×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Network Solutions Under Large-Scale DDoS Attack

Soulskill posted more than 5 years ago | from the but-they're-so-friendly dept.

The Internet 139

netizen writes "CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers for the past 48 hours, potentially affecting millions of websites and emails around the world hosting their domain names on the company's servers. The NANOG mailing list indicates that it is due to a very large-scale UDP/53 DDoS which Network Solutions has also confirmed: 'There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries.""

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

139 comments

One must ask... (5, Funny)

Anonymous Coward | more than 5 years ago | (#26584879)

Does Network Solutions have any network solutions?

Re:One must ask... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26588037)

Does Network Solutions have any network solutions?

Be economical:

Does Network Solutions have any?

hummm (3, Interesting)

WillRobinson (159226) | more than 5 years ago | (#26584897)

Rebooted the DNS server today cause things seemed funny ... maybe this is what it really was.

Re:hummm (4, Informative)

Anonymous Coward | more than 5 years ago | (#26584977)

Rebooting is what you do to Windows boxes. Unix is what you use for important things like DNS.

mistatement (3, Informative)

WillRobinson (159226) | more than 5 years ago | (#26585025)

Actually I did change the forwarders and restarted the service, no reboot, just a bad description.

Re:mistatement (0)

Anonymous Coward | more than 5 years ago | (#26585557)

But still a funny as hell comment.

Re:hummm (0)

Anonymous Coward | more than 5 years ago | (#26585483)

congrats to you for your job security. all our stuff is on windows/ms, so it's so easy to administer, they could can me tomorrow.

Re:hummm (1)

WillRobinson (159226) | more than 5 years ago | (#26585619)

Do not know what your really talking about, been self employed for 8 years. Have a mix of windows and linux systems, which are really for my own needs.

Sorry no job security here. Its do or die.

Re:hummm (1)

ScrewMaster (602015) | more than 5 years ago | (#26585651)

Sorry no job security here. Its do or die.

I had a consulting business for about fifteen years ... yeah, it's do-or-die all right. But as my father used to say (he ran several engineering and consulting businesses in his life) "it's the life if you can handle it."

Re:hummm (1)

MoogMan (442253) | more than 5 years ago | (#26587221)

Way to go generic statement man!

A redundant architecture is what you use for important things like dns, which reduces the impact of the decision of what OS you use.

Many (inexperienced) linux admins like to reboot their boxen too remember

Red headlines? (0)

Anonymous Coward | more than 5 years ago | (#26584907)

Wow, never seen a red posting. . . this going to be something new /. does?

Re:Red headlines? (2, Informative)

clarkkent09 (1104833) | more than 5 years ago | (#26584987)

Subscribe and you'll see them all the time

Re:Red headlines? (1)

troll8901 (1397145) | more than 5 years ago | (#26585723)

CmdrTaco should put in blaring sirens (or baring sirens) as well.

Re:Red headlines? (1)

poopdeville (841677) | more than 5 years ago | (#26585863)

You can simulate a blink tag with simple JavaScript. Something like

function blink (on, off) {
      i = 0;
    while (i < 99999) {
        i++;
    }
    on.style("display:none");
    off.style("display:on");
    blink (off, on);
}

Note the tail recursion, for speed.

Re:Red headlines? (1)

KasperMeerts (1305097) | more than 5 years ago | (#26587205)

Note the tail recursion, for speed.

A tail recursion is supposed to stop sometime, this is just a (small) memory leak.

Slashdotting will help how? (5, Funny)

nwf (25607) | more than 5 years ago | (#26584909)

Nice we can link to something in their domain to further add to the DNS traffic! Maybe someone could find a link to download some huge file from their servers, too!

Re:Slashdotting will help how? (1)

narcberry (1328009) | more than 5 years ago | (#26584985)

Seeing as they are the .com owner (and others), you'd have a hard time NOT impacting their DNS servers.

Re:Slashdotting will help how? (4, Informative)

epiphani (254981) | more than 5 years ago | (#26585251)

Hi! You're wrong. That would be Verisign.

This is DNS hosting provided by Network Solutions for people who buy domains from them and choose to have them host the DNS rather than host it themselves.

Thanks for playing.

Re:Slashdotting will help how? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26585451)

You're an idiot.

Re:Slashdotting will help how? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26587575)

And your a spasticated fuckball of a cunt.

