Vixie warns: DNS Changer ‘blackouts’ inevitable
father of bind? that's news. dnschanger gonna be a mess? that's not news. randy
On May 22, 2012, at 8:35 PM, Randy Bush wrote:
father of bind? that's news.
<http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html> He was there, and Put The Fix In, to down the network. I gather he's the one pulling it out on the appointed day as well.
dnschanger gonna be a mess? that's not news.
Agreed. Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
On Tue, May 22, 2012 at 08:52:52PM -0700, Michael J Wise wrote:
On May 22, 2012, at 8:35 PM, Randy Bush wrote:
father of bind? that's news.
<http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html>
He was there, and Put The Fix In, to down the network.
Certainly news to Phil Almquist and the entire BIND development team at UCB. Paul was at DECWRL and cut his teeth on pre-existing code. While he (and ISC) have since revised, gutted, tossed all the orginal code, rebuilt it twice - and others have done similar for their DNS software, based on the BIND code base, implementation assumptions, and with little or no ISC code, and they call it BIND as well, it would be a HUGE leap of faith to call Paul Vixie the father of BIND - The Berkeley Internet Naming Daemon. As for being there and "Put The Fix In"... Makes for great PR but in actual fact, its a bandaid that is not going to stem the tide. An actual fix would really need to change the nature of the creaky 1980's implementation artifacts that this community loves so well. /bill
On May 22, 2012, at 9:10 PM, bmanning@vacation.karoshi.com wrote:
On Tue, May 22, 2012 at 08:52:52PM -0700, Michael J Wise wrote:
On May 22, 2012, at 8:35 PM, Randy Bush wrote:
father of bind? that's news.
<http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html>
He was there, and Put The Fix In, to down the network.
Certainly news to Phil Almquist and the entire BIND development team at UCB. Paul was at DECWRL and cut his teeth on pre-existing code. While he (and ISC) have since revised, gutted, tossed all the orginal code, rebuilt it twice - and others have done similar for their DNS software, based on the BIND code base, implementation assumptions, and with little or no ISC code, and they call it BIND as well, it would be a HUGE leap of faith to call Paul Vixie the father of BIND - The Berkeley Internet Naming Daemon.
Methinks we're talking at cross purposes.
As for being there and "Put The Fix In"... Makes for great PR but in actual fact, its a bandaid that is not going to stem the tide. An actual fix would really need to change the nature of the creaky 1980's implementation artifacts that this community loves so well.
I don't think we're talking about the same thing at all. Paul was there to shut down the DNS changer system and replace it with something that restored functionality to the infected machines. And I gather Paul will be one of the people who will turn the lights out on it. Your other comments are non-sequitur to the main issue. When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation. Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
On Tue, May 22, 2012 at 10:07:52PM -0700, Michael J Wise wrote:
On May 22, 2012, at 9:10 PM, bmanning@vacation.karoshi.com wrote:
On Tue, May 22, 2012 at 08:52:52PM -0700, Michael J Wise wrote:
On May 22, 2012, at 8:35 PM, Randy Bush wrote:
father of bind? that's news.
<http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html>
He was there, and Put The Fix In, to down the network.
Certainly news to Phil Almquist and the entire BIND development team at UCB. Paul was at DECWRL and cut his teeth on pre-existing code. While he (and ISC) have since revised, gutted, tossed all the orginal code, rebuilt it twice - and others have done similar for their DNS software, based on the BIND code base, implementation assumptions, and with little or no ISC code, and they call it BIND as well, it would be a HUGE leap of faith to call Paul Vixie the father of BIND - The Berkeley Internet Naming Daemon.
Methinks we're talking at cross purposes.
maybe... :) my comment was refering to the "father of bind" statement.
As for being there and "Put The Fix In"... Makes for great PR but in actual fact, its a bandaid that is not going to stem the tide. An actual fix would really need to change the nature of the creaky 1980's implementation artifacts that this community loves so well.
I don't think we're talking about the same thing at all. Paul was there to shut down the DNS changer system and replace it with something that restored functionality to the infected machines. And I gather Paul will be one of the people who will turn the lights out on it.
