TimeWarner DNS Hijacking

Exstatica writes "It looks like TimeWarner is taking vigilante action on the botnet problem. They've hijacked DNS for a few IRC servers, the latest being irc.mzima.net and irc.nac.net — both part of EFNet. (irc.vel.net was hijacked earlier but has been restored.) Using ns1.sd.cox.net, the lookup returns an IP for what looks to be a script that forces the user into a channel and issues a set of commands to clean the drones. There have been different reports of other IRC networks being hijacked and other DNS servers involved. Is this the right way to handle the botnet problem? Is hijacking DNS legal?" Botnets are starting to move off of IRC for command and control, anyway.
Update: 07/24 00:01 GMT by KD : Updated and added more links; thanks to Drew Matthews at vel.net. 07/24 11:52 GMT by KD : Daniel Haskell wrote in to say that ircd.nac.net is seeing cox.net connections again, and that they are in discussion with the EFF over the matter.

In other news

[MonGuSE]

In other news Redhat has begun using arp poisoning and TLD hijacking to remove the Malicious and insecure Microsoft Windows installs. After all windows installs are purged there is expected to never ever be a future threat and heavy handed tactics will never be used again. Sometimes the cure is worse than the ailment.

This is a DNS hijacking.

[woodchip]

OK DNS Server resolve me to .cu and no body gets hurt.

The Right Way?

[Kozar_The_Malignant]

>Is this the right way to handle the botnet problem?

No. The right way involves castration with rusty linoleum knives, Turkish prisons, and rabid wolverines. If that doesn't work, we should quit being nice and get nasty with these folks. Seriously, this problem will not go away until people start doing some hard time, preferably with a cell mate who does not need Erct|le Member Help!

Re:Fair game

[Vegeta99]

Except for Eris, of course.

Re:IRC networks must police themselves

[Assassin bug]

Do do do do, dah dah dah dah, is all I have to say to you.

Re:The criminal code calls it "Theft of Services"

[wik]

Hey, not so fast!

PA recently became the 50th state in the union [post-gazette.com] to put their laws online.

Re:About time

[davecarlotub]

I, for one, do *NOT* trust the police, however I welcome our new botnet-breaking overlords.

Re:Alternative DNS?

[Anonymous Coward]

Pfff. pansy.
I'll stick to memorizing the IP addresses of all the sites I like, thank you.

Re:New Update since i submited this yesterday

[Anonymous Coward]

-100 for lame referential cross-linking to wiktionary to support your dirty spelling pedantry...

A**hole....

Re:New Update since i submited this yesterday

[Skrynesaver]

Realistically anyone attempting to prosecute Cox for exploiting a backdoor in a botnet is going to have a hard time keeping their client out of jail.

I look forward to Cox meeting their lawyers.
Evil_lawyer_dude: You have exploited a vulnerability in my clients software
Cox Communications: Ooops, so we have, would you care to name your client
Evil_lawter_dude: I don't have to
Cox Communications: Well, without evidence of harm done to your client we can't be held liable for anything
Evil_lawyer_dude: My client has been unable to carry on his business using the resources of your customers
Cox Communications: Yes, and we have a list of customers who would be part of a counter suit, no go away or we will taunt you some more.

This is bad....*how*?

[IonOtter]

TWC: "Sir, you have an IRC bot on your machine that's making DDoS attacks."

Majority Computer User: "'IRC'? I'm seeing who??? Who am I seeing and when? Why am I seeing them? What're you talking about?!? Am I being charged for this?!? OMG, did Billy download music or movies or something?!? Oh Jesus Christ I'm going to kill that brat! Oh God, did you report me?!? I'm going to jail, aren't I?!?"

TWC: (sweatdrop)

So. Explain to me how castrating bots without disturbing or distressing the vast and overwhelming majority of computer users is a bad thing?