
Microsoft takes down No-IP.com domains - anExcitedBeast
http://blogs.technet.com/b/microsoft_blog/archive/2014/06/30/microsoft-takes-on-global-cybercrime-epidemic-in-tenth-malware-disruption.aspx
======
Zancarius
> On June 26, the court granted our request and made Microsoft the DNS
> authority for the company’s 23 free No-IP domains, allowing us to identify
> and route all known bad traffic to the Microsoft sinkhole and classify the
> identified threats.

Something about this bothers me. So the _courts_ granted MS the rights to
essentially take over No-IP's DNS in order to "identify" ... "bad traffic?"

The implications of this are... chilling. As much as I want to reserve
judgement, this makes me _uneasy_ (malware aside).

~~~
DINKDINK
[https://en.wikipedia.org/wiki/Namecoin](https://en.wikipedia.org/wiki/Namecoin)
Distributed DNS is the only solution

~~~
zanny
And meshnets. DNS is just a layer on top of an already vulnerable IP stack.

IP can work between broad and anonymous mesh nets, but when an IP address can
be resolved to a business or person it provides an exploit vector.

~~~
walden42
Like MaidSafe? Are there other alternatives?

------
alasdair_
"On June 19, Microsoft filed for an ex parte temporary restraining order (TRO)
from the U.S. District Court for Nevada against No-IP. On June 26, the court
granted our request and made Microsoft the DNS authority for the company’s 23
free No-IP domains, allowing us to identify and route all known bad traffic to
the Microsoft sinkhole and classify the identified threats. "

How can this be legal? Does this mean that if I get malware from a hotmail.com
address, I can file for a TRO against Microsoft and control their domains?

I honestly don't understand why Microsoft should be given this ability.

~~~
tptacek
It's an ex parte order, so presumably Vitalwerks didn't show up in court
despite the summons? If you filed for a TRO against Microsoft and their
lawyers ignored it, something bad might happen to them too.

~~~
bradleyjg
Ex parte means "from (by or for) one party", the judge acts upon the moving
party's request without hearing from the other party. They are supposed to be
rare and meet a high bar -- generally involving emergencies (and occasionally
involving actions that need to remain secret).

Given that the allegations span many months, it's hard to see how it was an
appropriate form of action here. I'd be very interested to see if there was a
written decision granting the TRO.

Edit: This appears to be it
[http://www.noticeoflawsuit.com/docs/Second%20Amended%20Order...](http://www.noticeoflawsuit.com/docs/Second%20Amended%20Order%20-%20flattened.pdf)

~~~
giancarlostoro
I mean, it's not like nuclear warheads are going off, so why should Microsoft
get so much power over this situation? Plus NOIP's reply seems to point that
they all along had a way to communicate openly with one another.

------
nostromo
According to Reuters, Microsoft is only sending traffic from computers that
are infected with malware to Microsoft instead of No-IP.

[http://uk.reuters.com/article/2014/06/30/us-cybercrime-
micro...](http://uk.reuters.com/article/2014/06/30/us-cybercrime-microsoft-
idUKKBN0F52A920140630)

That may still make people uncomfortable, but it seems much less egregious
than Microsoft taking control of No-IP's domains, which is what this press
release implies.

Edit: the reuters article is in error here, not the Microsoft Blog. See below.
Turns out this really is as egregious as it sounds.

~~~
higherpurpose
Microsoft has been doing more and more of this stuff lately, and it does start
to worry me quite a bit. The last time they worried me was when "Microsoft
shut down a million-strong Tor botnet, by _uninstalling Tor from the
computers_ ".

I don't want Microsoft to have that kind of power, let alone use it. Worse
yet, they make it sound like it's some kind of PR win for them. "Microsoft the
hero, takes down evil network". But they usually try to hide how they did it.
Very few articles mentioned they were uninstalling Tor from the computers the
last time around. Most were just churning Microsoft's press release and the
hero narrative.

~~~
wfjackson
>The last time they worried me was when "Microsoft shut down a million-strong
Tor botnet, by uninstalling Tor from the computers".

>Very few articles mentioned they were uninstalling Tor from the computers the
last time around. Most were just churning Microsoft's press release and the
hero narrative.

