digg

Facebook Connect Join Digg About
See the original image at computerworld.com

DNS trouble knocks NSA off Internet

computerworld.com 'Our techs are working on it,' says an agency spokeswoman

Who dugg this? Made popular May 16, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

77 Comments

show profanity settings
expand all
  • maracle2, on 05/16/2008, -0/+76I'm headed Cali-fornie-way to find me some internet
  • buffyangel108, on 05/16/2008, -0/+39NSA: no snooping access. Yay!
  • WiseWeasel, on 05/16/2008, -2/+40Quick, let's talk about the constitution while no one's looking! : P
  • elamr, on 05/16/2008, -7/+36Ironic: NSA employs the country's premier cryptologists. It is said to be the largest employer of mathematicians in the United States and perhaps the world.

    good scientist/mathematician != good computer technician
  • steaprok, on 05/16/2008, -0/+27HA! sounds like checks in the mail....
  • Terasiel, on 05/16/2008, -1/+19I'm so glad it's these people who are in charge of our national security. Makes me feel down right safe.
  • kevin1987, on 05/16/2008, -1/+18I find it hard to believe that they had both DNS servers running off the same machine, that just goes against common sense :
  • awesometastic1, on 05/17/2008, -2/+17wow, so does this mean for the next day or so we are now free to defend and discuss the constitution without fear of men in black suits showing up and carting us off to be tortured??? FREEEEEEEDDDDDDOOOOOOOMMMMM!!!!
  • schneidafunk, on 05/17/2008, -1/+15This is not a big deal at all, the only thing affected was their public website (internal network was probably working just fine). I'm sure all of their spying equipment at AT&T is still working just fine.
  • DiggDuggDugged, on 05/16/2008, -1/+13Not to put too fine a point on it but this is pretty much a non-story. NSA has structured their networks so that these DNS servers has no bearing on the Agency's day-to-day operation. The small nation of employees there would have had access to all the network resources they are accustomed to and still been able to send and receive all the email they would ever need. The analyst cited in the story maybe correct that NSA has bungled their security implementation on these particular servers but the rest of his comments smell like fear mongering for attention to me.
  • terajoule, on 05/16/2008, -0/+11Alert the Internets!
  • dh122, on 05/16/2008, -0/+9Yeah, well karma is a bitch.
  • awesometastic1, on 05/17/2008, -0/+8 "In fact, the NSA has made some basic security mistakes with its DNS servers, according to McPherson. The NSA should have hosted its two authoritative DNS servers on different machines, so that if a technical glitch knocked one of the servers offline, the other would still be reachable. Compounding the problem is the fact that the DNS servers are hosted on a machine that is also being used as a Web server for the NSA's National Computer Security Center.

    "Say there was some Apache or Windows vulnerability and hackers controlled that server, they would now own the DNS server for nsa.gov," he said. "That really surprised me. I wouldn't think that these guys would do something like that." "

    Wow, how are hackers not daily breaking into the NSA's system? What did they do, hire a couple high-schoolers to setup their DNS and web servers??
  • max420, on 05/16/2008, -3/+11Omigod. That really is embarassing. I was able to set up my own DNS server for the first time a few weeks ago. I had both servers running on the same machine for about 3 days, until the second server showed up. At which point I set up a secondary DNS server.

    The fact that these guys were hosting two DNS servers, and one Web Server on the same machine is retarded. I wonder how much of a credebility hit these guys will take because of it.
  • jmhyer51, on 05/16/2008, -0/+8Newsflash: everything bad in the world is not Bush's fault, just most of it.
  • Pixelpaws, on 05/16/2008, -0/+8The NSA had credibility?
  • Laminarcissus, on 05/16/2008, -0/+7Or so they say...
  • jmhyer51, on 05/16/2008, -1/+7They should have rerouted through Opendns.
  • SPThom, on 05/17/2008, -2/+8"good scientist/mathematician != good computer technician"

    Well... I agree. That being so, what's even remotely ironic about this?
  • ParanoydAndroid, on 05/17/2008, -0/+5It actually does make me feel safer, knowing that there's a chance the NSA has reduced capabilities for a while.
    I'm pretty sure their internal network and things like Echelon and Carnivore are still running, but a man can dream can't he?
  • YodaJones, on 05/16/2008, -2/+7Haaaaa haaaaaa. Umm, the best of the best? losers.
  • DiggDuggDugged, on 05/17/2008, -0/+5I work in the IT department of a company affiliated with NSA, hold a security clearance, and am familiar with their basic network topography. Nothing I have said in this thread steps over the line and gives information away in such a way as to jeopardize their mission.

    The days of NSA being an uber secret spy agency are long over. There are signs on all the highways around Ft Meade that lead you directly to the NSA campus and they have their own NSA branded paraphernalia sold in their own NSA gift shop, for you to freely give away as gifts. This isn't your father's spy agency.
  • hellotyler, on 05/17/2008, -0/+5Then when your ONE box with no redundancy setup goes down, so does your entire network. Yeah, what a GREAT system.

