DSA Dyn DNS Down - MS to blame?!

Collapse

Ad

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • RaTix
    Emperor

    DSA Dyn DNS Down - MS to blame?!

    ** !!! UPDATE !! **
    DSA.servegame.com = DSAserver.ddns.net


    Recently I noticed that our DSA.Servegame.com domain, a Dymanic DNS from NoIP.com, that I use to host game servers on my personal server here, stopped working. Coming up with "unknown domain" and other errors. Today I found out the culprit.

    No-IP’s Formal Statement on Microsoft Takedown

    *******UPDATE*******

    Is your service down because of this outage? The solution we have available at the moment is for you to create a new hostname on a domain that has not been seized by Microsoft. The following domains are free and working

    ddns.net
    webhop.me
    serveminecraft.net
    ddnsking.com
    onthewifi.com

    To create a new hostname, login to your No-IP account and click on the Hosts/Redirects tab. Click a “Add a Host”. Type in your hostname and also choose one of the working domains.

    We apologize for this outage. At this point it is completely out of our hands, but please understand that we are fighting for you.

    Thank you

    *******

    We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue. This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.

    We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.

    Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.

    Vitalwerks and No*-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-*IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly.

    About No*-IP
    For over 14 years, No*-IP has been offering the best and most affordable Dynamic and Managed DNS solutions. Our robust Anycast Network with points of presence in 18 different world*class facilities across the globe guarantees our 100% Uptime, because let’s face it, there are no upsides to downtime. No*IP is the preferred choice for users on the Internet for dynamic DNS compared to smaller, less reliable alternatives. Our DNS Experts will ensure that your website is fast, reliable and always available.

    Contact
    Natalie Goguen
    Marketing Manager
    5905 South Virginia Street, Suite 200
    Reno, NV 89502
    press@no-ip.com

    Support requests will not be answered via email. Please open a support ticket if you need assistance.

    ###

    Here is Microsoft's say on it.

    Microsoft takes on global cybercrime epidemic in tenth malware disruption
    30 Jun 2014 1:23 PM

    The following post is from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.

    Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.

    We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.

    Free Dynamic DNS is an easy target for cybercriminals

    Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.

    For a look at how cybercriminals leverage services like No-IP, and advice for customers to help ensure a safer online experience, please see the graphic below.

    Microsoft legal and technical actions

    On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. The Microsoft Digital Crimes Unit worked closely with Microsoft’s Malware Protection Center to identify, reverse engineer and develop a remedy for the threat to clean infected computers. We also worked with A10 Networks, leveraging Microsoft Azure, to configure a sophisticated system to manage the high volume of computer connections generated by botnets such as Bladabindi-Jenxcus.

    As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions.

    This is the third malware disruption by Microsoft since the November unveiling of the Microsoft Cybercrime Center—a center of excellence for advancing the global fight against cybercrime. This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter. Microsoft provides free tools and information to help customers clean and regain control of their computers at www.microsoft.com/security.

    botnets, Digital Crimes Unit, Security
    I understand the struggle against Malware coders and scammers, Hell I work in that field and have for 6+ years. But to do a full on blitzkrieg of this nature, hurting millions of innocent people that honestly purchased the DNS service, is IMO Draconian. How a US court could even allow another company to usurp another company's service is beyond me. I can understand a cease and desist. But full on Corporate takeover sponsored by the US gov?
    I bet $1mil that MS is poising to take over Dynamic DNS services is simply going after what it sees as it's competitors in this market. Nothing more. Or a publicity stunt to push out it's new Cyber Crime unit. What a horrible TV series that would make.

    So my question is who the hell is going to fulfill the agreement to service my Dynamic DNS that I paid for?!

    In the mean time, while I search for a solution, you may have trouble reaching certain DSA services, Like the Minecraft Server, Terraria, and some others. Who would of thought that Minecraft diamonds were actually Malware Worms!!
    Last edited by RaTix; 07-01-2014, 11:49 PM.
    "POWER!!! UNLIMITED POOWWWEEEER!!!!!!

