Re: Debian + Verisign's .com/.net hijack
Am 2003-09-17 10:48:33, schrieb Oliver Hitz: Hi all, By now probably everybody has heard about Verisign's latest change to the .net and .com domains (otherwise read about it in your favourite tech news site). While the security of dns per se is not really affected, the change influences other services such as spam countermeasures. Forgotten in my Last Message... If Windows user misspell something the come automaticly to the search site from msn.com because the timeout. Now it is finished ! No timeout on .com and .net domains ;-)) No M$-Logo on screen ;-)) Have a nice Sunday Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Am 2003-09-17 10:48:33, schrieb Oliver Hitz: Hi all, By now probably everybody has heard about Verisign's latest change to the .net and .com domains (otherwise read about it in your favourite tech news site). While the security of dns per se is not really affected, the change influences other services such as spam countermeasures. Forgotten in my Last Message... If Windows user misspell something the come automaticly to the search site from msn.com because the timeout. Now it is finished ! No timeout on .com and .net domains ;-)) No M$-Logo on screen ;-)) Have a nice Sunday Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org.
Re: Debian + Verisign's .com/.net hijack
Am 2003-09-19 10:10:46, schrieb Joel Baker: On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote: On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: 4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at it). Microsoft, VeriSign, and MS Blaster - three great tastes that go great together! (Well, okay, three really nasty tastes that cause a beautifully elegant reprisal against stupidity.) Unfortunately I have no Win2000/ME/XP... I wish I can try it out ;-) Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Am 2003-09-19 10:10:46, schrieb Joel Baker: On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote: On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: 4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at it). Microsoft, VeriSign, and MS Blaster - three great tastes that go great together! (Well, okay, three really nasty tastes that cause a beautifully elegant reprisal against stupidity.) Unfortunately I have no Win2000/ME/XP... I wish I can try it out ;-) Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org.
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Not with IPv6. One more reason to make the switch. :) llama]~$ host -t kjlasjlasdf.com kjlasjlasdf.com record currently not present llama]~$ host kjlasjlasdf.com kjlasjlasdf.com A 64.94.110.11 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC pgp0.pgp Description: PGP signature
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote: On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Ah, so what would happen if many thousands of people ran pings and other things against nonexistant names? There is some evidence (from NANOG) that something much more beautifully subtle and ironic is happening in a similar vein: 1) Take standard-issue Windows 2000 or XP host with a default configuration (to wit, 'append domain when searching for host' - unline the BIND resolver, this is tried *before* the straight name). 2) Set the domain name to 'thiscompanydoesnotexist.com' or some similar value (must be .com/.net, and not actually exist). 3) Do a lookup on 'windowsupdate.com' - it tries to lookup 'windowsupdate.com.thiscompanydoesnotexist.com' (using the example domain above). Returns VeriSign's A record. And now, the payoff... 4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at it). Microsoft, VeriSign, and MS Blaster - three great tastes that go great together! (Well, okay, three really nasty tastes that cause a beautifully elegant reprisal against stupidity.) -- Joel Baker [EMAIL PROTECTED],''`. Debian GNU NetBSD/i386 porter: :' : `. `' `- pgp0.pgp Description: PGP signature
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Not with IPv6. One more reason to make the switch. :) llama]~$ host -t kjlasjlasdf.com kjlasjlasdf.com record currently not present llama]~$ host kjlasjlasdf.com kjlasjlasdf.com A 64.94.110.11 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC pgpzzP1Bf5DGa.pgp Description: PGP signature
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote: On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Ah, so what would happen if many thousands of people ran pings and other things against nonexistant names? There is some evidence (from NANOG) that something much more beautifully subtle and ironic is happening in a similar vein: 1) Take standard-issue Windows 2000 or XP host with a default configuration (to wit, 'append domain when searching for host' - unline the BIND resolver, this is tried *before* the straight name). 2) Set the domain name to 'thiscompanydoesnotexist.com' or some similar value (must be .com/.net, and not actually exist). 3) Do a lookup on 'windowsupdate.com' - it tries to lookup 'windowsupdate.com.thiscompanydoesnotexist.com' (using the example domain above). Returns VeriSign's A record. And now, the payoff... 4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at it). Microsoft, VeriSign, and MS Blaster - three great tastes that go great together! (Well, okay, three really nasty tastes that cause a beautifully elegant reprisal against stupidity.) -- Joel Baker [EMAIL PROTECTED],''`. Debian GNU NetBSD/i386 porter: :' : `. `' `- pgp0zijGwwUVG.pgp Description: PGP signature
Debian + Verisign's .com/.net hijack
Hi all, By now probably everybody has heard about Verisign's latest change to the .net and .com domains (otherwise read about it in your favourite tech news site). While the security of dns per se is not really affected, the change influences other services such as spam countermeasures. Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? Regards, Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 10:48, Oliver Hitz wrote: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Greets -- vbi -- The prablem with Manoca is thot it's difficult ta tell the difference between o cauple af the letters. -- Jacob W. Haller on alt.religion.kibology pgp0.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