    Didn't people learn anything from RAID 1 ?
  • haydesigner, on 05/17/2008, -0/+4I, too, fail to see the irony.
  • AlaskaLoneWolf, on 05/16/2008, -3/+7Aren't these guys supposed to be the computer ninjas? Maybe it's those darned Chinese hackers again.
  • AmericansRevolt, on 05/16/2008, -6/+9the nsa represents the most vicious attack our constitution ever faced. privacy in america has vanished and personal freedoms are dying faster then the earthquake people in china. i wish the nsa would die and go to hell, and oh yeah since theyre not listening right now IVE GROWN WEED IN MY BACKYARD HAHAHAHA what a ***** joke
  • tcpip4lyfe, on 05/16/2008, -2/+5Wait they aren't hosting their DNS on a Master/slave system? How hard is it to setup an extra linux box and Bind9?
  • GavinZac, on 05/17/2008, -0/+3www.opendns.org ftw
  • briangig, on 05/17/2008, -0/+3i never realized how weird the nsa website was...
  • mhearne, on 05/18/2008, -0/+3I have a room full of old computers and even a couple of servers that I could let them have. What I don't get is why a DNS server, which should be dedicated, would have been doubling as a web server as well.

    I have to wonder who set this all up. This was not a "small problem with their network". Anyway, I shouldn't worry about being spied on so much, if my office network is more secure than nsa.gov!
  • dmourati, on 05/16/2008, -5/+7$ dig -t ns nsa.gov +short
    romulus.ncsc.mil.
    topscale.nsa.gov.
  • roflbrothel, on 05/17/2008, -1/+3How do YOU know this?

    If you work for the NSA, couldn't you get fired or punished for even telling people what yo do let alone revealing any information about how their networks work (or don't work)?

    If you don't work for the NSA, how do you know?
  • looksliketrent, on 05/17/2008, -0/+2Their website (nsa.gov) gives me the feeling I'm being watched.
  • j3one, on 05/17/2008, -0/+2The actually took it down because it was hacked. Not a big deal as its a fairly easy to exploit cms they are using.
  • stretch611, on 05/17/2008, -0/+2NSA?!? There is No Such Agency, show why would they have a website?
  • vanza001, on 05/17/2008, -3/+5Its called virtualization. When you have 4 cores and 32 G of ram you can set up multiple virtual machines in one box.
  • oldgal, on 05/17/2008, -0/+2This was well understood in the 80's.
  • Cartmants, on 05/17/2008, -0/+1Silly Coldfusion...
  • Princeamor, on 05/17/2008, -0/+1You have all been logged in the "possible terrorist activity" list, and will be monitored for the next consecutive 45 days.
  • haterofps3, on 05/17/2008, -0/+1How does that make sense? the internet is an ever growing history of comments and ideas. Just cause they can't read it today does not mean they can't read it tomorrow or the next day. Hell it probably show up on did again in a couple months!

    You have no freedom because you got scared and traded it in for some magic beans!
  • bobzibub, on 05/17/2008, -0/+1Not DNS, DOS!
    (Secret box in secret AT&T office:)
    1) hmmm packet to nsa.gov! I'd better forward a copy to nsa.gov!
    2) hmmm 2 packets to nsa.gov! I'd better copy those on to nsa.gov!
    ...
    3) profit?
  • YodaJones, on 05/17/2008, -0/+1I am better. Thank you.
  • j3one, on 05/17/2008, -0/+1well while your at it, tell the NSA to tell "PeopleSoft, Inc" that their "help" link on the employment popup links to "helpwebserver.com" - a domain for sale.
  • kollross, on 05/17/2008, -0/+1I would agree, this is somewhat of a crap story. Yes maybe their external mail presence might have been affected but thats about it. I would imagine they multiple internal dns systems on the local network which has no connection to their public stuff, why wouldn't they, do any other large organizations to the hosts names of internal machines on the public dns....no. Also why do people assume this is all on one box? Same IP or what? If thats what they are basing it on clearly they have never come into contact with any CSS switches Ace modules or any other form load balancers before?
  • CarzorStelatis, on 05/17/2008, -0/+1You'd think that the US security agency responsible for cryptography and information warfare would at least have backup DNS servers :P
  • chrisxkelley, on 05/17/2008, -0/+1"Say there was some Apache or Windows vulnerability[...]"

    Who the hell uses Apache on Windows for a production server?
  • digitalarcanum, on 05/17/2008, -0/+1I'd have to say that is quite stupid of them. it's not like they couldn't use ESX server and set up vmove to fire up the virtual machine on another box if the first one goes down. Leave it to the government to ***** up something like this.
  • max420, on 05/16/2008, -1/+2Haha, awesome.
  • conna, on 05/17/2008, -0/+1They were just testing something. I doubt that this was an accident, we pay good money for those supercomputers they been upgrading all those years.
  • Elliuotatar, on 05/17/2008, -0/+1LOL
  • Fetching more discussions...
    Show 51 - 77 of 77 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.