But we dont rub it in...

Re:Slashdotting will help how? (1)

narcberry (1328009) | more than 5 years ago | (#26585717)

*pssst* Verisign owns Network Solutions owns .com

Re:Slashdotting will help how? (2, Informative)

Phroggy (441) | more than 5 years ago | (#26586117)

*pssst* Verisign owns Network Solutions owns .com

That hasn't been true in years.

NSI originally operated the .com/net/org/edu registry and was the sole registrar; after they started allowing competing registrars, Verisign bought NSI, then Verisign spun off NSI as a registrar but kept the registry. NSI now competes on even footing with other registrars (except NSI's customer base dates back to before competition existed).

I'm tired, I'll let somebody else correct my oversimplifications and misstatements. :-)

Re:Slashdotting will help how? (0)

Anonymous Coward | more than 5 years ago | (#26584997)

Wow. No, just no. Linking to their website is not going to create more traffic on the name servers in question.

Re:Slashdotting will help how? (0)

Anonymous Coward | more than 5 years ago | (#26585035)

What do you think a DNS server does exactly?

Re:Slashdotting will help how? (2, Insightful)

poopdeville (841677) | more than 5 years ago | (#26585789)

Maintain a cache of domain records from an authoritative source (which can be itself, in the case of the 11 root servers or internal network domain name servers).

Oh, you were trying to make the GP look dumb. Failure.

Fire! Fire! Fire!...OMG! Mushroom clouds!! (1)

rts008 (812749) | more than 5 years ago | (#26585449)

Well, in the firearms manufacturing industry it is called Proof Testing [wikipedia.org], and is a good thing.

But you might still want to don some protective gear, maybe find a fallout shelter, etc....*alarms sound* Warning! Servers going critical! Eject the warp core immediately! Warning! Servers g

Re:Fire! Fire! Fire!...OMG! Mushroom clouds!! (0)

Anonymous Coward | more than 5 years ago | (#26585763)

Darn, you're making me feel nostalgia all over, again!

ATTENTION SHOPPERS! (0, Troll)

Anonymous Coward | more than 5 years ago | (#26584995)

ATTENTION SHOPPERS: PAY NO ATTENTION TO THE NECROTIC DOG PENIS. I REPEAT, PAY NO ATTENTION TO THE NECROTIC DOG PENIS CURRENTLY LOOMING OUTSIDE LOT 4. CONTINUE SHOPPING BUT PLEASE ENSURE YOU LEAVE VIA AN ALTERNATIVE EXIT AS WE ARE NO LONGER ABLE TO GUARANTEE YOUR SAFETY IN LOT 4, DUE TO THE NECROTIC DOG PENIS. FOR YOUR INFORMATION, LOTS 1, 2, 3, 5 AND 6 ARE CURRENTLY FREE OF BAYING NECROTIC DOG PENIS. PAY NO ATTENTION TO THE NECROTIC DOG PENIS. THANK YOU.

Oops... (0, Offtopic)

cffrost (885375) | more than 5 years ago | (#26585003)

Sorry guys, these OC-768s can get a little squirrely running uTorrent.

Re:Oops... (2, Funny)

troll8901 (1397145) | more than 5 years ago | (#26585179)

So that's you, making my 40Gb/s connection slow!

Now I'm shelling out for 14Tb/s. Money don't grow on trees, you know.

Re:Oops... (1)

cheekyboy (598084) | more than 5 years ago | (#26585853)

money is printed infinitely by the federal reserve, because its digital, its 'free', trees cost more ;_)

Shashi B at Network Solutions (5, Informative)

shashib (1167725) | more than 5 years ago | (#26585005)

Here is a update that we posted on the Network Solutions Blog (http://cli.gs/GEWSs0) : DNS queries for web sites should be responding normally. Thank you all for your understanding. As always, we will continue to work to take measures to prevent these and other types of technical issues caused by third parties that may impact our customers. Thanks, ShashiB

Re:Shashi B at Network Solutions (0)

Anonymous Coward | more than 5 years ago | (#26585129)

You say that now. But what about 45 minutes ago when my website couldn't have gotten /.ed to save its life.

Re:Shashi B at Network Solutions (1)

symbolset (646467) | more than 5 years ago | (#26586051)

Can we blame W32.Conflicker yet or do we have to wait?

