Microsoft’s takedown of No-IP – there’s a better way to battle DNS abuse

CorporatePartnersServerSophosLabsDNSMaxim WeinsteinMicrosoftNaked SecurityNo-IP

no-ip-150Microsoft’s takedown of the No-IP dynamic DNS service generated a lot of controversy when legitimate customers were impacted by the disruption of 18,000 subdomains abused by cybercriminals.

Microsoft has done its fair share of good, frequently working with law enforcement to take out servers that control malware spewing bots, such as the ZeroAccess botnet. But in this case, Microsoft misfired and caused a lot of collateral damage, according to Sophos security adviser Maxim Weinstein.

In a new post at Dark Reading Maxim writes that the Microsoft vs. No-IP case highlights the need for “clear standards of abuse handling, and transparency on which service providers measure up.”

Rather than take an opportunity to work with No-IP, Microsoft acted unilaterally, suing in court to get an order for the takedown.

A better course of action would be working with industry partners to enforce standards for service providers like No-IP and encourage them to clean up their act before things get out of hand.

Max writes:

... [The] solution to the abuse of intermediary service providers is increased cooperation and transparency, not controversial one-off takeovers by individual private companies.

Many readers of our article at Naked Security responded to our poll asking whether Microsoft’s takedown of the No-IP domains was going too far – 54% said “yes,” but there is room for debate.

You can read Max’s full article here: Microsoft, No-IP, And The Need For Clarity.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s