From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RyjsK-0003xA-Io for garchives@archives.gentoo.org; Sat, 18 Feb 2012 12:58:52 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A215CE0AD5; Sat, 18 Feb 2012 12:58:32 +0000 (UTC) Received: from svr-us4.tirtonadi.com (svr-us4.tirtonadi.com [69.65.43.212]) by pigeon.gentoo.org (Postfix) with ESMTP id 43736E0A10 for ; Sat, 18 Feb 2012 12:56:44 +0000 (UTC) Received: from mail-vx0-f181.google.com ([209.85.220.181]) by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.69) (envelope-from ) id 1RyjqI-000zrV-6G for gentoo-user@lists.gentoo.org; Sat, 18 Feb 2012 19:56:46 +0700 Received: by vcbfl10 with SMTP id fl10so3407106vcb.40 for ; Sat, 18 Feb 2012 04:56:41 -0800 (PST) Received-SPF: pass (google.com: domain of pandu@poluan.info designates 10.52.18.211 as permitted sender) client-ip=10.52.18.211; Authentication-Results: mr.google.com; spf=pass (google.com: domain of pandu@poluan.info designates 10.52.18.211 as permitted sender) smtp.mail=pandu@poluan.info Received: from mr.google.com ([10.52.18.211]) by 10.52.18.211 with SMTP id y19mr3465961vdd.73.1329569801023 (num_hops = 1); Sat, 18 Feb 2012 04:56:41 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.52.18.211 with SMTP id y19mr2819856vdd.73.1329569800947; Sat, 18 Feb 2012 04:56:40 -0800 (PST) Received: by 10.220.72.1 with HTTP; Sat, 18 Feb 2012 04:56:40 -0800 (PST) Received: by 10.220.72.1 with HTTP; Sat, 18 Feb 2012 04:56:40 -0800 (PST) In-Reply-To: <1971113.3a2zZ3o5ps@localhost> References: <4F3F7CBA.9020600@gmail.com> <20120218124409.43286f16@khamul.example.com> <4F3F92C0.3060506@gmail.com> <1971113.3a2zZ3o5ps@localhost> Date: Sat, 18 Feb 2012 19:56:40 +0700 Message-ID: Subject: Re: [gentoo-user] Somewhat OT: Any truth to this mess? From: Pandu Poluan To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=bcaec501c136b0871104b93c97d1 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - poluan.info X-Archives-Salt: d1b4a2f5-e272-44bd-b286-55cc00a7cc4c X-Archives-Hash: ac77905bc8a164fae9b500e16a8a51a2 --bcaec501c136b0871104b93c97d1 Content-Type: text/plain; charset=UTF-8 On Feb 18, 2012 7:27 PM, "Volker Armin Hemmann" wrote: > > Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale: > > Alan McKinnon wrote: > > > On Sat, 18 Feb 2012 04:26:02 -0600 > > > > > > Dale wrote: > > >> Howdy, > > >> > > >> I ran across this and though it was a joke. Did a news search and > > >> sure enough, it is reported in lots of places. Random linky: > > >> > > >> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-Ma > > >> rch-8-virus-concerns.html?ito=feeds-newsxml > > >> > > >> Is there any truth to this mess? My bigger and better question, how > > >> is shutting down the internet going to fix this? When the net comes > > >> back up, they are still going to be infected. Right? > > >> > > >> I'm glad I run a really nice Linux OS. > > > > > > Gawd, I hate it when morons write sensational articles that attempt to > > > make sense to other morons. You get crap like that. > > > > > > So if this is legit, and I'm not saying it is, what happened is this: > > > > > > The malware changes the DNS cache settings on infected machines, > > > sending the user to rogue caches. The FBI captured some (or all) of > > > these rogue caches and (possibly) tried to fix them. A court has now > > > said those rogue caches must now be shut down. > > > > > > So if the morons reading the article do nothing, on March 8 the DNS > > > caches they use will be down. The user's DNS will not work. > > > > > > OMFG!!!!!!! Da intartubes is broken!!!!! > > > > > > > > > > > > Instead, why not just set the DNS caches to something NOT owned by Ivan > > > The Russian Spammer? > > > > > > And no, the intartubes will NOT be switched off. > > > > I don't really think they can unless they just