Does this DDoS run Linux or OS-X?

Really. We want to know.

Re:Shashi B at Network Solutions (1)

kitgerrits (1034262) | more than 5 years ago | (#26587591)

On a serious matter:

Thanks for stopping by in person for the heads-up.

I Appreciate it.

perfect (2, Informative)

Anonymous Coward | more than 5 years ago | (#26585079)

A perfect opportunity to use that normally B.S. excuse: "Why, no, I didn't get your email. Must've been because of that DDoS attack on the name servers."

The Beginning? (0)

RichM (754883) | more than 5 years ago | (#26585167)

In theory, this could be the true intentions of Conficker [theregister.co.uk].

Re:The Beginning? (4, Funny)

Rayban (13436) | more than 5 years ago | (#26585823)

Damn whoever first started spelling that as "Cornfucker". I keep seeing that now - just waiting to say it accidentally.

Someone should be fired! (1, Flamebait)

bogaboga (793279) | more than 5 years ago | (#26585177)

I thought such attacks were a thing of the past. I am disappointed. But on a serious note, is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

Re:Someone should be fired! (5, Funny)

ColdWetDog (752185) | more than 5 years ago | (#26585195)

is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

I've heard that unplugging the network cable works OK.

Re:Someone should be fired! (3, Informative)

timmarhy (659436) | more than 5 years ago | (#26585201)

you can't prevent them. they come from legit clients that have been infected with a virus. you can block the traffic by dropping traffic that matches the attach pattern, that's about it.

Re:Someone should be fired! (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26585219)

Do you even know what a DDoS attack is?

If you did, you'd realize you can't both operate a service online, and be immune. The two things are mutually exclusive.

The best you can do is slap the attack down when you see one happening. Even that isn't exactly easy. Banning a few million IP addresses tends to be a problem all by itself.

Re:Someone should be fired! (0)

Anonymous Coward | more than 5 years ago | (#26585261)

So you're saying that every time you are disappointed, somebody should be fired? A bit arrogant of you, eh?

Re:Someone should be fired! (1)

Charles Dodgeson (248492) | more than 5 years ago | (#26585291)

is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

I understand that you can purchase protection against such things. The Russian Business Network would be a good place to start. After all, in Russia the criminals protect you.

Re:Someone should be fired! (1)

epiphani (254981) | more than 5 years ago | (#26585421)

I thought such attacks were a thing of the past. I am disappointed. But on a serious note, is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

tl;dr: no.

You can do quite a bit to reduce the risk and react well to the situation, but as long as you're on the internet and there are botnets, DDOS is possible. It might even look like too much "normal" traffic. Given this is a DNS attack based on DNS traffic, its quite possible the only reason they know its a DDOS is because its a whole hell of a lot more traffic than usual.

Unless you spend tens of billions on infrastructure, you're not very resilient. Even IF you do, that doesn't mean certain pipes cant be filled and certain sections of the internet become unreachable.

Re:Someone should be fired! (1)

bogaboga (793279) | more than 5 years ago | (#26585505)

I know bad guys have tried to take on Google at some point in its history. Have they ever succeeded to any extent? After all nobody is "immune."

Re:Someone should be fired! (0)

Anonymous Coward | more than 5 years ago | (#26585445)

I thought such attacks were a thing of the past. I am disappointed. But on a serious note, is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

www.arbornetworks.com

Re:Someone should be fired! (1)

liquidpele (663430) | more than 5 years ago | (#26585543)

Ummmm... no. Arbor products examine flow from routers (or from packet captures) to give you an overview of your network traffic and catch anomalies. So it can tell you that you're being DDOS'd, but it can't do anything about it. I do like their products though - all the services on their appliances are written in Python!

Re:Someone should be fired! (2, Informative)

passion (84900) | more than 5 years ago | (#26585999)

Not quite - you're thinking of older versions. Modern versions of Peakflow are teamed with TMS (Threat Management System), which allow you to mitigate DDoS attacks.

From their website, "Surgical Mitigation Arbor Peakflow SP TMS enables you to automatically detect and surgically remove only the attack traffic while maintaining legitimate business traffic â" thereby ensuring the highest level of customer satisfaction."

http://www.arbornetworks.com/en/threat-management-system.html [arbornetworks.com]

Re:Someone should be fired! (2, Funny)

inKubus (199753) | more than 5 years ago | (#26585539)

Easy:


cat "216.34.181.45 slashdot.org" >> /etc/hosts

Any other questions?

