Jump to content



Photo

[DNS Changer] What you need to know


  • Please log in to reply
5 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,439 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 07 July 2012 - 18:52

There has been a lot of talk in the news recently about DNS Changer. Because of that, a lot of people think the internet is going to die on Monday, July 9th. Lets be clear, the internet is not going to die for everyone on Monday. It will only effect people who, have already been infected with DNS Changer . DNS Changer is a preexisting infection, meaning, it's not something you will catch on Monday, you have to already have it. Let me explain what DNS is first, then I'll explain what DNS Changer is and why it's going to cause the internet to stop functioning for some people on Monday July 9th.

Think of DNS like a gigantic Internet phone book. Every ISP (Internet Service provider) has one. Every website that you connect to has a number associated with it. It's called an IP address. Think of it as a websites phone number. A website can have a bunch of numbers or it can just have one number and sometimes those numbers can change.

Let's take Google for example. People know Google as www.google.com. A computer knows Google as 208.69.36.230 or 208.69.36.231. In the very early days of the internet they didn't want people to have to type in long numbers just to get to a website. So they created "Domain names" like .com .org .gov and the list goes on. This makes it simpler for human brains to remember internet addresses.

Only problem is, we have to be able to use the website name, while the computer has to be able to use the website IP address (number). This is where the DNS server was born. When you type in www.google.com into your web browser the computer checks the phone books (DNS server) and say's hey, look www.google.com's phone number is 208.69.36.2230 and proceeds to connect to the website.

This now brings us to DNS Changer. DNS Changer changed the DNS server (Phone book) on a users PC. In essences it gave someones machine a "Bad phone book" (Don't worry the FBI gave them good phone books). This is bad because the bad guys can change any number in the bad phone book that they want. So if a user (for example) typed in www.paypal.com the computer would look in the bad phone book and get the wrong number for paypal. When this happens the user gets taken to a website that looks just like paypal, but isn't. This is called Phishing and is how identity theft or how people get their usernames and passwords stolen.

Back in November 2011 the FBI found the people responsible for DNS Changer. They then replaced the bad phone book with a good one. In doing so, anyone who had been infected by DNSchanger wouldn't have noticed any issue with their internet connection. This is because the good phone book the FBI gave them didn't contain any wrong numbers

The issue is, on Monday July 9th the FBI will turn off good phone book. Anyone infected with DNS Changer that tries to go to a website on Monday will get "Page can't be displayed". This is because their system will no longer able to use the good phone book because the FBI will have turned it off.

People who want to check and see if they have been infected by DNS changer can use the following address.

http://dns-ok.us/


#2 jnelsoninjax

jnelsoninjax

    A custom title? Cool!

  • 7,596 posts
  • Joined: 16-December 07
  • Location: Jacksonville, FL
  • OS: Windows 7 Pro X64
  • Phone: Samsung Galaxy Exhibit SGH-T599N

Posted 07 July 2012 - 19:52

That is a very good (and concise) explanation! If you were not aware of it, open DNS has released a program called DNSCrypt
1. In plain English, what is DNSCrypt?
DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks.

#3 +BudMan

BudMan

    Neowinian Senior

  • 26,235 posts
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 09 July 2012 - 12:38

^ yeah I would take this with a grain of salt

"preventing any spying, spoofing or man-in-the-middle attacks."

that is not really true. All it does it encrypt and validate that your talking to opendns -- does not validate the information they got from dns for domainX or domainY, etc.

If you want validation of the records came from the owning server and were not "spoofed" then you need to use dnssec. And the owners of the domain need to enable it and sign their records - which is the problem currently, not a lot of domains are signed. Even though the root zones have all been signed since 2010.

#4 Marshall

Marshall

    ▇ ▂ ▃ ▁ ▁ ▅

  • 12,662 posts
  • Joined: 22-June 03
  • Location: USA

Posted 10 July 2012 - 03:42

Well written and detailed article, however, most won't click on the link (especially guests who are in search of information about DNS changer) with a title like that.

I'd suggest something like "[DNS Changer] What you need to know"

#5 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,439 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 10 July 2012 - 03:45

I'd suggest something like "[DNS Changer] What you need to know"


Not bad, Not bad at all.

#6 Tha Bloo Monkee

Tha Bloo Monkee

    Da Ba Dee Da Ba Die

  • 4,173 posts
  • Joined: 03-July 04
  • Location: Ontario, Canada

Posted 10 July 2012 - 04:19

I like the comparison of DNS to a phone book. Good simple analogy :D