Microsoft's security software did that, that too only stopped it from
automatically starting if it was installed by a known virus. So if you install
and run a virus scanner, why wouldn't you expect it to block such attacks?

If you didn't want it to do that, I am sure there are ways to opt out from
using Microsoft's security tools. Were there any reports of legitimate Tor
users getting affected by the action?

~~~
jrs235
To opt out uninstall Microsoft's malicious software removal tool.

~~~
AnthonyMouse
Ironic name. Software removal tool is malicious.

~~~
jrs235
Debatable. When you install it and agree to the Terms and EULA you agree to
allow Microsoft to uninstall software that it deems as malicious. I don't know
if that means the tool is malicious.

Most people don't read EULAs. Caveat installing users.

------
runarb
Has I understood this correctly? Microsoft, a private company, has been
granted the right to filter all dns traffic, and choose what will bee forward
to this other company, No-IP. No-IP will so bee allowed to run there service
for the remaining customers Microsoft approves?

Is this common practices in the us legal system? Would it work like this in
the offline world also? If my neighbor sometimes had loud parties that
bothered me, could I be granted the right to stand in front of his door and
turn any potential troublemakers away.

~~~
ntakasaki
>If my neighbor sometimes had loud parties that bothered me, could I be
granted the right to stand in front of his door

What if they were bothering 7.4 million people and inconveniencing many more?

And then didn't show up in court in spite of summons? The police or courts
will take that far more seriously.

~~~
nitrogen
Microsoft is not the police or courts.

~~~
cpncrunch
It was the court that allowed Microsoft to do this.

~~~
serf
the _court_ deciding that a company (Microsoft) should act as the _police_ (or
in this analogy, a bouncer) is still terribly short-sighted, especially when
that company has been historically accused by the DOJ of attempting to form
varying monopolies.

a capable government should _not_ be in the habit of contracting valuable
state-needed cyber-defense to private companys, as the 'keys to the kingdom',
in this case domain records, should not be in the hands of a company that can
benefit privately but rather a state-ran agency which employs proper check and
balances.

------
hendersoon
It's just plain outrageous that this court order was granted. It essentially
puts no-ip out of business when they were not complicit in anything illegal.

It took me 5 minutes to switch my completely legitimate hosts over to
ddns.net. I'm sure the evil botnet owners have backup hostnames and will do
the same, or more likely switch to another provider entirely.

The end result will be a short-lived dip in criminal activity over the next 72
hours or so, inconveniencing many thousands of legit users, and putting a
completely innocent company out of business. Nice move, MS.

~~~
dsl
No-ip was complicit in the illegal activity.

If you use a car wash that is also laundering money, your legitimate need for
a clean car is not a defense against shutting the business down.

~~~
Omniusaspirer
But that's an awful analogy and frankly you should be ashamed for even trying
to paint it in that light. NOIP did nothing illegal whatsoever, their only
"crime" was that they didn't do enough about malware distribution to keep
Microsoft happy- which last I heard wasn't illegal.

To use your car wash analogy, it's more like the car wash unknowingly washed
the car of a drug trafficker and then was essentially put out of business the
next day for being "complicit in the illegal activity".

~~~
lukeschlather
I am uneasy about this situation, but the car wash in question is more like
the car painting shop in Grand Theft Auto. Even if painting cars is a
legitimate activity, when 75% of your customers are trying to mask illegal
activity you should be doing some due diligence to ensure that you're not
enabling illegal activity.

I'm not totally okay with what happened here, but I'm confident that it was
not a "oops, sorry, we'll ban that botnet" situation. no-ip's primary use case
is botnets, and they do have a responsibility to minimize botnet use. They
can't claim ignorance given the widespread use.

~~~
BitMastro
no-ip primary use case is certainly not botnets. It's used by dsl users to
connect to their home network, or to get an easy to remember address for a
vps, or maybe while developing something before getting a proper domain.

------
andrewstuart2
So let me get this straight. Microsoft got a court order to route all of
another entity's DNS traffic to their servers. Giving them the ability to
route a metric crap-ton of private traffic through their data centers. For
"security". I call shenanigans.

I'm also assuming this is why my no-ip domain disappeared this morning,
leaving me with no access to my home servers.

Perhaps the linux on my servers is considered malware. It sure is malicious to
Microsoft's bottom line. I kid, but only a little.