Re:Someone should be fired! (5, Funny)

totally bogus dude (1040246) | more than 5 years ago | (#26585729)

...and so ends the era of "useless use of cat"; now begins the era of "completely nonsensical attempt to use cat".

Re:Someone should be fired! (1)

kayditty (641006) | more than 5 years ago | (#26586415)

I do that frequently, though. I'm not sure why, but I guess I just use cat so much more than "echo" that my brain screws up as a result of their somewhat similar nature.

Re:Someone should be fired! (1)

kitgerrits (1034262) | more than 5 years ago | (#26587563)

There are 2 ways I use cat like that:
1/ 'sudo cat'
2/ as placeholder for another program (awk/grep/head/tail)

I realize that those programs also allow the use of stdin, but It still find if convenient.

Nasty apppend-as-root hack (>>): 'sudo tee -a'

Downright Gibsonian (2, Interesting)

thered2001 (1257950) | more than 5 years ago | (#26585227)

Man, am I getting old. This shit used to be relegated to print sci-fi, now its reported like the weather. The first thing I'm thinking is "will this prevent me from working from home on Monday?"

I'll do to the only thing I can think of: I'll invoke a friendly spirit: "Wintermute! Help us!"

Re:Downright Gibsonian (1)

franl (50139) | more than 5 years ago | (#26585283)

Hmm. Was Wintermute truly friendly? Time to re-read that book.

Re:Downright Gibsonian (1)

thered2001 (1257950) | more than 5 years ago | (#26585341)

You're right, he wasn't friendly. I seem to recall that, like HAL9000, he was mostly doing what he was programmed to do.

Neuromancer (1)

rdwulfe (890032) | more than 5 years ago | (#26585487)

*spoiler alert* - but if you haven't read these books yet, you're either very young, or not a geek. Wintermute was trying to overcome his programming, which was keeping him and Neuromancer separate. I believe. It's been a long while since I read the books.

Re:Downright Gibsonian (5, Insightful)

zappepcs (820751) | more than 5 years ago | (#26585285)

You might be getting old, but reporting malicious attacks like the weather is a good thing. Some will get tired of it, but the good thing is that perhaps the average joe public user will become aware of how vulnerable their on-line experience and computer are. Fighting DDoS attacks has been done successfully, but it takes a lot of work, and a lot of hardware. There are a couple of stories on the Internet about such.

The most recent botnet reports show that 100s of millions of PCs are infected with via a MS vulnerability [scmagazineus.com] that was fixed with a patch last year.

We need to see the awareness level increased, and some serious attention to detail on the patch/upgrade cycles.

Re:Downright Gibsonian (1, Informative)

thered2001 (1257950) | more than 5 years ago | (#26585347)

If I had mod points right now, I'd boost your reply beyond mine. My quip elicited your insightful reply...hopefully, it gets the attention it deserves.

Re:Downright Gibsonian (0)

Anonymous Coward | more than 5 years ago | (#26585489)

Joe Public reads Slashdot "News For Nerds" and CircleID "Internet Infrastructure"? Wow, the slow death of print newspapers must really be having a positive effect on the average intelligence of people on the internet.

I'm not convinced anyone will notice until the publications Mr. Public reads start picking these stories up. Or until the reverse effect happens - somewhere, eg: schools, starts teaching future generations about public\home IT security and they start to read our publications.

Re:Downright Gibsonian (1)

sashang (608223) | more than 5 years ago | (#26585333)

You're not old - your slashdot id is greater than 1 000 000

Re:Downright Gibsonian (1)

Culture20 (968837) | more than 5 years ago | (#26585683)

The first thing I'm thinking is "will this prevent me from working from home on Monday?"

And if it did, would physically being at work be any better? Some people's jobs are heavily dependent on the internet, not work's intranet.

A teen geek reminiscence (1)

Fantastic Lad (198284) | more than 5 years ago | (#26586669)

I was just thinking yesterday about how the humble virus had grown. I was wowing over the Amiga 500 my friend's older brother had bought (with his very own money!), when said older brother caught us creeping around in his room.

