Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft Microsoft has admitted that it did disrupt a significant number of legitimate users of No-IP's dynamic DNS service, but says the problem is now sorted out. "Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners' knowledge through the …
Now that Microsoft has set the precedent ni gaining control over items which they do not own due to security concerns, perhaps No-IP can now launch a legal battle to gain control over all Microsoft products, as it can be shown that the majority of malware and virii attack Windows systems due to Microsofts inability to write secure and stable code.
I'm all in favour of taking down spammers and botnets - but when Microsoft can use that as a pretext for seizing a third party's domain name, just because another third party happens to be their customer?! Something's very, very wrong there.
Time someone put a botnet C&C on Azure, to see Microsoft's whole cloud taken offline for a few days on the same basis. After all, they don't get special treatment compared to other service providers ... right?
"Microsoft would shut you down well before that happened."
The Microsoft upon who's sloppy code a multi billion dollar security industry has grown protecting people from M$'s neglect and ineptitude?
I suspect that you might be able to leave an elephant in the lobby and nobody would notice it provided that it was a reasonably quiet elephant.
Well I run a tiny little Mac Mini running OSX Mavericks Server... just for use by my colleagues, an agency and me. Wiki and calendar access.
At first thought it was Virgin resetting my modem again (has happened where they cleared out my port redirects), then found I could access via IP address. Check No-IP site and GREAT - THANKS MS!
Was running perfectly, secure and no issues.
Apparently I can get a new host name... but I liked my old one. Going to pull a right hissy fit now!
It won't, and here's why. The majority of No-IP's customers/users were small businesses at best, mainly individuals, and criminals. Microsoft probably makes very little money from the those small businesses, probably next to none form the individuals (and going by the posts here many seem just happy to shriek at MS whatever they do), and so doesn't really care too much if they get their panties in a bunch. However, they do make an awful lot of money of from bigger businesses, and what those bigger businesses see is MS pro-actively spending money and resources to kill botnets. No amount of freetards whining is going to counter that positive PR.
Okay, Matt, I'll bite this time. Yes using your posited world view this will have little impact. However your posited world view maintains its dominance, as any other, by consent. Every episode like this diminishes that consent. Oh and stating the obviousness of how little others matter in you glorification of your dominance helps too...Thank you.
".....However your posited world view maintains its dominance, as any other, by consent...." Que? MS retains their 'dominant position' by sharp business practices tied to a massive money-making machine, backed up by a well-funded legal arm. You and I may think that stinks, that there are better alternatives to a lot of their products and services elsewhere, but a lot of paying business customers seem to think otherwise.
".....Every episode like this diminishes that consent...." Apart from the idea that every such episode sends warm feelings through the business types, you also have to look at the message it sends to those smaller customers that paid for the NoIP service - big service providers are better, they don't get legally mugged as easily as small ones do. And who is a big service provider? Why, that would be MS.
".....glorification of your dominance ....." Nothing to do with me, thanks. I've spent over a decade working Linux into data enters, the difference between me and a lot of the Penguinistas is I'm not blind to either the benefits of MS's products or the might of the MS PR/marketing machine. Despite what a lot of the haters want to think, MS does employ a lot of very smart people.
Noooooo! I've just upvoted Matt again! :-)
I fear he's right though - MS will bask in the glory of being seen to be policing the internet - however misguided this may seem to us lot.
And yeah, mega-corp won't give a crap about any outage that doesn't affect them
So instead of issuing patches for the malware, they just prefer to own a few domains? Absurd logic, and one that some day could see a judge allowing someone to grab Azure domains because someone is running a C&C botnet on them? Ah well, if they are using XP there are no patches any more...
"How are Microsoft going to patch hacked Linux servers on which most of the targetted C&C servers reside?"
Did you read the article at all? Do you understand how DNS works? Do you understand how a botnet works? Do you understand that your comment reveals that you don't?
"Did you read the article at all? Do you understand how DNS works? Do you understand how a botnet works? Do you understand that your comment reveals that you don't?"
Clearly you didn't read it: "Kaspersky Lab expert Costin Raiu said the power grab has crippled command-and-control systems for many malware operators."
The vast majority of this type of C&C infrastructure is indeed on hacked / exploited Linux based systems.