~~~
robert_nsu
Not exactly.

> allowing us to identify and route all known bad traffic to the Microsoft
> sinkhole and classify the identified threats.

According to MSFT, they are only looking at known "bad" traffic. You can take
their word for it... or not.

~~~
pbhjpbhj
If that last line were true then surely the GP's noip domain would still work
and traffic would be routing without any interference. Ergo, they are telling
lies as they are not simply routing "bad traffic" elsewhere but also "good
traffic".

------
pktgen
FWIW, in my experience, No-IP is very, very responsive and helpful to abuse
complaints. Though that is the extent of my experience with them, I've never
thought them to be actively harboring malicious activity (unlike, say,
CloudFlare).

~~~
jlogsdon
> unlike, say, CloudFlare

Care to elaborate?

~~~
nothxbro
A quick search shows exactly what he means. No elaboration necessary.

[http://www.webhostingtalk.com/showthread.php?t=1235995](http://www.webhostingtalk.com/showthread.php?t=1235995)

[http://www.organicweb.com.au/17240/internet/cloudflare-
secur...](http://www.organicweb.com.au/17240/internet/cloudflare-security-
review/)

[http://krebsonsecurity.com/2014/02/the-new-
normal-200-400-gb...](http://krebsonsecurity.com/2014/02/the-new-
normal-200-400-gbps-ddos-attacks/)

~~~
lucb1e
In all 3 links this is the only relevant part I've been able to find regarding
them being malicious:

> Heck, if the DDoS for hire services protect themselves against DDoS attacks
> by using CloudFlare then CloudFlare must be damn good!

So they protect their customers from DDoS attacks. All of them. I see nothing
bad in this. Saying they shouldn't is like saying a government should put all
criminals together in a village and then have them perform criminal activity
on each other.

The link to Kreb's is basically the same: people protecting themselves. Should
CloudFlare play for judge and ban people that do not violate their terms?
Because I'm sure they boot people that perform illegal activities on their
network or otherwise harm their network from within, but I can see why they
don't proactively take down any website mentioning "we offer DDoS attacks".
Like I said before, that person A kills another person doesn't mean that
another person may kill person A, at least not within our current laws. Even
if it did, is CloudFlare the one who should be calling the shots?

Finally your first link is someone complaining to CloudFlare about LOIC (or
related perl scripts launched from VPSes) and cloudflare responds that they
see no harmful traffic and that logs or other details should be attached.
Merely saying "hey I'm having trouble" has never gotten anyone further in
resolving issues. That's why we have logs so that CloudFlare can check their
own logs to see what happened. Perfectly reasonable.

So yeah elaboration _is_ necessary. I do not see why CloudFlare is harmful.

~~~
akerl_
The point being made above is that Cloudflare charges users to protect them
from attacks, but they're also providing protection (from attacks and
identification) to the people _performing_ the attacks. To many, it appears
that they're helping to allow malicious activity because it benefits the sale
of their services.

~~~
mst
This sounds like the same argument would apply to selling bullet proof jackets
to people who also own guns.

------
nathanb
So let me get this straight...Microsoft took down a free provider of dynamic
DNS services because people have used those services to distribute and control
malware?

Where is the due process? Where is the oversight in this? All I'm seeing is
vigilanteism.

~~~
lstamour
Next time, read the rest of the article?

> Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over
> the past 12 months, which doesn’t account for detections by other anti-virus
> providers. Despite numerous reports by the security community on No-IP
> domain abuse, the company has not taken sufficient steps to correct, remedy,
> prevent or control the abuse or help keep its domains safe from malicious
> activity.

> On June 19, Microsoft filed for an ex parte temporary restraining order
> (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the
> court granted our request and made Microsoft the DNS authority for the
> company’s 23 free No-IP domains, allowing us to identify and route all known
> bad traffic to the Microsoft sinkhole and classify the identified threats.

No-IP in the past has denied allegations, e.g. the Cisco blog post linked to
by Microsoft was denied here: [http://www.noip.com/blog/2014/02/12/cisco-
malware-report/](http://www.noip.com/blog/2014/02/12/cisco-malware-report/)

This is also a temporary order, it's not permanent.

Sure, it's creepy when courts have control over DNS entries, but ... they do.
The Internet isn't lawless, it operates within the legal bounds of each
country that participates.

I wonder what No-IP will say next and if figures collected by independent
groups verify their "swift action" against security threats. As a company
providing DDNS services, I wouldn't expect them to understand and use the
latest in packet filtering techniques, but ... abuse is abuse and I'm sure
they submitted evidence that this was required, temporarily.

