Over the week there were mixed reactions to the way Microsoft took down the domains run by No-IP.com after the discovery of a great number of botnets that a court order mandated the software giant to shut down.
Microsoft not only took down the botnets with success, it also went as far as bringing million of users including enterprises, blog sites and other customers of No-IP.com off the grid, resulting in much commotion and displeasure.
The Redmond company detected the command and control servers that hackers used to deploy the malware. So Microsoft went on with its court order to knock the battalion of botnets down on grounds that No-IP failed short of stunting the proliferation of this malware. All that without No-IP’s knowledge about it.
Botnets, especially the not so complicated ones, can be taken down simply by isolating the authentic traffic in transit through the No-IP domain names from that of the infected command and control servers. Microsoft worked to re-channel the traffic of 22 domains operated by No-IP through its headquarters for scanning before knocking those domains offline.
Initially, the software giant set about aiming at more than 18,000 botnet-infected hostnames, but the work has gone faulty, leading to the knocking offline of millions of No-IP users, including those who were using legitimate traffic.
The effort taken by Microsoft to knock offline No-IP domains was a plausible one, but why did it spark heated discussions among the security community? No-IP, a dynamic domain name service provider, works by connecting website names to IP addresses so that computers will be able to recognize them and establish the connection for users trying to access a website.
No-IP also connects a specific Website name to various IP addresses since your Internet service provider might decide to alter your IP address every now and then. But when hackers get in the way, Web surfing could lead to a compromise at the mercy of botnets, which are commandeered by command and control servers. That is why law enforcers are targeting these servers in cases where botnet attacks are involved and shutting them down.
So it is obvious why hackers are using command and control servers to launch attacks: it is easy to change IP addresses so that law enforcement agents could hardly locate them. It is also makes it smooth for attackers to check their computers in for orders.
But as to whether Microsoft should have used another means of taking down the botnets rather than the severe mechanism it has taken on has been a matter of debates. Microsoft, according to some experts, crossed its borders for its too harsh action against No-IP.
Leave a Reply