cut power to all the > > computers. After all, the internet is supposed to be redundant right? > > If there is a few computers still running that have a connection, it is > > still working. Sort of anyway. > > > > Does make one wonder tho. They have been talking about having a > > internet "off switch" but I'm not sure it would be that easy. > > basically, yes. Take down the core routers and backbones and everything falls > apart. > > -- > #163933 > Indeed. In fact, easier than that. Just inject false BGP routes into one of the backbone level routers, and see how wide the Internet becomes 'impacted'. Do it to maybe 5 or 6 other routers that watch guard over the transatlantic and transpacific routes, and watch as the Internet fold upon itself. I was once a certified Network Engineer before I became a System Admin, so I know. The soft underbelly of the Intartubes is depressingly very vulnerable. Rgds, --bcaec501c136b0871104b93c97d1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Feb 18, 2012 7:27 PM, "Volker Armin Hemmann" <volkerarmin@googlemail.com> wrote:<= br> >
> Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
> > Alan McKinnon wrote:
> > > On Sat, 18 Feb 2012 04:26:02 -0600
> > >
> > > Dale <rdalek1967@= gmail.com> wrote:
> > >> Howdy,
> > >>
> > >> I ran across this and though it was a joke. =C2=A0Did a = news search and
> > >> sure enough, it is reported in lots of places. =C2=A0Ran= dom linky:
> > >>
> > >> http://www.dailymail.co.uk/news/article-21028= 56/Will-FBI-shut-Internet-Ma
> > >> rch-8-virus-concerns.html?ito=3Dfeeds-newsxml
> > >>
> > >> Is there any truth to this mess? =C2=A0My bigger and bet= ter question, how
> > >> is shutting down the internet going to fix this? =C2=A0W= hen the net comes
> > >> back up, they are still going to be infected. =C2=A0Righ= t?
> > >>
> > >> I'm glad I run a really nice Linux OS.
> > >
> > > Gawd, I hate it when morons write sensational articles that = attempt to
> > > make sense to other morons. You get crap like that.
> > >
> > > So if this is legit, and I'm not saying it is, what happ= ened is this:
> > >
> > > The malware changes the DNS cache settings on infected machi= nes,
> > > sending the user to rogue caches. The FBI captured some (or = all) of
> > > these rogue caches and (possibly) tried to fix them. A court= has now
> > > said those rogue caches must now be shut down.
> > >
> > > So if the morons reading the article do nothing, on March 8 = the DNS
> > > caches they use will be down. The user's DNS will not wo= rk.
> > >
> > > OMFG!!!!!!! Da intartubes is broken!!!!!
> > >
> > > <sigh>
> > >
> > > Instead, why not just set the DNS caches to something NOT ow= ned by Ivan
> > > The Russian Spammer?
> > >
> > > And no, the intartubes will NOT be switched off.
> >
> > I don't really think they can unless they just cut power to a= ll the
> > computers. =C2=A0After all, the internet is supposed to be redund= ant right?
> > If there is a few computers still running that have a connection,= it is
> > still working. =C2=A0Sort of anyway.
> >
> > Does make one wonder tho. =C2=A0They have been talking about havi= ng a
> > internet "off switch" but I'm not sure it would be = that easy.
>
> basically, yes. Take down the core routers and backbones and everythin= g falls
> apart.
>
> --
> #163933
>

Indeed. In fact, easier than that.

Just inject false BGP routes into one of the backbone level routers, and= see how wide the Internet becomes 'impacted'. Do it to maybe 5 or = 6 other routers that watch guard over the transatlantic and transpacific ro= utes, and watch as the Internet fold upon itself.

I was once a certified Network Engineer before I became a System Admin, = so I know. The soft underbelly of the Intartubes is depressingly very vulne= rable.

Rgds,

--bcaec501c136b0871104b93c97d1--