~~~
blacksmith_tb
It's not clear who determines what "sufficient steps" would be, however. That
could range from 'No-IP did nothing at all' to 'they tried and we weren't
impressed'. The MS claim that "free dynamic dns is frequently exploited by
cybercriminals" seems like hand-waving, to me. It's also used legitimately by
millions of people who have home routers which came with support for No-IP
baked into firmware...

~~~
andylei
> It's not clear who determines what "sufficient steps" would be

its perfectly clear. the courts.

~~~
blacksmith_tb
Well, no, it isn't perfectly clear from the article - are the courts in a
position to independently evaluate No-IP's efforts, or did they trust
Microsoft's legal team regarding their insufficiency?

~~~
hsod
isn't this how all lawsuits work all the time? there's a finding of fact where
each side presents arguments.

~~~
marcosdumay
Except that only one side presented any arguments on this case.

------
gtirloni
1 - Court seems to quick to grant Microsoft control of the domains

2 - No-IP statement that they have an open channel with Microsoft executives
but never (never?) received a complain from MS about any malicious activity is
doubtful (sure MS can produce evidence to the contrary)

3 - What was the urgency and how was this presented to the judge? Personally I
don't feel the urgency to use a takeover maneuver in this case, but is there
information that shows the impact of not acting was too great?

4 - Our governments are so inept at fighting cyber-crime that instead of
sending the request to a govt-regulated cyber-security unit they had to trust
Microsoft's with the enforcement? That's sad.

Like others, I am uneasy but thankful to MS. Just wish more details would be
shared.

~~~
zanny
> \- Our governments are so inept at fighting cyber-crime that instead of
> sending the request to a govt-regulated cyber-security unit they had to
> trust Microsoft's with the enforcement? That's sad.

If this were true, I could sleep easier at night. I doubt it - the judge in
question was probably just paid off or otherwise influenced to give MS just
insane power, while probably being ignorant of networking in the first place.

I can't think of a software problem that is best served through the violent
arm of the state.

~~~
MBCook
> the judge in question was probably just paid off or otherwise influenced

That's a hell of an accusation.

~~~
ntakasaki
I guess you haven't been reading comments and articles on Slashdot, Groklaw
and even HN over the years. Such wild accusations against MS are the norm.

If you want a good chuckle, read this "article" and comments.

[http://tech.slashdot.org/story/09/02/16/2259257/draconian-
dr...](http://tech.slashdot.org/story/09/02/16/2259257/draconian-drm-revealed-
in-windows-7)

~~~
MBCook
I know MS's reputation, and I remember when it was much worse.

I just expect more out of HN than "M$ is is buying judges with l00t."

No evidence, no simple argument, just "I don't like it so they must suck and
do evil."

------
spion
This is quite outrageous. I've been using no-ip.com for very legitimate
purposes and this will surely result with a lot of breakage. Thanks Microsoft.
Thanks a lot.

~~~
Omniusaspirer
As another completely legitimate user what strikes me the most with this is
how they did their best to basically pull off a sneak attack. I mean really?
Microsoft just couldn't be bothered to give any forewarning to the millions of
customers who's services they were directly interfering with?

Tack on the dubious reasoning and the alleged failure to even contact NOIP at
all before having this court order issued and this puts Microsoft in a really
bad light. I'm not mad at NOIP about malware (frankly- I don't give a single
shit), but I'm _absolutely_ mad at Microsoft for pulling this bullshit and
interfering with services I paid for completely out of nowhere.

~~~
spion
Indeed. Luckily I have a domain: now I'm going to fix this by setting up a
CNAME and an account at another dyndns provider. Now if the other provider
goes down, it should be possible to quickly make a switch without changing it
in 1000 places*

Should've thought of this earlier. Well, hindsight is 20/20

* includes git remote configuration, configuration files, scripts, bookmarked/saved links, and the worst: other people's links.

