What an excellent idea. We use OpenDNS for all our regional sites (34-odd, I've lost count!) and it's a damn fine service as it is, but this is the icing on the cake.
With an estimated 10 million PCs infected by the stealthy worm known as Conficker, it's a good bet that plenty of administrators are blissfully unaware that their networks are playing host to the pest. Now, a free service called OpenDNS is offering a new feature designed to alert administrators to the damage and help them …
And I must say, for filtering out most of the dodgy stuff on the family PC it's very useful and simple to set up. I think this is a great idea. OpenDNS seems fast and pretty reliable from what I've seen so far. Nice to see someone taking a slightly different approach to the problem.
Kids started finding porn, I used OpenDNS to block. Found them (much later) visiting a site that somehow seemed to have porn on it, asked OpenDNS to block that site, and they helpfully asked "that's a proxy server. Would you like to ban all proxy servers?" Why, yes I would, thank you very much.
I also block doubleclick, and some other overly obnoxious advertising site.
OpenDNS + Little Snitch + WOT, it helps.
If Conficker has been completely reversed, every domain name and IP it will attempt to connect to will be known. I couldn't find the details on the Kaspersky site, but the list of domains and IP's to which Conficker tries to connect should be made public. Or at least circulated amongst the admins of the Internet root DNS servers. Conficker would be pretty impotent if every address it tried to connect to was "unavailable".
I think once admins get reports via OpenDNS dashboard of suspect machines it is unlikely every single one of them would remain silent. One would also have to presume the intelligence behind Conficker is dumb enough not to notice.
It makes me laugh when I see people advocate open DNS - the advocates clearly don't know how it works or is funded, and just because it has "open" in its name some people automatically get a woody over it.
What made me look into open DNS was the fact they are so vocal about it not having a financial cost associated with it.... so how do they make their money?
A quick butchers at their site shows that basically if there is data they can record about their users, they do. And they sell that data to the highest bidder (and again to anyone else).
The website is draped in "friendly" buzzwords and features like Creative Commons or blogs, but in reality they are just using the oldest marketing tricks in the book. And so called smart people lap it up!
It really isn't too dissimilar to Phorm, its just Phorm got their marketing wrong and scared people.... open dns got it right. There is no way I would use their service.
If you want control over your DNS, just run your own server!
1) I can easily *choose* to use OpenDNS if I want to. I'm not tied in by a long contract like I was with BT.
2) If I decide I don't want to use it anymore, I can disable the service in moments and tell my computers not to talk to OpenDNS at all. I'm not stuck to *hoping* that the opt-out agreement worked.
I think you'd be surprised who uses OpenDNS, there are quite a few large companies listed on their page, not the mention the countless schools (like mine) that use it.
I am thrilled that this service is coming. My network running a botnet is something that scares me, but have little time to investigate.
@AC2 - i'm fairly sure they don't sell their information (they may), I believe they make their money on incorrect URLs redirecting to a google page. either way i don't care. they are providing an excellent service that fits my budget, oh wait, i don't have a budget, so yes, it fits perfectly.
There appears to be a slight difference.
1 Phorm was being applied to all clients of those respective ISPs, whether they wanted it or not. OpenDNS is a voluntary service. Unlike an ISP, it costs you nothing to opt out, other than the time required to go to your router's setup screen and delete their DNS server IPs.
2 Phorm was selling data to advertisers. OpenDNS is _blocking_ data from going to spammers and the like.
3 Phorm was running whether you liked it or not. OpenDNS requires you to actually do something.
Iirc, once upon a time the BBC used to do some kind of simple global load balancing by somehow having different addresses for bbc.co.uk depending on which ISP you were using (eg use a US ISP, get a US server farm address for bbc.co.uk, use a UK ISP, get a UK address, thus saving unnecessary transatlantic traffic and improving responsiveness).
Do they still do that, do others do anything similar, how does that interact with OpenDNS?
Yes because OpenDNS is nothing like Phorm. Anyone with a basic understand of ether technology could see that.