He didn't "shut down" DNS Changer, he put up an equivalent system to hijack DNS traffic and direct it to the "right" place... SO folks didn't see any problem and the DNS Changer infection grew and got worse. When he is legally required to take his "bandaide" out of service, then the problem will resolve by folks who will have to clean their systems. As for "turning the lights out" - that will only happen when the value of DNS hijacking drops. As it is now, ISC has placed DNS hijacking code into their mainstream code base... because DNS hijacking is so valuable to folks. In a modestly favorable light, ISC looks like an arms dealer (DNS redirection) to the bad guys -AND- (via DNSSEC) the good guys. Either way, they make money. And yes, I think I agree with you. Paul will be there to turn things off when they no longer make money for his company.
Your other comments are non-sequitur to the main issue.
Perhaps I am not a member of the Paul Vixie cult of personality.
When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation.
Amen. And there will be thousands more of them when the court order expires than existed when the Feds called him in. /bill
Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation. Amen. And there will be thousands more of them when the court order expires than existed when the Feds called him in.
they could extend the court order, or prolong the do-gooder hack longer under some other pretext, increasing the underlying problem further. more infected machines and more job creation for front line support when the whitewash finally stops. randy
On May 22, 2012, at 10:47 PM, Randy Bush wrote:
When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation. Amen. And there will be thousands more of them when the court order expires than existed when the Feds called him in.
they could extend the court order, or prolong the do-gooder hack longer under some other pretext, increasing the underlying problem further. more infected machines and more job creation for front line support when the whitewash finally stops.
According to the pretty graphs, the number of machines querying the aforementioned infrastructure is going down. Just not as fast as pretty much everyone would prefer… and the DOJ is footing the bill, and grows tired of it. So at some point, the lights are gonna be turned off. It's a shame the ISPs who have the infected users have done less to mitigate the issue. And many solutions were suggested, but all of them ended up being … perceived to be worse than just shutting it down. Or so I recall the presentation that Paul gave to a bunch of us in San Francisco back in February. Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
On Tue, 22 May 2012, Michael J Wise wrote:
So at some point, the lights are gonna be turned off. It's a shame the ISPs who have the infected users have done less to mitigate the issue.
To be fair, and take issue with this, it's not all on the ISPs, is it? I've been seeing our counts decrease for months, but there are some who will not/cannot get it. I am sadistically looking forward to the shutdown, admittedly.
On May 23, 2012, at 8:22 AM, nanog@namor.ca wrote:
On Tue, 22 May 2012, Michael J Wise wrote:
So at some point, the lights are gonna be turned off. It's a shame the ISPs who have the infected users have done less to mitigate the issue.
To be fair, and take issue with this, it's not all on the ISPs, is it?
Agreed. By definition, the numbers have been falling. So somewhere, someone is doing something to lessen the coming /facepalm
I've been seeing our counts decrease for months, but there are some who will not/cannot get it.
I am sadistically looking forward to the shutdown, admittedly.
You have your time off approved I trust? :) Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
On 5/23/12 1:40 AM, bmanning@vacation.karoshi.com wrote:
In a modestly favorable light, ISC looks like an arms dealer (DNS redirection) to the bad guys
my thought "looks like a reasonably successful alternate root operator". i mention kevin dunlap as well as bill's mention of phil almquist, and there's another 4th floor of evans hall name i nay recall when caffinated. -e
On May 22, 2012, at 9:10 PM, bmanning@vacation.karoshi.com wrote:
On Tue, May 22, 2012 at 08:52:52PM -0700, Michael J Wise wrote:
On May 22, 2012, at 8:35 PM, Randy Bush wrote:
father of bind? that's news.
<http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html>
He was there, and Put The Fix In, to down the network.
Certainly news to Phil Almquist and the entire BIND development team at UCB. Paul was at DECWRL and cut his teeth on pre-existing code.
Indeed, even the ISC history of the BIND project here: http://www.isc.org/software/bind/history shows that Paul's involvement began somewhere in the 4.9 timeframe. One could, however, argue that he is the father of modern BIND implementations. Owen
On 2012-05-23, at 00:10, bmanning@vacation.karoshi.com wrote:
BIND - The Berkeley Internet Naming Daemon.
"Berkeley Internet Name Domain", in fact. http://www.eecs.berkeley.edu/Pubs/TechRpts/1984/CSD-84-182.pdf Joe
Hi,
dnschanger gonna be a mess? that's not news.