------
norswap
Just when you thought it had been a long time since Microsoft was last evil.

------
saganus
What I don't understand and haven't seen anyone ask is, why Microsoft?

I mean, obviously some shady legal tactics are at work here, but why did
Microsoft got to control those domains instead of, Mozilla for example? or
Google? even more so, why wasn't control transferred to ICE for example?

Not saying it's a better alternative or even that I agree with it, but it's
very VERY unsettling (and I'm not even American) that a corporation can
basically say "dibs on this" backed up by a court order!

I would understand if the procedure went some more like, MS cries wolf, a
court order is issued and a gov agency takes temporary control. At least it's
"the government" doing the policing (even if guided by a corporation or
whatever).

What's next now? Comcast and Verizon sending their IP Police to arrest you
because they have a log showing piracy was downloaded at an IP owned by you?
And they get to seize your stuff and now your house is a Comcast/Verizon
store?

Wtf is this? It's so unreal.

Edit: typo

~~~
kevingadd
Our government has a pretty long track record of privatizing law enforcement
(not to mention prisons, warfare, etc...) so it's not surprising to see this
handed off to Microsoft. If anything, a company like MS, Google or Mozilla at
least has the expertise to do a good job.

Still not happy to see it, though.

~~~
saganus
I agree.

But it's pretty strange that control was not given to the corresponding
government authority.

They could then have MS work as "consultants". I don't agree either, but at
least that would have made some sort of sense. Maybe even better if it wasn't
just one company but a panel of several institutions, including IETF for
example, or something like that.

------
noipcom
You can read No-IP's formal statement here:
T[https://www.noip.com/blog/2014/06/30/ips-formal-statement-
mi...](https://www.noip.com/blog/2014/06/30/ips-formal-statement-microsoft-
takedown/)

~~~
InAnEmergency
This is craziness.

------
reality_czech
People were starting to forget why everyone hates Microsoft. Even on this
site, I see a lot of comments about how Microsoft "isn't so bad" anymore.
Hopefully this will lay that and similar naive comments to rest.

------
moe
Wouldn't it make more sense to make Microsoft financially liable for damages
caused by their continued [criminal?] negligence?

[1] [http://www.zdnet.com/after-seven-months-and-no-microsoft-
pat...](http://www.zdnet.com/after-seven-months-and-no-microsoft-patch-
internet-explorer-8-vulnerability-is-revealed-7000029765/)

[2] [http://www.microsoftproductreviews.com/microsoft-
news/intern...](http://www.microsoftproductreviews.com/microsoft-
news/internet-explorer-8-security-flaw-remains-unfixed-need-worry/)

------
mschuster91
Just ran a dig +trace on no-ip.biz. Just... wtf. Who had acted upon that court
order?! I thought that the days the US had full control over the internet were
LONG past. `

    
    
        biz.                    172800  IN      NS      a.gtld.biz.
        biz.                    172800  IN      NS      b.gtld.biz.
        biz.                    172800  IN      NS      c.gtld.biz.
        biz.                    172800  IN      NS      e.gtld.biz.
        biz.                    172800  IN      NS      f.gtld.biz.
        biz.                    172800  IN      NS      k.gtld.biz.
        ;; Received 308 bytes from 192.203.230.10#53(192.203.230.10) in 526 ms
    
        no-ip.biz.              7200    IN      NS      NS7.MICROSOFTINTERNETSAFETY.NET.
        no-ip.biz.              7200    IN      NS      NS8.MICROSOFTINTERNETSAFETY.NET.
        ;; Received 90 bytes from 209.173.58.66#53(209.173.58.66) in 150 ms
    
        no-ip.biz.              76834   IN      NS      nf5.no-ip.com.
        no-ip.biz.              76834   IN      NS      nf2.no-ip.com.
        no-ip.biz.              76834   IN      NS      nf4.no-ip.com.
        no-ip.biz.              76834   IN      NS      nf3.no-ip.com.
        no-ip.biz.              76834   IN      NS      nf1.no-ip.com.
        ;; Received 206 bytes from 157.56.78.73#53(157.56.78.73) in 344 ms

~~~
jauer
"full control over the internet" is distinct from control over US
corporations. Dot biz is operated by Neustar and they are based in Virginia
and thus subject to US Courts.

