Ridding the world of the DNS Changer is proving a long, slow process that won’t be accomplished by July 9, when the court orders granted to the FBI expire and infected users suffer their inevitable blackout.
That’s the bleak warning given by BIND father and ISC founder and chair Paul Vixie to the AusCERT security conference on the Gold Coast today, 17 May.
“Remediation, which has not worked, has taken many forms, which did not work,” Vixie drily noted.
The notorious “operation ghost click” is well-known and understood, having been analysed in the six months since arrest of the Estonians (Vladimir Tsatsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov) who hosted their ad-redirecting DNS on Rove Digital’s infrastructure.
Vixie said ISC’s ongoing research demonstrates that when the court order expires, there will still be in the vicinity of 300,000 DNS Changer-infected computers, in spite of the best efforts at remediation. Many users, Vixie said, are so untrusting and hostile that they resent being told they have a problem.
On the coming “dark day”, Vixie says, there’s a strong likelihood that ISPs will be swamped with help calls demanding to know what’s wrong. Had it been possible to do so, Vixie said, he would at least have contrived some way to “spread out the pain”, because “the way we’re doing it now, there will be no end to it.”
Although the DNS Changer incident emphasizes the importance of DNSSec, implementation is a slow process that depends on industry-wide cooperation.
He also took the opportunity to criticize the increasing willingness of governments to try and use misdirected DNS requests to enforce policies (such as porn-blocking or, in the case of Italy, blocking offshore gambling site).
“If it becomes popular [to use DNS] to block things that users want, they will move their DNS requests elsewhere.” The threat remains, however: SOPA-style legislation is still on the wish-list of entertainment lobbies, and will not leave the political agenda. ®