Phorm is something most people dont get a choice in ISP's just force it upon them. OpenDNS is something you use by choice, and these features have to then be activated if you want them. OpenDNS also does not sell your browser habits onto 3rd parties so they can specificly target advertising at you. Last of all a DNS query looks up an IP address for a host name, it does not the url information across, however phrom captures all this additional data that cant even be put into a DNS request.
Ether way big plus for OpenDNS :) nice to see an already great and free service being improved when all those around them are just looking for ways to get you to part with more of your hard earned money.
The worm is using a pseudo random number generator creating an endless stream of domain names.
Once they figured out the algorithm being used ... they could have taken over the entire network at any time and have the infected systems run code to disinfect themselves.
Unfortunately hacking someone's computer to help remove an infection is still illegal.
Its not rocket science after all, its called a similarity.. except this system works globally.. instead of just one ISP's network. In that respect, its more sinister.
Phorm by design (as el reg reported) doesn't interfere with the flow of traffic.
openDNS by design, interferes!
This new plan, filter your DNS, is even more interference. Anything to stop them, say, diverting your requests to a more dodgy associate? Is this google in disguise?
What is to stop them being in charge of the bloody Trojan network? They say they are not? Nobody's asked them? They seem to be capitalising on it pretty quickly.. almost B movie quickly.
Only DNS requests get funnelled through openDNS.. what if this new bot army suddenly uses a backup IP address.. and gets a new algorithm? What if they figure out how to incorporate p2p?
What then openDNS?
Does anyone really care if their network gets taken over by a trojan? It just means some hacker was too lazy to do it himself, so automated the task.. like a good admin should.
My network is now in his interest to protect.. ergo, you just acquired a hacker looking over your shoulder, cleaning up those "other" virii and malware.. well, in my utopian vision.. if all the altruistic hacker movies are correct..
In reality, a user complains the box is slow.. eventually.. when the machine is freshly cloned, it goes away.. waiting for the next one.. don't you just get bored with it all?
Its like we are all stuck in an infinite loop, patch/hack/patch/hack/upgrade/hack/patch/hack.. I believe its called software development, but the only party not enjoying themselves in this extended model, is the user!
Dire warnings, visions of hacker strength, embellishments and misunderstandings.. the media is making this an issue. What is it really? The product of laziness and overcomplicating things. Nerd problems.
I got a job in IT, its fun! Play war games with hackers all year!
That is how I see it. A big fun game you get to play till you retire! Like Risk, only with more pieces! I count on the machine being infected, that is the best chance I have of fixing the problems with them.. like finally being able to patch it, because the bosses wont let me patch them automatically, in case it breaks something, but won't let me have a test network to make sure it wont.. you get restrictions in this game, you get rules(rfcs), your board, your pawns, your dice, your playing cards, your bloody keyboards all rolled into one!
Are you a chaotic-evil troll with a C++3 of infection? or are you a lawful-good paladin with only a mild vision of what you hope to achieve in the dire prophesied land ahead? Why would the world be diced into fewer categories than have been imagined for other games?
It is a vast imaginary playing field people, get out there and enjoy yourselves!
How would you like to be infected today?
I have used OpenDNS for about 18 months now, never fails unlike the ISP's servers, which seem to spend more time down than up!
@dr2chase: Perhaps talking to your kids first might have had a more positive effect? Banning it outright, so they head off round their mate's house to get some, well that's what I would do in their position!
I tried OpenDNS for a few months when I was advised that my ISP's (Talk Talk!) own DNS was pants.
The problem was that they use the money-making trick of redirecting mistyped URLs to their own search service. Fantastic eh? Well any DNS lookups that should a not found reply now never do because you'll always get the IP of their search page returned instead. So they break fundamental DNS expected behaviour :-(
Say what? You been taking lessons from The Honourable grahAManFromArse (you have a long way to go, my child)?
Unlike Phorm, unlike Windows Update, OpenDNS is "opt in", its behaviour can be compared with the behaviour of a different source of the "same" information, and so on.
I estimate the risk of trusting OpenDNS as rather less than the risk of trusting Phorm or less than the risk of trusting Windows Update.
Others may make different judgements, and if they do, I'd be glad to hear from them, especially if they are more coherent than your little contribution.
Where's the tinfoil hat icon?