For example, they likely would have had less success enforcing a change on a
.ir domain as the registry isn't located in US jurisdiction.

~~~
mschuster91
I bet that the US were not above to forcing the root DNS server providers to
redirect the NS for .ir to some 3-letter-agency.

------
rblatz
Their status twitter is interesting, they aren't going into any details as to
why their service stopped working, and they haven't made any statements about
the accusations against them.

[https://twitter.com/NoIPStatus](https://twitter.com/NoIPStatus)

~~~
hendersoon
No-ip's official response is here:

[https://www.noip.com/blog/2014/06/30/ips-formal-statement-
mi...](https://www.noip.com/blog/2014/06/30/ips-formal-statement-microsoft-
takedown/)

~~~
rblatz
Thanks, I checked their site and they had not posted a response when I
commented.

------
motters
So if I declare that the Bing web crawler is ignoring robots.txt and DDoSing
my server then I can take over microsoft.com to "clean" out the bad stuff and
redirect all traffic to zombo.com?

------
xxdesmus
So based on Microsoft's ingenious logic someone could get a court order and
take over part of their business because they have so many infected Windows XP
machines out there. Right?

------
rippa242
I'm wondering how Microsoft managed to take down the noip.me base domain,
since the court stated (footnote 1 on page 5 of the 2nd amended TRO,
2:14-cv-00987-GMN-GWF-019) that the noip.me domain is controlled by the
country of Montenegro and outside US legal system control. While there are
noip.me 3rd level domains in Appendix A of the TRO, mine were NOT listed and
yet I'm being sinkholed by Microsoft.

------
tokenizerrr
So does this mean no-ip.com is no more, or only a subset of their domains?

~~~
lstamour
It means, temporarily, a subset of traffic known to be from these viruses
should be blocked, within part of the US, it seems.

~~~
tokenizerrr
Being in the Netherlands I can confirm that I got the same results as
[https://news.ycombinator.com/item?id=7967853](https://news.ycombinator.com/item?id=7967853),
so not just the US.

------
sanbor
If the way to prevent malware is by blocking domains (which only prevent a few
of them), with the same logic another great solution would be blocking
Microsoft's operating systems (which would prevent most of them).

Ubuntu should ask the government the same power and show how little malware
Ubuntu users has and how much Windows users has to suffer.

------
vfclists
When are a group of no-ip customers going to file a class action suit against
Microsoft?

Just because an ignorant judge gave them access to some no-ip domains did not
give them the right bite more then they could che and fsck it up.

The whole thing is just bizarre, WTF were they trying to accomplish? ie they
took over the business of providing name service to over 4 million hosts, way
bigger more than most large service providers with the intention of traffic to
and from the C & C servers, or identify which of the computers were infected
and inform their owners?

Why didn't they simply set up some monitoring devices and get the judges or
the FBI to compel no-ip to allow them to plug it into their network so they
could monitor what they wanted without disrupting the service?

If the no-ip owners were directly involved in the scam then why didn't the
hand the evidence to the law enforcement authorities and let them carry on
from there?

------
kqr2
Any alternatives for free dynamic DNS?

~~~
nvr219
Hurricane Electric: [https://dns.he.net/](https://dns.he.net/)

~~~
makmanalp
Whoa, he.net is alive and kicking. These guys used to run an efnet server back
in the day.

~~~
lucb1e
And I heard they do free IPv6 tunnels. Pretty cool.

~~~
kordless
HE is awesome.

------
ars
Wait what?

If I have a domain with no-ip.com will it continue to work? Does Microsoft
effectively own them now?

~~~
davidu
They domain will work, subdomains on at least no-ip.biz and no-ip.org aren't
going to work.

------
hd502
Complete BS. They claimed they were just going to stop bad traffic. But they
can't handle the overall traffic load and so NO traffic is getting through. I
was using the service to provide access to an API server in-house. A very
simple server, nothing but JSON requests in-and-out. Absolutely NO malware.
But since MS takeover - no traffic has gotten through.