Adrian von Bidder said the following on 17/09/03 10:11: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Adding this *hard coded* value to an official Debian package that could be around for a couple of years (in stable) would be foolish IMHO. I haven't reviewed the patch, so may be wrong about the nature of it... (anyone have a link for the patch?) Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Debian + Verisign's .com/.net hijack
It is not hardcoded. A new configuration directive has been added, and it is completely up to the administrator to decide to use it. http://www.isc.org/products/BIND/delegation-only.html Boyan Krosnov, CCIE#8701 http://boyan.ludost.net/ just another techie speaking for himself -Original Message- From: Ronny Adsetts [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 12:58 PM To: Adrian von Bidder Cc: [EMAIL PROTECTED] Subject: Re: Debian + Verisign's .com/.net hijack Adrian von Bidder said the following on 17/09/03 10:11: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Adding this *hard coded* value to an official Debian package that could be around for a couple of years (in stable) would be foolish IMHO. I haven't reviewed the patch, so may be wrong about the nature of it... (anyone have a link for the patch?) Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On 17 Sep 2003, Ronny Adsetts wrote: Adding this *hard coded* value to an official Debian package that could be around for a couple of years (in stable) would be foolish IMHO. I haven't reviewed the patch, so may be wrong about the nature of it... (anyone have a link for the patch?) While the first generation patches work with hardcoded values, there are others that are much more general. Check the link of the ISC patch for a description: http://www.isc.org/products/BIND/delegation-only.html Regards, Oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
What precisely have they done? I'd not heard about their latest idiocy... [I note that I just got html mail from them about a domain renewal... I just delete html mail without reading.] -- -- IN MY NAME:Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 11:57, Ronny Adsetts wrote: Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). host sdkljhsdlfkjsdfkljsdf.cc sdkljhsdlfkjsdfkljsdf.cc has address 206.253.214.102 So - no, it's not been changed back, at least in that case. But then, who uses .cc (except spammers). cheers -- vbi -- dark Turns out that grep returns error code 1 when there are no matches. I KNEW that. Why did it take me half an hour? -- Seen on #Debian pgp0.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
Dale Amon ([EMAIL PROTECTED]) wrote: What precisely have they done? I'd not heard about their latest idiocy... [I note that I just got html mail from them about a domain renewal... I just delete html mail without reading.] They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Andy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
What precisely have they done? I'd not heard about their latest idiocy... They decided to answer to all requests for a non-existing domain in .com or .net with the IP of some of their computers, hosting an advertising page... -- Gael Le Mignot Kilobug - [EMAIL PROTECTED] - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: What precisely have they done? I'd not heard about their latest idiocy... They have registered domains like http://www.islandone-is-bad.org to point to their own web site. (Note: the web site is overloaded and thus frequently doesn't work). HTH -- vbi -- Packages should build-depend on what they should build-depend. -- Santiago Vila on debian-devel pgp0.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: What precisely have they done? I'd not heard about their latest idiocy... [EMAIL PROTECTED]:~$ dig verisign-go-fuck-yourself.com ;; Truncated, retrying in TCP mode. ; DiG 9.2.2 verisign-go-fuck-yourself.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24755 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;verisign-go-fuck-yourself.com. IN A ;; ANSWER SECTION: verisign-go-fuck-yourself.com. 900 IN A 64.94.110.11 ;; AUTHORITY SECTION: com.116276 IN NS g.gtld-servers.net. com.116276 IN NS i.gtld-servers.net. com.116276 IN NS l.gtld-servers.net. com.116276 IN NS d.gtld-servers.net. com.116276 IN NS m.gtld-servers.net. com.116276 IN NS h.gtld-servers.net. com.116276 IN NS c.gtld-servers.net. com.116276 IN NS k.gtld-servers.net. com.116276 IN NS f.gtld-servers.net. com.116276 IN NS j.gtld-servers.net. com.116276 IN NS a.gtld-servers.net. com.116276 IN NS e.gtld-servers.net. com.116276 IN NS b.gtld-servers.net. ;; ADDITIONAL SECTION: g.gtld-servers.net. 116118 IN A 192.42.93.30 i.gtld-servers.net. 116118 IN A 192.43.172.30 l.gtld-servers.net. 116118 IN A 192.41.162.30 d.gtld-servers.net. 116118 IN A 192.31.80.30 m.gtld-servers.net. 116118 IN A 192.55.83.30 h.gtld-servers.net. 116118 IN A 192.54.112.30 c.gtld-servers.net. 116118 IN A 192.26.92.30 k.gtld-servers.net. 116118 IN A 192.52.178.30 f.gtld-servers.net. 116118 IN A 192.35.51.30 j.gtld-servers.net. 116118 IN A 192.48.79.30 a.gtld-servers.net. 115467 IN A 192.5.6.30 e.gtld-servers.net. 116118 IN A 192.12.94.30 b.gtld-servers.net. 116118 IN A 192.33.14.30 ;; Query time: 110 msec ;; SERVER: 62.4.16.70#53(62.4.16.70) ;; WHEN: Wed Sep 17 12:58:57 2003 ;; MSG SIZE rcvd: 495 -- I have sampled every language, french is my favorite. Fantastic language, especially to curse with. Nom de dieu de putain de bordel de merde de saloperie de connard d'enculé de ta mère. It's like wiping your ass with silk! I love it. -- The Merovingian, in the Matrix Reloaded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Ah, so what would happen if many thousands of people ran pings and other things against nonexistant names? