Microsoft's No-IP.com Domain Seizure Apparently Causing Outages For Some SonicWall Customers

Microsoft's recent cybercrime-related seizure of 23 domains from No-IP.com, a Reno, Nev.-based company that provides a popular free dynamic DNS service, is causing outages for millions of legitimate users of the service -- and apparently, at least one security vendor.

The No-IP.com outages are having an impact on some customers of SonicWall, a vendor of network security and content control hardware appliances, Marc Harrison, president of Silicon East, a Manalapan, N.J.-based SonicWall partner, told CRN Tuesday.

SonicWall, which Dell acquired in 2012, supports No-IP.com and other dynamic DNS services in its products.

Harrison said hundreds of his SonicWall customers began experiencing outages on Monday and contacted him for help.

id
unit-1659132512259
type
Sponsored post

Some of these customers are apartment complexes that run security surveillance cameras behind SonicWall firewalls, using No-IP.com's dynamic DNS service to relay the video feeds. But these feeds were still not working as of Tuesday evening Eastern time, Harrison said.

CRN reached out to a half-dozen other SonicWall partners, but none reported having similar issues. Representatives from Dell SonicWall didn't respond to a request for comment.

No-IP.com and other dynamic DNS services are commonly used by remote workers to connect VoIP phones and video cameras to the Internet. Their popularity stems in large part from the fact that static IP addresses are expensive.

Microsoft has justified its actions by claiming that No-IP.com's domains have been regularly used in malware attacks against millions of Windows users. And in Microsoft's view, No-IP.com hasn't done enough to stop this activity.

Microsoft filed a restraining order against No-IP.com in the U.S. District Court for Nevada on June 19. The court transferred DNS authority over the domains to Microsoft a week later.

Microsoft, which has a well-established track record of using legal means to break up botnets, said No-IP.com bears the brunt of the blame for allowing criminals to use its service for nefarious purposes.

As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure," Richard Domingues Boscovich, assistant general counsel in Microsoft's Digital Crimes Unit, said in a blog post Monday.

"If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online," Boscovich said in the post.

However, in seizing the domains, Microsoft has disrupted service for a large chunk of the dynamic DNS service's users, No-IP.com said in a statement Monday. The company also claims that Microsoft never reached out to it first before going to the courts.

"Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors," No-IP.com said in the statement.

NEXT: Microsoft Says No-IP.com Service Outage Has Been Addressed

In an email to CRN, a Microsoft spokesperson said a "technical error" caused some legitimate No-IP.com customers to experience "a temporary loss of service," but all service was restored to those customers as of 6 a.m. Pacific Time.

But Silicon East's Harrison said this isn't accurate, at least from his perspective. After doing tests on his own domains, he discovered that traffic was looping back to Microsoft instead of to his Lakewood, N.J., location, as is normally the case.

Meanwhile, on Twitter, the court of public opinion appears to be strongly against Microsoft in this case.

Microsoft just hijacked a DNS provider. Not for doing anything wrong, but for failing to prevent abuse. Questionable.

/**/ /**/

Maybe Microsoft should withdraw Internet Explorer, it is after all a popular infection vector.

/**/ /**/

Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy, told CRN he considers Microsoft's seizure of No-IP.com's domains to be "heavy-handed," but said such services are regularly abused by malware authors.

"These big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move," Plato said of Microsoft's malware-fighting tactics. "With DNS names black-holed, the botnet essentially becomes useless. It cannot communicate back to its command infrastructure."

It is unclear how much of a long-term benefit Microsoft's latest antimalware actions will have, according to Plato. "Malware creators are developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems," he said.

PUBLISHED JULY 2, 2014