"Kaspersky Lab expert Costin Raiu said the power grab has crippled command-and-control systems for many malware operators."
Your show an epic degree of confusion. No-ip and similar services are used by these crooks for the same function everyone uses DNS: so that they can avoid hard coding raw IP addresses of the C&C server and use a set of names instead. That way if your C&C machine is seized you can simply change the DNS records at no-ip.org and bring up another one somewhere else.
What Microsoft has done is obtained the power to modify the resolution of these names. So if your bot is trying to contact "ownedmachinemaster.no-ip.org" to get commands, it ends up resolving on an IP address belonging to Microsoft's safety infrastructure.
"The vast majority of this type of C&C infrastructure is indeed on hacked / exploited Linux based systems."
You're again confusing things. The C&C master is a computer using an IRC server as a transport for its communication with the bots. But you don't need to hack anything do to that. They use Linux because the people doing these kind of things usually don't like to have conversations about their Windows licensing status with their hosting service providers or with Microsoft. But "hacked"? Not in any way, it is not necessary to hack anything.
Being able to use an IRC client on a Linux machine to control a botnet and saying that the machine is "hacked" is the same level of "hacked" as if someone tells you a password for a Facebook acccount and you use it to log in from a Windows machine. Does not mean the Windows machine you use is "hacked" in any way.
Now I can only hope that you are not a "security consultant" I'm not and I can grasp the basics of all this.
Until yesterday we were using the admittedly, free, No-IP service for redirecting to our webcam. We probably would never have become a paying customer, so it's probably no great loss that I added an A record at our domain for the (now) static IP hosting the webcam and we no longer need the No-IP account.
To some small degree, that has affected No-IP's business (though god knows how if we weren't paying them a bean) and it must have had worse repercussions elsewhere with paying customers.
I hope Microsoft's apology includes some kind of financial compensation.
Perhaps Microsoft could set up and police their own DDNS service.
oh, no, please, don't give them ideas. I don't want to end up having to own a Windows license to update a DNS record. Or having a live.com account. Or any of the multiple bad ideas they can come up to strengthen the Windows franchise.
Since we actually get our DNS resolution from our broadband provider would complaining to them about the loss of DNS service be worthwhile? In a retail situation the problem is between the customer & the retailer, might that be the case here?
BTW my webcam is still not accessible & I've notified M$ I'll be charging them 50p a day plus interest. They haven't objected so obviously they accept the charge.
I think MS have just shot no-ip in the back of the head.
Last night after a few hours frantic troubleshooting and cursing, I moved all my Dynamic DNS services to another provider (I even had to drive across the county to reconfigure one device whose IP address I didn't have due to no-ip's web servers being down last night).
I suspect I'm not the only one who will be jumping ship after the service disruption, if enough people (paid and free users) do something similar then no-ip's business model will be shot.
Some abusive people were using the no-ip service to do nefarious things. Microsoft went to a judge and somehow got control of the no-ip domains and took control? So a judge took something belonging to one private company and gave it to another. wtf?
I could maybe understand, if MS could show no-ip were aware and ignoring the issue, that the judge may have the domains temporarily disabled, but to give control to MS??
At first glance, it would seem neither MS nor the judge thought this through very well.
Although NO-IPs DNS database were neither physical property or assets (in the strictest sense), unless some kind of injunction or forfeiture act was handed down by a court, I would say MS is sailing in some very murky legal waters. More details and information needed. Even if the takedown was caused by incompetence, at the very least there is a case for negligence.
Hopefully NO-ip will get some decent representation and press a case. Denial of service, misuse or misappropriation of computer assets, etc. were all pretty serious offenses, the last time I looked.
I suppose a parallel would be a neighbor's stereo is playing too loud and causing a nuisance. The cops come and seize everybody's stereo in the building, "just in case". It gets rid of the noise, but also cuts off a lot of people's access to music.
Another poster mentioned (can't remember if it was here, probably not) that in North Korea, the security forces have been known to shut the power off in an entire building before doing physical searches, just to check out what DVDs are locked inside people's players.
