nanog mailing list archives
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 31 May 2012 08:51:41 -0700
In a message written on Thu, May 31, 2012 at 08:14:40AM -0500, cncr04s/Randy wrote:
Exactly how much can it cost to serve up those requests... I mean for 9$ a month I have a cpu that handles 2000 *Recursive* Queries a second. 900 bux could net me *200,000* a second if not more. The government overspends on a lot of things.. they need some one whos got the experience to use a bunch of cheap servers for the resolvers and a box that hosts the IPs used and then distributes the query packets.
The interesting bit with DNSChanger isn't serving up the requests, but the engineering to do it in place. Remember, all of the clients are pointed to specific IP addresses by the malware. The FBI comes in and takes all the servers because they are going to be used in the court case, and then has to pay someone to figure out how to stand a service back up at the exact same IP's serving those infected clients in a way they won't notice. This includes include working with the providers of the IP Routing, IP Address blocks, colocation space and so on to keep providing the service. In this case it was also pre-planned to be nearly seamless so that end users would not see any down time, and the servers had to be fully instrumented to capture all of the infected client IP addresses and report them to various parties for remediation, including further evidence to the court for the legal proceedings. The FBI also had to convince a judge this was the right thing to do, so I'm sure someone had to pay some experts to explain all of this to a judge to make it happen. I suspect the cost of the hardware to handle the queries is neglegable, I doubt of all the money spent more than a few thousand dollars went to the hardware. It seems like the engineering and coordination was rather significant here, and I'll bet that's where all the money was spent. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
_bin
Description:
Current thread:
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable, (continued)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Florian Weimer (May 28)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable cncr04s/Randy (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Christopher Morrow (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Miles Fidelman (May 31)
- Re: Re: Vixie warns: DNS Changer ‘blackouts’ inevitable valdis . kletnieks (May 31)
- Re: Re: Vixie warns: DNS Changer ‘blackouts’ inevitable cncr04s/Randy (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Nick Hilliard (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Richard Golodner (May 31)
- RE: Re: Vixie warns: DNS Changer 'blackouts' inevitable John Lightfoot (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable david raistrick (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Leo Bicknell (May 31)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Owen DeLong (May 23)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Joe Abley (May 23)
- Re: Vixie warns: DNS Changer ?blackouts? inevitable Stephane Bortzmeyer (May 23)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable valdis . kletnieks (May 23)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable George Herbert (May 23)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Brett Watson (May 23)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Lynda (May 23)
- Re: Vixie warns: DNS Changer ‘blackouts’ inevitable Jason Hellenthal (May 23)