NO-IP Hijacked by Microsoft

jimp · Jul 1, 2014, 4:56 PM

If you use NO-IP Dynamic DNS with pfSense (or elsewhere), be aware that the service may be down or spotty due to Microsoft hijacking some of their domains.

https://www.noip.com/blog/2014/06/30/ips-formal-statement-microsoft-takedown/
http://arstechnica.com/security/2014/06/millions-of-dymanic-dns-users-suffer-after-microsoft-seizes-no-ip-domains/
and the spin from Microsoft…
http://blogs.technet.com/b/microsoft_blog/archive/2014/06/30/microsoft-takes-on-global-cybercrime-epidemic-in-tenth-malware-disruption.aspx

robi · Jul 2, 2014, 1:00 PM

It's flapping. Once it works, once note….

kpa · Jul 2, 2014, 1:17 PM

Not surprising at all. Many of the NO-IP were used for launching malware (just check how many of thier domains were blacklisted by various blacklists) and this was the perfect excuse for taking over the domains. In my opinion NO-IP is the negligent party here because they didn't consider the possibility that complaints over domains owned by them would cause such takeover of the domains.

robi · Jul 2, 2014, 1:22 PM

But I don't get it. It was supposed to block only the subdomains affected by malware, not ALL of the noip domains and subdomains. Seems to me that techs at M$ can't really handle the situation correctly, or their DNS server software is really buggy.

Also there are other things I don't get:

how the heck can happen that it's flapping? Once it does, 5 mins later not and so on. Technically, what happens?
how on earth could the court give that right to M$ without FIRST notice No-IP about the requirement? Is this the way American laws work? You can sue anybody and get him into jail without even asking him for his version of the story? Astonishing…

jimp · Jul 2, 2014, 5:25 PM

@robi:

how the heck can happen that it's flapping? Once it does, 5 mins later not and so on. Technically, what happens?

Easily explained by Microsoft's infrastructure allocated to the service not being up to the load they are receiving. It could be dropping a significant number of requests to keep up.

@robi:

how on earth could the court give that right to M$ without FIRST notice No-IP about the requirement? Is this the way American laws work? You can sue anybody and get him into jail without even asking him for his version of the story? Astonishing…

They probably have some BS claim about them not responding fast enough or perhaps some emergency/probably cause/extenuating circumstances tossed in for fun.

Harvy66 · Jul 9, 2014, 4:37 PM

@kpa:

Not surprising at all. Many of the NO-IP were used for launching malware (just check how many of thier domains were blacklisted by various blacklists) and this was the perfect excuse for taking over the domains. In my opinion NO-IP is the negligent party here because they didn't consider the possibility that complaints over domains owned by them would cause such takeover of the domains.

According to NO-IP, they get requests all the time and they work with companies to crack down on malware. If made aware of issue, NO-IP promptly fixes the issue. And it wasn't just problem domains, it was all domains.

NO-IP claims that at no time where they contacted by Microsoft about the issue and NO-IP was never made aware that there was an issue or even a trial against them. A judge granted Microsoft control of NO-IP property without first consulting NO-IP.

This was their side of the story. I have no history with them. As far as I care, they could be as bad as Cogent about twisting the truth, but I like to give people the benefit of the doubt.

Anyone have any background on NO-IP when it comes to malware?

kejianshi · Jul 10, 2014, 11:54 PM

Yep - Jimp was right on all counts. This hit me when I was traveling through Malaysia - At first I thought my server was down but when I tried my alternate DNS name it was there. Sort of inconvenient. Without microsoft, malware and botnots would not be so prolific. Microsoft says that 93% of the DNS requests made to no-ip was made by malware. I seriously doubt it, but 100% of those malware are running on microsoft, so maybe they should take themselves down also (-:

reginaldo_barreto · Jul 19, 2014, 8:26 PM

Unfortunately after that stoppage was forced to look for another reliable service.
I'm using http://freedns.afraid.org/, making pointing directly to the sub-domains I'm entitled.

kejianshi · Jul 23, 2014, 7:58 PM

Bad move - Don't drop a perfectly good service just because microsoft messes with it.
Thats exactly the response microsoft wants.
The rebel in me says stick with them no matter what.

More than likely microsoft broke the service on purpose.

I'm sure they gave it their "best effort" to make it work while in their care.
Probably had their best two TRS-80s acting as server.

Gertjan · Jul 30, 2014, 2:11 PM

@kejianshi:

….
Probably had their best two TRS-80s acting as server.

WTx
I remember those !!!!!

Woow, man, thanks. That was a huge 'blast from the past' ;)