"Another poster mentioned (can't remember if it was here, probably not) that in North Korea, the security forces have been known to shut the power off in an entire building before doing physical searches, just to check out what DVDs are locked inside people's players."
Did they remember to outlaw the use of top-loading players which can still be opened with the lights out? Or front-loaders with the paper-clip manual opening hole?
I don't think you can really blame MS for trying to grab control of something that was negatively impacting them and their customers. The court decided to grant MS control so really responsibility lies there - the more relevant question would be if an SLA was put in place by the court for MS to be bound to so that service is ensured.
Although I really don't like MS, I hate malware and botnets more.
Microsoft have just demonstrated that they actually dont know evrything about everything.
This fiasco is like coming out in the morning getting in your BMW and finding it wont start, then learning that Esso had noticed that some criminals are using BMWs for their activity - so Esso had removed all the fuel from your car overnight, without telling you, to stop the activity happening - the upshot is that a lot of legitimate businesses have been crippled too!!!!
David Finn has the front to say that they are sorry for the inconvenience to legitimate No-IP clients, of which I am a paying one, rather tahn a freebie one, and that they have resolved the issues and everything is OK. What f'ing planet is this guy on? He should check the facts before making such a stupid statement...
The first I knew of this was when my FTP server didnt get any datafeeds from suppliers which impacts my business - also my emails stopped working. I couldnt RDP onto my remote Exchange server to see what was going on... it was only when I realised that 3 servers couldnt have all simultaneuosly failed that I started looking at DNS and then saw what David Finn had done to me.
So two days later, contrary to MS's spokes person insisting all is dandy, I still have no routing via No-IP services.
So I have had to set up new DNS forwarding, using a new company, notify 22 suppliers that they need to update my stock feed FTP address, reset MX records for mail and wait 24 hours for the whole thing to propogate.
In short with time and expense this has probably cost me £500 - not a great deal, but multiply this by 4 million - the cost of this cock up could be millions and millions of pounds globally. Whats the address for us all to join a global law suit for compensation?
At this moment mine is still not working and I have had to write to No-IP asking for a refund as I cant see an end to this and have had to move away from them and switching back will mean another 24-48 hours of downtime.
I feel really sorry for the guys at No-IP as I have used them for over 7 years and they have always been great - but I reckon bully boy tactics from MS might be the end of them :(
Hmmm...... all of this discussion caused some disturbing parallels to come a creepin', so I decided to look further and found this:
http://www.tomsguide.com/us/microsoft-no-ip-malware-hunt,news-19087.html
where I read this:
"Microsoft filed a complaint June 19 against two men it believed responsible for the malware: a Kuwaiti named Naser Al Mutairi and an Algerian named Mohamed Benabdellah."
Since these guys are obviously terrorists, everything will be OK. Just carry on... sorry about your lolcats... we'll fix it soon.
AC for the obvious reasons.....
To save yourself a bit of hassle in future should something similar happen again, and do the following:
Register your own domain (or use one you already have), and create a sub-domain that is a CNAME to your no-ip/dyndns etc domain. Set the TTL to an hour. That sub-domain is what you give out to your suppliers.
Next time the service goes tits up, simply register with another dynamic DNS provider, update your sub-domain, and within an hour service is restored.
"Register your own domain (or use one you already have), and create a sub-domain that is a CNAME to your no-ip/dyndns etc domain. Set the TTL to an hour. That sub-domain is what you give out to your suppliers."
Thanks - I already have several domain names and funnily enought just yesterday created CNAME records for ftp. mail. etc for just that reason ;-)
Good advice for anyone else caught out.
Thanks
Can we please have a list of the executive directors email addresses so that I can contact them and demand that my selected domain name (which is a word I made up so that it's unique on the net) be removed from their sh1te filter?
As I (as well as others) have been "selected" by microsoft as being part of a spam problem - without evidence - I feel that we have justification to sue microsoft for slandering my (our) names by taking this form of action. Personally, I use the domain name to monitor my house cameras and those of my parents when away on holiday. Having microsoft block this has caused both myself and my elderly parents much stress.
Maybe a group legal proceeding by all us affected?
