Poisoning your own DNS for fun and profit

re: Poisoning your own DNS for fun and profit

kog999 — Wed, 30 Jan 2013 16:23:41 GMT

"If I were in this situation, I'd take it up with my government's telecommunication regulator"

I'm sure they'll get right on that.

re: Poisoning your own DNS for fun and profit

ErikF — Wed, 30 Jan 2013 15:29:26 GMT

@Neil: Probably not, but if someone is in control of your connection to the Internet they could spoof the IP address of a host (not) quite as easily as spoofing DNS. Once you are at a point where you can't trust the infrastructure that you're on, nothing short of maybe VPN to a trusted infrastructure is going to help.

If I were in this situation, I'd take it up with my government's telecommunication regulator. I would think that this violates your right to privacy just like if your phone company tapped your line without legal need.

re: Poisoning your own DNS for fun and profit

Rick C — Wed, 30 Jan 2013 15:17:04 GMT

@Henning Makholm, "if the IANA decides to tell Microsoft that their IPv4 block is being reassigned"

To where, exactly, would Microsoft's block be reassigned? Even ignoring Joshua's comment about contracts, they'd probably have to reassign a whole lot of other folks to find a space for it.

re: Poisoning your own DNS for fun and profit

Neil — Wed, 30 Jan 2013 10:23:49 GMT

Would hard-coding the correct IP address in your hosts file* be a violation of their AUP?

*Or local caching DNS server, so that you can fix your entire LAN at once.

re: Poisoning your own DNS for fun and profit

Gabe — Wed, 30 Jan 2013 07:11:25 GMT

Switching ISPs might be a nice idea, but it's easier said than done. Some devices (like a 4G tablet or phone) don't have a choice of ISPs. Many places only have a single broadband provider. My location has exactly two, and I'm already using the good one. I'm not going to switch sides to the Empire just because the Rebel Alliance did something really stupid.

Back when all Internet access was dial-up, there were few differences between ISPs. You wouldn't have to worry about getting a slower connection from one than another, but switching was painful because most people had email addresses connected to their ISP. If you switched ISPs, you had to switch email addresses, which is probably worse than switching broadband providers.

re: Poisoning your own DNS for fun and profit

Damien — Wed, 30 Jan 2013 06:44:34 GMT

@cheong00 - I think what you're referring to is where certain address lookups bypass the hosts file. They still use DNS - what they prevent is a change on the local machine *preventing* DNS lookups from occurring.

re: Poisoning your own DNS for fun and profit

Matt — Wed, 30 Jan 2013 03:46:01 GMT

@cheong: Updates come from update.microsoft.com, not from a hardcoded IP address. Microsoft fixes the "fake update pwning my system" attack by signing the updates using a public key burned into the Windows Update software.

You can DNS poison Windows Updates. But you can't get it to install updates that Microsoft didn't author.

re: Poisoning your own DNS for fun and profit

cheong00 — Wed, 30 Jan 2013 03:30:11 GMT

["What kind of evil Microsoft shenanigans is this? Stealing all my DNS traffic and breaking my intranet." -Raymond]

I think Microsoft has done this once before, by hardcoding Windows Update Server IP so PCs won't be tricked to install update from fake update server by DNS poisoning.

If Microsoft would consider the ISP's action a security threat, Microsoft might do that once again.

re: Poisoning your own DNS for fun and profit

Joshua — Tue, 29 Jan 2013 22:36:55 GMT

@Henning Makholm: Microsoft has one of the old-school IP assignments that cannot be pulled without a stack of contract violations. While these may well all be pulled if IPv6 fails, at that stage the costs involved are a lot worse than one patch to what turned out to be one version of the OS.

re: Poisoning your own DNS for fun and profit

Henning Makholm — Tue, 29 Jan 2013 21:45:57 GMT

@Joshua: That would break every installed copy of the OS if the IANA decides to tell Microsoft that their IPv4 block is being reassigned and would they please migrate to this other one before the end of next month? IP allocations come with an explicit understanding that the registry can change it at any time. This doesn't happen often (being a pain for everybody involved), but if word got out that a company as widely reviled as Microsoft hardcoded an IP address in their distributed software, the risk that somebody in the decision loop would feel motivated to think up a technically convincing reason that the block needed to be reallocated would be significant.