I pay for my noip account, so I'm happy to join any lawsuits against MS for
this action. Personally, I see a class action suit being VERY viable.

I also have issue with the courts even allowing this. Did they do ANY research
on what is actually going on? I can't see how they could let this happen.

I feel violated!

------
dimman
Do they want a thank you? So sad really because lately they've shown some
small steps in what I thought was the right direction. Ignorance is bliss.

------
jajaja2014
microsoft now spying legitimate no-ip trafic based on non applicable us laws?

fuck you microsoft!

------
Labrynth2014
I would just add @andor, that the Police DO NOT own enough tools and equipment
to do this. The Private sector has to, for better or for worse.

I have domains with NO-IP and I've had no problem with them. It would all have
been better had Microsoft made a statement about seizing the DNS but I respect
the DON'T TELL THE ENEMY WE'RE COMING AND ON TO THEM !

------
imrehg
We are using a no-ip.biz address for the Taipei Hackerspace website (because
need DynamicDNS due to stupid settings of our network provider). After the
whole day it was still working, I thought we will be not affected. No such
luck, microsoftinternetsafety.net took our address as well, and the website +
all services associated is inaccessible.

Thanks a lot, M$!

------
jrs235
So on a different side topic, if the service was free and I assume the TOS
from noip didn't guarantee an SLA, does this mean all the end users are
basically out of Luke suing Microsoft for failure to properly resolve their
domains?

If the cliche isn't true, then I guess the next/new one is, if its free you're
SOL.

------
bobloblawblah
I use no-ip in conjunction with my phone. I get within 200m of home and my
home computer gets wakeonlan'ed.

Today that didn't happen.

I had originally blamed no-ip for this...

To me, Microsoft seems to be the bully and is now actually guilty of conduct
No-IP was only peripherally involved in.

------
Geiko
So shouldn't Spamcop.net (or anyone else) be able to seize microsoft.com,
outlook.com and hotmail.com. They have been blocking those email servers for
years due to spam sent from their domains and email servers.

------
sakawa
I guess this is a shortcut to solve some problems. No-IP domains are used only
by who hasn't a good infrastructure to support his infected network.

And especially, why don't Microsoft take care of making his OS more secure?

------
deniska
And I was wondering, why did my no-ip.biz subdomain stop working…

~~~
tokenizerrr
So they are not even forwarding legitimate traffic? Did they just take the
entire company down?

~~~
smellf
It looks like it to me - I have personal services running through them as well
and my stuff stopped working last week. Of course, I also had multiple
concurrent hardware failures, so I was assuming it was just that.

------
davidu
This is an incredible action by Microsoft, and the courts.

------
andmarios
Which dynamic DNS service will be next?

But I have a better idea. Windows are an easy target for cybercriminals; maybe
someone should step up and take Microsoft down.

~~~
diminoten
What kind of a thug do you have to be to think like this?

~~~
andmarios
A microsoft employee probably.

------
teddyh
I suddenly feel a lot better for having set up my own dynamic DNS solution.
(Using plain Dynamic DNS and nsupdate(1) on the clients.)

------
marcelocamanho
Oh.. That explains the issues we were having today. This seems to be affecting
our no-ip even when we have no malware or threat.

------
kurenyen
I've spent years of efforts on my site, people like it, now it's unreachable,
fuck you Microsoft...

------
johnnyxp64
what the fuck is wrong with the world this days!!!??? are you all in prison
because few morons stole something??? wtf Microsoft is wrong with you and you
damn courts!???? i will sue you bastards because i am loosing money due to
your stupid actions!!!!