It appears as though "No-IP" (which I never heard of until this came up) is the sort of company that turns it's head on what it's customers are doing in order to make money. If true, I'd like to see -all- it's "legitimate" users of "No-IP" turn their heads to some other provider. If I -know- a gun buyer is going to use his purchase to commit a crime, then the responsible thing for me to do is -not- sell him the gun, right?
From what I read, "No-IP" -knew- some of it's customers were using it's data-center to store and forward malware and for command and control of criminal botnets. To the tune of TWENTY-FIVE PERCENT of world-wide traffic! They -knew- it.
I read somewhere that 24% of world-wide internet traffic is criminal activity. ISP's and other service providers who turn a blind-eye on this activity for their own gain should be hung out to dry--or worse.
Huh?
Go back to sleep Uncle Ron and let the adults talk.
If you've never heard of them before, I think you're unable to make any kind of reasoned judgement on the company and it's business practices based solely on some news stories with less than the entire facts in them.
Microsoft screwed up by flailing the ban hammer around without concern for how it would affect innocent customers, and then lied/bungled the response to an extent which makes them look incompetent at best, and downright malicious at worst.
Hmmm...... all of this discussion caused some disturbing parallels to come a creepin', so I decided to look further and found this:
http://www.tomsguide.com/us/microsoft-no-ip-malware-hunt,news-19087.html
where I read this:
"Microsoft filed a complaint June 19 against two men it believed responsible for the malware: a Kuwaiti named Naser Al Mutairi and an Algerian named Mohamed Benabdellah."
As soon as I read the names I immediately stopped worrying. Everything will be OK. We must carry on... dreadfully sorry about your lolcats and we will fix this soon.
Uncle Ron, everyone knows that the winner of every battle rewrites history. It appears that Microsoft with its big bucks has already tried to rewrite it. No-Ip.com is actually more strict on their policies then Microsoft would want you to believe.
Oh, and the gun buyer knows that if you know that he is going to use it for a crime and maybe not get the gun, HE is not going to tell you. This means that you did not stop the crime, but were not an accessory.
As for the domains, I hear some of these botnets might be using some sort of distributed communication, so now, the terrorists could just change to a new domain with seconds. Once the terrorists move on, it is pointless to hold the domains hostage unless you think they are going to move back.
I mean, why run to a (clueless?) judge asking for a restraining order instead of approaching No-IP in the first place. That way, they could not only have squashed the current botnets, but prevented the problem from re-occurring in the future. It's probably cheaper to provide No-IP with the required knowledge and resources than to take charge yourself anyway (except by the looks of it they didn't take charge, they just essentially shut the thing down through Microsoftian carelessness and incompetence).
I would be all for a Kickstarter fund to sue the fuckers.
"I would be all for a Kickstarter fund to sue the fuckers."
Me too - I am still down and have no idea when services will come back... let me know the email addresses of the executives at M$ and I'll gladly bombard them with requests when my domains will be back.
Why the hell do they think my RDP link to my house is a global threat?
W**kers!!
"I mean, why run to a (clueless?) judge "
Because a clueless judge will do anything he's asked to do.
One would hope that the levels of sanctions applied to this level of stupidity is enough to persuade judges in these kinds of cases to take their jurisprudence requirements seriously.
My no-ip.biz domain is now resolving again.
There are no Microsoft DNS in the way any more (according to "dig +trace"). I am no DNS expert (I'm not even "competent" - so there'll be a job at Microsoft for me somewhere then) but earlier today it was hitting the Microsoft DNS then immediately being bounced back "up" the chain and dig gave up because "loop".
So, have Microsoft realised they have dropped a big one here and handed the domains back to noip?
Will be interested to see what's going on now. As with most things in life, I tend to favour the view that it's "cockup" rather than "conspiracy". Microsoft have clearly shown that they couldn't "conspire" to run a DNS service in a month of Sundays.
Icon for my suggested "next job" for all Microsoft execs involved in this utter pile of arse of an attempt to "do something". Wankers. The lot of 'em.
microsoft in their stupidity used an unusually high TTL of 48 hours when they did their junk. My TTL still has 23 hours left until it drop out of the dns servers around the world, You can check your remaining TTL by the following command, if you have dig.
dig any +norecurse mydomain.no-ip.com
I am sure you can do it with nslookup, but not sure how at this time.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