Is there anywhere a page where one can type an ASN or a CIDR block and then the whois contacts get a list of IPs that still contact the unintended servers? (I had done ACL with log on borders, and resolvers did show up too. So maybe some NS pointing towards those "bad" blocks?) Thanks, Frank
On Wed, May 23, 2012 at 03:10:38PM +0300, Frank Habicht <geier@geier.ne.tz> wrote a message of 13 lines which said:
Is there anywhere a page where one can type an ASN or a CIDR block and then the whois contacts get a list of IPs that still contact the unintended servers?
In a message written on Wed, May 23, 2012 at 12:35:05PM +0900, Randy Bush wrote:
father of bind? that's news.
I believe the error is in Paul Vixie's Wikipedia page, and I don't do Wikipedia editing so I won't be fixing it. http://en.wikipedia.org/wiki/Paul_Vixie "In 1988, while employed by DEC, he started working on the popular internet domain name server BIND, of which he was the primary author and architect, until release 8." ISC has spent some effort on properly documenting the history of BIND, and the result of that effort is located at: http://www.isc.org/software/bind/history You'll note there are two full paragraphs and a dozen folks involved before Paul had anything to do with BIND. ISC is always interested in updating the history if folks have any additional information. Feel free to e-mail me if you think you have something important to add. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On Wed, 23 May 2012 13:09:09 -0700, Leo Bicknell said:
"In 1988, while employed by DEC, he started working on the popular internet domain name server BIND, of which he was the primary author and architect, until release 8."
ISC has spent some effort on properly documenting the history of BIND, and the result of that effort is located at:
http://www.isc.org/software/bind/history
You'll note there are two full paragraphs and a dozen folks involved before Paul had anything to do with BIND.
One could make the case that the releases before Paul got there weren't exactly popular - how many DNS servers were in production in 1986? ;)
On Wed, May 23, 2012 at 5:42 PM, <valdis.kletnieks@vt.edu> wrote:
On Wed, 23 May 2012 13:09:09 -0700, Leo Bicknell said:
"In 1988, while employed by DEC, he started working on the popular internet domain name server BIND, of which he was the primary author and architect, until release 8."
ISC has spent some effort on properly documenting the history of BIND, and the result of that effort is located at:
http://www.isc.org/software/bind/history
You'll note there are two full paragraphs and a dozen folks involved before Paul had anything to do with BIND.
One could make the case that the releases before Paul got there weren't exactly popular - how many DNS servers were in production in 1986? ;)
Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in... -- -george william herbert george.herbert@gmail.com
On 5/23/2012 6:35 PM, Brett Watson wrote:
On May 23, 2012, at 18:27, George Herbert<george.herbert@gmail.com> wrote:
Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in...
Come on George, hosts.txt was the good old days :)
I still have a copy (from around 1992, so one of the very last), although much edited (and NOT 10,000 hosts, thanks). -- A picture is worth 10K words -- but only those to describe the picture. Hardly any sets of 10K words can be adequately described with pictures.
On Wed, May 23, 2012 at 06:42:34PM -0700, Lynda wrote:
On 5/23/2012 6:35 PM, Brett Watson wrote:
On May 23, 2012, at 18:27, George Herbert<george.herbert@gmail.com> wrote:
Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in...
Come on George, hosts.txt was the good old days :)
I still have a copy (from around 1992, so one of the very last), although much edited (and NOT 10,000 hosts, thanks).
ftp://ftp.math.ethz.ch/pub/doc/hosts.txt Leftovers! -- - (2^(N-1))
On Wed, May 23, 2012 at 6:35 PM, Brett Watson <brett@the-watsons.org> wrote:
On May 23, 2012, at 18:27, George Herbert <george.herbert@gmail.com> wrote:
Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in...
Come on George, hosts.txt was the good old days :)
An elegant weapon, for a more civilized age? -- -george william herbert george.herbert@gmail.com
----- Original Message -----
From: "George Herbert" <george.herbert@gmail.com>
Come on George, hosts.txt was the good old days :)
An elegant weapon, for a more civilized age?
Hokey files and ancient protocols are no match for a good resolver at your side, kid. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Save the good scotch for lmhosts :) On May 23, 2012, at 9:27 PM, George Herbert <george.herbert@gmail.com> wrote:
On Wed, May 23, 2012 at 5:42 PM, <valdis.kletnieks@vt.edu> wrote:
On Wed, 23 May 2012 13:09:09 -0700, Leo Bicknell said:
"In 1988, while employed by DEC, he started working on the popular internet domain name server BIND, of which he was the primary author and architect, until release 8."
