy efficiency work goes back to 1983 and it's great
to see this finally getting really top-level attention and the session
was really good today in covering many if not all of the layered
aspects of the issue.

cheers, and back to mode.lurk



Did you know servers can lie


SAN FRANCISCO: They're called ?servers that lie.?

Mendacious machines controlled by hackers that re-route Internet
traffic from infected computers to fraudulent websites are
increasingly being used to launch attacks, according to a paper
published this week by researchers with the Georgia Institute of
Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are
returning malicious Domain Name System results, which means people
with compromised computers are sometimes being directed to the wrong
websites -- and often have no idea.

The peer-reviewed paper, which offers one of the broadest
measurements yet of the number of rogue DNS servers, was presented
at the Internet Society's Network and Distributed System Security
Symposium in San Diego.

The fraud works like this: When a user with an affected computer
tries to go to, for example, Google's website, they are redirected
to a spoof site loaded with malicious code or to a wall of ads whose
profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal
information, from email login credentials to credit data, and take
over infected machines.

The spoof sites run the gamut. Some are stunningly convincing,
others amusingly bogus with spelling errors and typos.

The DNS system is a critical part of the Internet's infrastructure,
used to make sure computers know how to contact each other. People
usually automatically use the DNS servers of their Internet
providers, but the recent wave of attack modifies the settings on
victims' computers to send traffic to rogue DNS servers.

Attacks using manipulated DNS results aren't new. Profit-driven
hackers have a strong incentive to control where users go on the
Web. The paper looked at viruses that started appearing in 2003
designed to alter the DNS settings on infected computers.

The report noted that the rogue DNS servers don't always return
incorrect results, often fooling users into believing their Internet
access is working properly. Hackers thus can route users to
malicious websites whenever they choose.

Most up-to-date antivirus software will catch and banish the viruses
used to change DNS settings. Once a computer has been infected,
users need to run a new scan with the latest software and change
their DNS settings back -- which is easy.

Security experts not involved in preparing the paper said it adds
valuable data about the scope of an increasingly popular type of

?A lot of people don't realize the seriousness of it,? said Paul
Ferguson, a threat researcher with Trend Micro Inc. ?The problem is
getting worse.?