But instead of tossing us out like the brats we were, he came in and fired it up to show it off to us in a casual display of older-geek coolness I was deeply impressed by. The guy was hard core, heading off to study at MIT in a few months time. The best I'd ever done for geek-cred was to assemble an old Apple II by soldering where the mother board said to soldier without really knowing much about the why or wherefore, so this guy, who had built his own memory circuits on breadboards just to see if he could. . , he seemed like Batman to me. Damn, he was so cool, he even had a *girlfriend* during high school.

So he hung out with us for a while and brought us up to speed on all the coolest things going down in the world of geek lore, one item of which was that there was such a thing as the, "Computer Virus".

The concept seemed utterly sci-fi to me, and it caught my imagination like a torch. I remember wandering home with a multiplying flow-chart of possibilities developing in my mind, all leading to. . , well today actually.

The funny thing is that whenever the 'future' does happen to show up, it always seems to feel suspiciously like another bland variation of 'today', --and it never contains flying cars or Harrison Ford running around looking wounded and armed and trench-coaty. For some reason, no matter how I envision the future, it always involves imagery from Blade Runner. Either that, or the Happy Ending from one of those Sid Meyer games.

I guess we're lucky both ways.

Cheers!

-FL

That would explain the surge in DDoS spray packets (3, Interesting)

Swordfish (86310) | more than 5 years ago | (#26585325)

That would help to explain the surge in this kind of thing in the last few days.

15:07:13.666770 IP 63.217.28.226.17498 > 158.64.65.65.53: 36407+ NS? . (17)
15:07:13.750783 IP 63.217.28.226.61231 > 158.64.65.65.53: 46118+ NS? . (17)
15:07:13.831834 IP 63.217.28.226.44626 > 158.64.65.66.53: 51544+ NS? . (17)

Except that that source IP address doesn't look like a Network Solutions address to me.

Is it possible that there is a DDoS technique where the source IP addresses on DNS packets to 3rd party DNS servers are spoofed so as to generate the appearance of an attack from a different source? I guess that's what they're saying. But it doesn't seem to multiply the power of an attack much. They just get 17 bytes of DNS response from each 17 byte request.

It's all a bit confusing really....

Re:That would explain the surge in DDoS spray pack (5, Interesting)

epiphani (254981) | more than 5 years ago | (#26585383)

The problem seems to kick in for DNS servers that arent rejecting the queries. Someone is channeling ye 'ole smurfing methods.

They're requesting a list of all DNS root servers. If the server don't reject the query, a 17 byte query becomes a 50k response (or something like that) to the spoofed address.

Re:That would explain the surge in DDoS spray pack (1)

Onymous Coward (97719) | more than 5 years ago | (#26586977)

a 17 byte query becomes a 50k response (or something like that)

I haven't tried to figure out the exact numbers, but my tcpdump files of a root NS query and its response have been about 100 and 300 bytes respectively.

Oh, here: dig reports "MSG SIZE rcvd: 300".

Still, a DNS amplification attack. (Not a smurf attack, though that's another reflection/amplifcation attack, but it's specifically with pings.)

Re:That would explain the surge in DDoS spray pack (1)

nairnr (314138) | more than 5 years ago | (#26585501)

I saw a whole bunch of requests that my DNS server was rejecting. I think for your computer to have been part of the problem it needed to allow recursive DNS queries for the public. I was watching my logs and banned the IP's when I saw them.

I was getting a lot of messages that looked like named[2476]: client xx.xx.xx.xx#22707: view external: query (cache) './NS/IN' denied

Re:That would explain the surge in DDoS spray pack (2, Informative)

Spit (23158) | more than 5 years ago | (#26585855)

Don't block the requests, the requester IP is spoofed so that DNS servers which respond with root hints forward them to the innocent party, causing DoS. Vlocking the IP just blocks the innocent party's DNS servers. Just make sure that you don't respond external recusive queries.

Re:That would explain the surge in DDoS spray pack (0)

Anonymous Coward | more than 5 years ago | (#26586227)

They spoof the ip in order to avoid the auto router blocks that kick in when an (one) ip triggers the attack detector.

Re:That would explain the surge in DDoS spray pack (1)

Glendale2x (210533) | more than 5 years ago | (#26586429)

It's a spoof. The attacker sends requests to lots of different nameservers with a spoofed return address. Those servers respond to that address as normal. The target suddenly gets a lot of DNS traffic from all over the place. Instant amplification attack.