------
bluejellybean
Holy fuck... if this doesn't get solved my company is dead in the water...

~~~
moblahbl4hblah
I'm sorry man, but if your business is predicated on a free dynamic dns
provider?

Do I even have to finish that statement?

------
Nanzikambe
There are serious problems with this, firstly that it's technically impossible
to implement effectively, beyond that it's extremely impractical. Any benefit
will be so so transient as to render the entire exercise pointless.

For the moment, let us ignore the scary implications of the court's part in
this and consider this from a technical perspective in a logical manner:

The hypothetical sub-domain abc.no-ip.org resolves to 1.2.3.4, a host
somewhere that contains malicious payloads, is botnet C&C or is a member of a
botnet. In any case, he's the bad guy - one of the people Microsoft are
looking to exclude from the Internet.

So how can this be accomplished? Let's ignore for the moment that the bad guys
are free to use any other dyndns service they please and assume that no-ip is
the only one.

Approach 1

\----------

Every time a host connects to no-ip to update its IP, Microsoft scans tcp &
udp ports of the host looking for known C&C services, scans hosted data
(public web or ftp). This will simply result in the bad guys hiding all of
this in an undetectable manner, many bot-nets already use either Tor or SSH
for C&C - without authentication it will be impossible to differentiate Joe
Average with an SSH or Tor exit from the "targets".

As for scanning for content, this is possible assuming the content has to be
public (ie. malicious payload) but even then, it's not practical - payloads
can be hidden in anything and obfuscated beyond detection. Essentially all
that's accomplished is another arms race based around signature detection for
malicious content, with the disadvantage that unlike AV solutions this
scanning is conducted _remotely_ and the scan source is known. So the
malicious guy with 2 or three lines just uses a stateful firewall to point
microsoft's "scanning service" to good content, everyone else to the bad.

So what other options are there? A blacklist of IPs? Well, they're _dynamic_
IPs, sooner or later you'll end up with every dynamic IP in the entire ipv4
range blacklisted as the bad dudes just release/renew.

Then there's banning the sub-domains/users! Also impractical because for each
user and domain you ban, another will emerge.

Approach 2

\----------

Microsoft resolves every request for abc.no-ip.org to their own service, all
the time, this service performs stateful packet analysis before forwarding it
on to the destination host. Impractical because you're essentially routing
_all_ no-ip traffic via Microsoft and once again you can only filter what you
can detect -- and once the requests themselves are encrypted, that becomes
impossible. This is effectively a MITM attack.

All the while we've assumed no-ip is the only alternative, it's not - and many
others are beyond Microsoft and the courts jurisdiction. So ultimately the
only way this "approach" could be temporarily feasible is if _all_ Internet
traffic were routed through Microsoft's service. So effectively you need to
give control of every domain, TLD, ipv4 and ipv6 range to Microsoft. Not
workable.

Someone is bound to point out that Microsoft's approach in this may be
distributed, agents running on installs of their operating system which does
address some aspects of my points above, but once again -- if Microsoft is
capable of implementing effective detection on the workstation, remind me
again why _any_ of this is needed?

I must be missing something fundamental.

~~~
Piskvorrr
You are missing the late 90s adage: "Where does the 900-pound gorilla sit?"
The answer is, of course, "Anywhere it wants to."

------
sadfaceunread
Anyone got a link to the TRO? Is this part of the public record?

~~~
dlgeek
[http://www.noticeoflawsuit.com/docs/Second%20Amended%20Order...](http://www.noticeoflawsuit.com/docs/Second%20Amended%20Order%20-%20flattened.pdf)

------
notsoMicrosoft
Appears as though Level 3's dns servers are still pointing where they should.

4.2.2.2

4.2.2.3

4.2.2.4

------
vfclists
Loads of self-congratulating tripe. Microsoft why don't you simply provide
free OS upgrades or fixes for the millions of XP computers out there? They are
not going anywhere soon.

Next thing we know your lawyers and lobbyists are going to come up with some
legislative wheeze and you will be running the biggest botnet in the world.
You created the problem so fix it yourself.

~~~
nav1
Probably because Windows XP is well over 10 years old. You can't possibly
expect them to support it forever just because some organisations can't be
bothered to upgrade.

~~~
cwyers
"Software doesn't wear out or breakdown like a physical good"

Well, uh, then why does Microsoft need to do anything, if it's still as good
as they day it was first sold?

~~~
regd005
> Well, uh, then why does Microsoft need to do anything, if it's still as good
> as they day it was first sold?

It is, it's just that it was broken the day it was first sold.

------
moblahbl4hblah
All of you pant-shiting bitches...Oh Noes! MS took down a botnet...what's to
stop the court from giving my TF2 hosting domain?

Grow up. You guys bitch about malware. You bitch about MS. Mainly you just
bitch...and talk about Haskell.

It's boring.