ISC has spent some effort on properly documenting the history of BIND, and the result of that effort is located at:
http://www.isc.org/software/bind/history
You'll note there are two full paragraphs and a dozen folks involved before Paul had anything to do with BIND.
One could make the case that the releases before Paul got there weren't exactly popular - how many DNS servers were in production in 1986? ;)
Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in...
-- -george william herbert george.herbert@gmail.com
On 5/23/2012 6:27 PM, George Herbert wrote:
On Wed, May 23, 2012 at 5:42 PM,<valdis.kletnieks@vt.edu> wrote:
One could make the case that the releases before Paul got there weren't exactly popular - how many DNS servers were in production in 1986? ;)
Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in...
When I was in the US Army in Augsburg, GE, I was a dial-up "customer" of our local Army internet node. I'm not sure what the Micro was (Sperry? Unisys?) but it took up a good portion of a small room. hosts.txt was what it used - if I wanted to e-mail someone, I had to get the IP address of their e-mail server and have the sysadmin add it to the file. I, through my aunt, had the hardest time getting the IP address of the Oregon State University e-mail server out of them because they couldn't believe that there was someone out there who wasn't running DNS yet. I just wanted to be able to send e-mail to my aunt, who was one of my few family members who had e-mail at the time. This was 94-95. The system was due to be replaced at some point by a 486 PC... that would do DNS. Base closed in 1998... I wonder if they ever got their new system? Oy... I just remembered trying (and occasionally succeeding) to find Anonymous FTP sites via the nearly random typing of IP addresses on that system. Okay, time to go hug my DNS server. -- Jeff Shultz
The best policy, sometimes, when one sees something questionable on Wikipedia, is to point it out on the talk page, and trust that others will do the dirty work.. as in http://en.wikipedia.org/wiki/Talk:Paul_Vixie#.22Father_of_BIND.22 j On Wed, May 23, 2012 at 4:09 PM, Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Wed, May 23, 2012 at 12:35:05PM +0900, Randy Bush wrote:
father of bind? that's news.
I believe the error is in Paul Vixie's Wikipedia page, and I don't do Wikipedia editing so I won't be fixing it.
http://en.wikipedia.org/wiki/Paul_Vixie
"In 1988, while employed by DEC, he started working on the popular internet domain name server BIND, of which he was the primary author and architect, until release 8."
ISC has spent some effort on properly documenting the history of BIND, and the result of that effort is located at:
http://www.isc.org/software/bind/history
You'll note there are two full paragraphs and a dozen folks involved before Paul had anything to do with BIND.
ISC is always interested in updating the history if folks have any additional information. Feel free to e-mail me if you think you have something important to add.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
-- --------------------------------------------------------------- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -------------------------------------------------------------- -
On Tue, May 22, 2012 at 07:14:16PM -0700, Henry Linneweh wrote:
http://www.theregister.co.uk/2012/05/17/dns_changer_blackouts/
-Henry
Paul certainly knows how to manipulate the press. /bill
----- Original Message -----
From: bmanning@vacation.karoshi.com
On Tue, May 22, 2012 at 07:14:16PM -0700, Henry Linneweh wrote:
http://www.theregister.co.uk/2012/05/17/dns_changer_blackouts/
Paul certainly knows how to manipulate the press.
You don't know journalists very well, do you? Paul almost certainly (p > 0.995) had nothing to do with the writer's chosen appellation, and wouldn't have been able to change it if he had. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
It makes for a more sensational story. On Wed, May 23, 2012 at 12:24 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: bmanning@vacation.karoshi.com
On Tue, May 22, 2012 at 07:14:16PM -0700, Henry Linneweh wrote:
http://www.theregister.co.uk/2012/05/17/dns_changer_blackouts/
Paul certainly knows how to manipulate the press.
You don't know journalists very well, do you?
Paul almost certainly (p > 0.995) had nothing to do with the writer's chosen appellation, and wouldn't have been able to change it if he had.
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
participants (21)
-
bmanning@vacation.karoshi.com -
Brett Watson -
Eric Brunner-Williams -
Frank Habicht -
George Herbert -
Henry Linneweh -
Jason Hellenthal -
Jay Ashworth -
Jeff Shultz -
Joe Abley -
Joly MacFie -
Ken Pfeil -
Kyle Creyts -
Leo Bicknell -
Lynda -
Michael J Wise -
nanog@namor.ca -
Owen DeLong -
Randy Bush -
Stephane Bortzmeyer -
valdis.kletnieks@vt.edu