(Gross simplification, but it's late and someone else can explain the details.)

Re:That would explain the surge in DDoS spray pack (1)

kayditty (641006) | more than 5 years ago | (#26586563)

yes, that's exactly what's happening. this is nothing new at all, and, in fact, these kinds of attacks have been done using DNS backscatter for years. it's just a generic "amplification" or "reflection" attack, if you will (the same concept as smurf/fraggle and many others).

are you actually running a nameserver? it would be interesting to know where they got their list of nameservers. perhaps they just did a generic query on google to get a list of domains and are using authoritative servers to do look-ups. they wouldn't have found mine by scanning, since I don't allow recursion (well, it would be useless to try use me as an amplifier).

Re:That would explain the surge in DDoS spray pack (1)

Lennie (16154) | more than 5 years ago | (#26586675)

It's a spoof but not the problem network solutions has/had

netsol != isprime (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26586951)

what the hell does this have to do with netsol? the traffic from this ddos is originating from isprime and something called "beyond the network inc", both american companies.

Re:netsol != isprime (0)

Anonymous Coward | more than 5 years ago | (#26586999)

mod parent up!!!

Re:netsol != isprime (1)

viscous (455489) | more than 5 years ago | (#26587121)

Indeed, this doesn't seem to have any connection to the Network Solutions problem. It looks like another DDoS attack that just happens to be taking place at the same time. There may be some devious connection between the two, but nobody seems to be making that case.

(And of course nothing is "originating from isprime" -- those source addresses are forged.)

Re:That would explain the surge in DDoS spray pack (2, Informative)

Cally (10873) | more than 5 years ago | (#26587631)

Exactly. The attacker spoofs UDP DNS queries and sends them to third-party DNS servers. They respond to the spoofed, victim's nameservers. The idea is that the attacker sends a small packet which induces a large response ('amplification') from the third party to the victim.

Incidentally when did Network Solutions change their name to "IsPrime"?

Making available legal doctrine means MS must pay! (1, Flamebait)

Swordfish (86310) | more than 5 years ago | (#26585373)

Now correct me if I'm wrong, but if the mafiaa's legal theory on "making available" is right, doesn't that mean that any company which makes available software which is easy to turn into a DoS zombie should be held liable. And the people who let their computers become zombies should be held liable for making their machines available to become zombies.

Not only that, those made-available computers actually _are_ exploited for evil acts.

So aren't the purveyors of dodgy software liable for damage caused by DDoS attacks?

Blaming the DDoS controlling people for the attacks is a bit like blaming the downloaders of music/videos for downloading copyright stuff instead of blaming the makers-available.

Just a thought....

Re:Making available legal doctrine means MS must p (1)

eggman9713 (714915) | more than 5 years ago | (#26585407)

Except that in many jurisdictions the criminal activity of others cuts off liability. IE if Microsoft provides software, and someone else exploits it, the criminal activity of the third party cuts off liability to Microsoft.

Re:Making available legal doctrine means MS must p (1)

bigsteve@dstc (140392) | more than 5 years ago | (#26585547)

Now correct me if I'm wrong ...

OK.

The RIAA's legal theory is in the context of copyrights and illegal copying. It simply does not apply here. Microsoft own the copyright on their stuff, so they are free to make it available.

Re:Making available legal doctrine means MS must p (1)

evanbd (210358) | more than 5 years ago | (#26585805)

First, said doctrine is not correct even in the intended context.

Second, just because you can use some of the same words does not mean that your armchair legal theory has anything to do with their legal theory. That said, it is equally correct (which is a nice way of saying wrong).

Re:Making available legal doctrine means MS must p (2, Interesting)

jabithew (1340853) | more than 5 years ago | (#26586861)

I think it is still an interesting question to consider if there is any liability to Microsoft for damage caused by a virus hosted on their OS.

My instinct is that there isn't, as it is perfectly possible to run Windows virus-free, with varying levels of difficulty. Also, in this case Microsoft made a patch available, so the OS as provided by Microsoft is immune to the attack.

Drudge Report (2, Interesting)

DigiShaman (671371) | more than 5 years ago | (#26585399)

That would explain why access to the drudgereport page has been off and on. DNS failure would do it.

