Telstra is preparing to get proactive with malware, announcing that it will be implementing a DNS-based blocker to prevent customer systems from contact known command-and-control servers. The “malware suppression” tool will will be introduced at no cost for fixed, mobile and NBN customers using domestic broadband and Telstra …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 18th September 2013 23:20 GMT poopypants

Probably on balance a good thing

...but not without some expected collateral damage.

0 0
Wednesday 18th September 2013 23:52 GMT MrDamage

I stopped

using the Telstra DNS servers ages ago, after I installed Comodo Dragon, Comodo's variant of Chrome. It gives you the option to use their SecureDNS service in order to help filter out dodgy websites.

Very soon I shall be ditching their service altogether and going with someone more reliable.

0 0
Thursday 19th September 2013 01:43 GMT jake

Telestra is not big enough to block ...

... coffee & cats.

(That's an inside joke, for those not in the know.)

0 1
Thursday 19th September 2013 12:25 GMT Terry Cloth

You do realize we're all in trouble now, no?

I expect at least a quarter of your readers immediately tried to surf to qwe54fggty.dyndns.biz, creating an extremely suspicious spike in activity.

0 1
1. Tuesday 24th September 2013 04:23 GMT Palebushman
  
  Re: You do realize we're all in trouble now, no?
  
  Come, come now Terry!
  
  99.9% of El Reg readers are not silly, and it's so rude to even suggest such a thing!!
  
  Have a 'Word' with this man Vulture 1, he's falling out of the nest.
  
  0 0
Thursday 19th September 2013 12:29 GMT Terry Cloth

... a firm based in the United States.

Which means, of course, that Oz is inviting the NSA into their networks.

0 0
1. Tuesday 24th September 2013 00:25 GMT Anonymous Coward
  
  Re: ... a firm based in the United States.
  
  Who are you kidding? They pwn down under. Aussie is in bed with them spooks.
  
  0 0
Thursday 19th September 2013 19:45 GMT Anonymous Coward

So... just use public DNS instead of ISP-provided ones...

0 0
Friday 20th September 2013 00:12 GMT DavidRa

I just want to point out that a DNS blocklist as described (and though I do work for Telstra, I have no direct visibility of what's happening here) won't block sites that share an IP address with a C&C site.

As described the "filter" looks for the DNS query to badguy.domain.com and either blocks or ignores those queries. So when you look up "goodguy.mysite.com" it won't match the bad site DNS name, and your query (and connection attempt) proceeds.

I'm not a fan of filtering/blocking etc; be it whitelisting, blacklisting, or using a black box list of "stuff someone claimed was bad". But let's argue about the right stuff :)

0 0
Saturday 21st September 2013 23:38 GMT Robert Heffernan

This might be pretty effec... oh.

This might be effective for about 30 seconds. Media releases like this just let the malware writers know what happened when a big chunk of their botnet goes quiet.

In this case they will just modify their code to query a different DNS server and bam, back on line.

0 0
1. Monday 23rd September 2013 03:29 GMT Martin Budden
  
  Re: This might be pretty effec... oh.
  
  bam, back on line
  
  Temporarily. The bad guy's new DNS will start receiving a lot of suspicious traffic, at which point Telstra sends the new DNS details to ??? in California, who reply that yes the new DNS is bad, and Telstra blocks the new one.
  
  The important question is: how quickly will each new bad DNS be identified and blocked?
  
  0 0
Tuesday 24th September 2013 01:28 GMT James Ashton

Telstra's DNS is Already Broken

Telstra already redirects DNS queries for non-existent domains to some advertising page in violation of DNS specs. You can opt out of this behaviour by manually configuring a different Telstra DNS server. Sadly this service has a high rate of false negatives which is probably also in violation of specs. It will occasionally tell me that sites like google.com or even theregister.co.uk don't exist ... until I push reload. I'm sure their new blocking rules will only make their DNS service even more reliable.

0 0