Last month Microsoft led an effort to take control of a domain – 3322.org – in order to disrupt more than 500 different strains of malware affecting millions of innocent people around the world. Using a surgical approach implemented with software from Nominum, Microsoft was able to sinkhole traffic to malware subdomains hosted on 3322.org without impacting queries to legitimate subdomains. Numerous articles covered the effort; some of the better ones are below:
One of the challenges network operators face is responding quickly to market requirements. Agility is the new normal, competitive leadership is based on moving quickly. But progress can be slowed by the disparate interests of marketing or business teams, and technical or operational teams. Marketing can spot trends and identify new services, but it can be difficult to get them implemented quickly in the network when stability is rightfully paramount.
Mobile networks aren’t usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are. This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren’t known to be sources of spam (at least not yet). What’s really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it’s permissible, are the culprits. Bot infected PCs aren’t at all uncommon, and of course bots don’t especially care if they’re using a costly mobile data service to send their spam.
Spam is a never-ending problem for service providers. Unfortunately criminals can still make money at someone else’s expense so they persist in their mindless campaigns. The DNS is an integral part of well-established techniques for handling incoming spam, so unwanted mail doesn’t get delivered to inboxes.
DNSSEC continues to gain momentum as network operators and domain owners watch and learn from early adopters. The learning process is made easier by efforts such as the ongoing work conducted by researchers at Sandia labs to methodically identify and categorize the kinds of problems that are occurring.
Governments around the world are starting to pay attention to botnets and the damage they can inflict. Recently the Chairman of the US Federal Communications Commission (FCC), Julius Genachowski, called for action to address the bot problem and improve Internet security.
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn’t protected them.
Today’s hackers are all about money, they constantly change the face of their exploits to maximize their returns. These agile attacks require agile defenses. Moving security protections into the network is essential to enabling more reliable updates of threat information; aggregation also provides significant scaling and manageability benefits. DNS-based security protections improve agility because DNS queries are a leading indicator of security exposure; from a strategic vantage point the DNS participates in web transactions that provide visibility into the presence of security threats.