    "Tell me what you regard as your greatest strength, so I will know how best to undermine you; tell me of your greatest fear, so I will know which I must force you to face; tell me what you cherish most, so I will know what to take from you; and tell me what you crave, so that I might deny you."
    ?Darth Plagueis

    "Peace is a lie, there is only passion. Through passion, I gain strength. Through strength, I gain power. Through power, I gain victory. Through victory, my chains are broken. The Force shall free me."
  • RaTix
    Emperor

    #2
    Fuck you ms!!!

    microsoft admits technical error in ip takeover, but no-ip still down
    jeremy kirk, idg news service

    jul 1, 2014 5:30 pm
    e-mail
    print

    microsoft admitted tuesday it made a technical error after it commandeered part of an internet service’s network in order to shut down a botnet, but the nevada-based company says its services are still down.

    A federal court in reno granted microsoft an ex-parte restraining order that allowed it to take control of 22 domains run by no-ip, a dns (domain name service) provider owned by vitalwerks, which was served the order on monday.

    Microsoft alleged the domains were being abused by cybercriminals to manage and distribute malware. It was the tenth time microsoft has turned to the courts to take sweeping action against botnets, or networks of hacked computers.

    Although no-ip was not accused of wrongdoing, microsoft maintained the company had not done enough to stop abuse on its networks. Microsoft’s intention by seizing the domains was to block only the computers using no-ip’s services that were being used as part of a botnet.

    But “due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service,” according to an email statement from david finn, executive director and associate general counsel of microsoft’s digital crimes unit.

    “we regret any inconvenience these customers experienced,” finn wrote via email on tuesday.

    He claimed that no-ip’s services were restored at 6 a.m. Pacific time tuesday. No-ip spokeswoman natalie goguen wrote via email that microsoft made a technical change on tuesday to forward legitimate traffic back to no-ip, but “it didn’t do anything.”

    “although they seem to be trying to take corrective measures, dns is hard, and they don’t seem to be very good at it,” she wrote.

    When queried, a microsoft spokeswoman pointed to a tweet by no-ip that said it was under ddos (distributed denial-of-service) attack. Goguen responded that no-ip’s website was under attack but it did not affect its dns infrastructure.

    No-ip provides a free service that allows a customer’s domain name to always point back to their computer even if an isp assigns a different ip address to a computer when it comes online. It does that by offering subdomains for 22 main domain names it owns.

    The ip address of a customer’s subdomain is updated as the computer’s ip address changes. Records in the dns (domain name system) are then updated.

    In its civil suit, microsoft alleged two foreign nationals, mohamed benabdellah of algeria and naser al mutairi of kuwait, used no-ip’s service to facilitate the management of malware that steals sensitive data from people’s computers.

    No-ip’s service “provides computers that move from ip address to ip address a stable domain name for malware-infected computers to contact,” according to the lawsuit.

    No-ip maintains that it has worked with companies that reported abuse but “unfortunately, microsoft never contacted us or asked us to block any subdomains,” according to a blog post on monday.
    "POWER!!! UNLIMITED POOWWWEEEER!!!!!!

    "Tell me what you regard as your greatest strength, so I will know how best to undermine you; tell me of your greatest fear, so I will know which I must force you to face; tell me what you cherish most, so I will know what to take from you; and tell me what you crave, so that I might deny you."
    ?Darth Plagueis

    "Peace is a lie, there is only passion. Through passion, I gain strength. Through strength, I gain power. Through power, I gain victory. Through victory, my chains are broken. The Force shall free me."

    Comment

    • Cottoinc
      Imperial Advisor
      • Dec 2009
      • 1909
      • DSA Cotto

      #3
      Wow this is fucked up. If we need to buy a new DNS name let me know I will chip in.
      "Thrawn: "Do you know the difference between an error and a mistake, Ensign?"
      Colclazure: "No, sir."
      Thrawn: "Anyone can make an error, Ensign. But that error doesn't become a mistake until you refuse to correct it." [points at Pietersen, Rukh kills him] "Dispose of it. The error, Ensign, has now been corrected. You may begin training a replacement."
      ―Grand Admiral Thrawn, punishing a naval officer for failure

      Comment

      Ad

      Collapse
      Working...
      😀
      🥰
      🤢
      😎
      😡
      👍
      👎