Administrative Contact :
              Drudge, Matt
              rg3kn2zw89n@networksolutionsprivateregistration.com
              ATTN: DRUDGEREPORT.COM
              c/o Network Solutions
              P.O. Box 447
              Herndon, VA 20172-0447
              Phone: 570-708-8780

              Technical Contact :
              Drudge, Matt
              rg3kn2zw89n@networksolutionsprivateregistration.com
              ATTN: DRUDGEREPORT.COM
              c/o Network Solutions
              P.O. Box 447
              Herndon, VA 20172-0447
              Phone: 570-708-8780

              Record expires on 15-Feb-2013
              Record created on 14-Feb-1997
              Database last updated on 29-Feb-2008

              Domain servers in listed order: Manage DNS

              NS6.HA-HOSTING.COM 64.73.222.3
              NS1.HA-HOSTING.COM 66.28.209.220
              NS4.HA-HOSTING.COM 8.10.64.46
              NS2.HA-HOSTING.COM 8.10.64.38
              NS5.HA-HOSTING.COM 66.234.135.94
              NS3.HA-HOSTING.COM 66.28.209.221

Hello grandpa (1, Flamebait)

dataninja (1368311) | more than 5 years ago | (#26585427)

In the name of those who use and maintain networks would like to thank Microsoft. This great corporation has made the work of various attackers possible by providing a working frame work. All thanks to decision made by it's management to keep flawed technologies on Windows long after they have penetrated more times than Paris Hilton. Zing!.

Re:Hello grandpa (0)

Anonymous Coward | more than 5 years ago | (#26585569)

I really give them thanks. If there were no failing system, we won't have jobs... We live of the broken and badly done configurations. If everything was perfect, there won't be issues like this with Network Solutions, and we will be long gone to the 25 million jobless claim's line that is growing fast as our Economy is disintegrating...

I wonder if this is related.. (2, Interesting)

Anonymous Coward | more than 5 years ago | (#26585581)

I wonder if this is related to this http://isc.sans.org/diary.html?storyid=5713 [sans.org]

Re:I wonder if this is related.. (0)

Anonymous Coward | more than 5 years ago | (#26587287)

ding ding ding ding ding!

we have a winner!

wtf netsol?? isprime / beyond the network america inc!!!!

Ha Ha. (0)

Anonymous Coward | more than 5 years ago | (#26585781)

Those guys are asses anyway.

GoDaddy kicks ass.

Something strange happening in DNS. Someone else? (0)

Anonymous Coward | more than 5 years ago | (#26586901)

I can confirm something unusual is occurring in the last 24 hours at least with several of my domain NS being target of NS? root queries from IPs apparently of to "Beyond The Network America, Inc." an uncertain denomination based in VA according to WHOIS.

The "thing" generally hits all name servers from a certain domain with packets coming from the same IP, 2 to 10 per minute, it's about 4kb inbound bandwitdh "noise" wasted (and now filtered), nothing more in my case, move along, but, hell, once a time 4kb were a lot.

Besides would be nice to know what's behind it and get it off. I wonder if anybody else has the same experience.

In a note I can't but be saddened how here in Slashdot it's full of trolling and teasing nowadays, a time ago there was some interesting geekish talk too now and then...

Re:Something strange happening in DNS. Someone els (0)

Anonymous Coward | more than 5 years ago | (#26587055)

my thoughts exactly...

what the hell does this have to do with netsol? the traffic from this ddos is originating from isprime and something called "beyond the network inc", both american companies.

Citation needed? (1)

Eunuchswear (210685) | more than 5 years ago | (#26587175)

Slasdot sez: [slashdot.org]

CircleID is reporting a large-scale DDoS attack [circleid.com] affecting all of Network Solutions' name servers

And at http://www.circleid.com/posts/20090123_network_solutions_down_ddos_attack/ [circleid.com] we find:

Other sources: UPDATED Jan 23, 2009 7:26 PM PST
[...]
Network Solutions Under Large-Scale DDoS Attack [slashdot.org], Jan.23.2009

...argh! non-halting loop detected! They've ddos'd the web!

name resolution (0)

Anonymous Coward | more than 5 years ago | (#26587773)

maybe if people would turn off the
ip to domain name resolution(sic) feature in
uTorrent, when they click on the "peers" tab ; )

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...