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 While the first generation patches work with hardcoded values, there are others that are much more general. Check the link of the ISC patch for a description: http://www.isc.org/products/BIND/delegation-only.html This will only work for a little while as a colleague of mine noted. This will block * IN A 64.94.110.11 but not * IN NS 64.94.110.11 which is a valid delegation. The 64.94.110.11 nameserver should then only return 64.94.110.11 for all requests for A records. - -- arthur - [EMAIL PROTECTED] - http://tiefighter.et.tudelft.nl/~arthur -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE/aE23VYan35+NCKcRAsu1AKDTcrzQ664BAeERJjQ0gM/g/XEkdwCgrL7Z 0QCNqEsJooAzYP5oNtraSmU= =4xx8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
On Wed, 17 Sep 2003, Gaël Le Mignot wrote: What precisely have they done? I'd not heard about their latest idiocy... They decided to answer to all requests for a non-existing domain in .com or .net with the IP of some of their computers, hosting an advertising page... Please note they include the sentence The Value Of Trust in their corporate logo. // Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian + Verisign's .com/.net hijack
Arthur de Jong wrote: This will only work for a little while as a colleague of mine noted. This will block * IN A 64.94.110.11 but not * IN NS 64.94.110.11 which is a valid delegation. The 64.94.110.11 nameserver should then only return 64.94.110.11 for all requests for A records. Paul Vixie addressed just this possibility in [EMAIL PROTECTED] on the NANOG list. You can mark such a name server as bogus. Assuming that IP is routable at all; I have not seen a packet from 64.94.110.11 in over 24 hours. -- see shy jo pgp0.pgp Description: PGP signature
Debian + Verisign's .com/.net hijack
Hi all, By now probably everybody has heard about Verisign's latest change to the .net and .com domains (otherwise read about it in your favourite tech news site). While the security of dns per se is not really affected, the change influences other services such as spam countermeasures. Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? Regards, Oliver
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 10:48, Oliver Hitz wrote: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Greets -- vbi -- The prablem with Manoca is thot it's difficult ta tell the difference between o cauple af the letters. -- Jacob W. Haller on alt.religion.kibology pgpE4Dt5hCpNW.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
Adrian von Bidder said the following on 17/09/03 10:11: Patches for various dns servers to get back to the old behaviour of the dns system have been published. For example, the ISC has just released an official patch for BIND9. I wonder if there are plans to make security upgrades of the dns servers shipped with Debian. Any comments? I for one would really, really, really like for this 'fix' to appear soon. Maintaining hand compiled software is awkward - but I guess I'll do that quite soon. Adding this *hard coded* value to an official Debian package that could be around for a couple of years (in stable) would be foolish IMHO. I haven't reviewed the patch, so may be wrong about the nature of it... (anyone have a link for the patch?) Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). Regards, Ronny Adsetts -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com
Re: Debian + Verisign's .com/.net hijack
What precisely have they done? I'd not heard about their latest idiocy... [I note that I just got html mail from them about a domain renewal... I just delete html mail without reading.] -- -- IN MY NAME:Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org --
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 11:57, Ronny Adsetts wrote: Better to get Verisign to revoke this stupidity. After all, another TLD did the same some time ago and the US government intervened, IIRC, to get it changed back (.biz?). host sdkljhsdlfkjsdfkljsdf.cc sdkljhsdlfkjsdfkljsdf.cc has address 206.253.214.102 So - no, it's not been changed back, at least in that case. But then, who uses .cc (except spammers). cheers -- vbi -- dark Turns out that grep returns error code 1 when there are no matches. I KNEW that. Why did it take me half an hour? -- Seen on #Debian pgpxeU6OrFoWK.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
What precisely have they done? I'd not heard about their latest idiocy... They decided to answer to all requests for a non-existing domain in .com or .net with the IP of some of their computers, hosting an advertising page... -- Gael Le Mignot Kilobug - [EMAIL PROTECTED] - http://kilobug.free.fr GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959 Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org
Re: Debian + Verisign's .com/.net hijack
On Wednesday 17 September 2003 12:46, Dale Amon wrote: What precisely have they done? I'd not heard about their latest idiocy... They have registered domains like http://www.islandone-is-bad.org to point to their own web site. (Note: the web site is overloaded and thus frequently doesn't work). HTH -- vbi -- Packages should build-depend on what they should build-depend. -- Santiago Vila on debian-devel pgpn2o3pf2IdC.pgp Description: signature
Re: Debian + Verisign's .com/.net hijack
Dale Amon ([EMAIL PROTECTED]) wrote: On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote: They've put a wildcard DNS entry for .com and .net to resolve to their product called SiteFinder which offers a IE/MSN like Did you mean to type services. So any domain that doesn't exist, or in the PENDING/DELETE states, or has no nameservers associated with it, now resolves. Ah, so what would happen if many thousands of people ran pings and other things against nonexistant names? Pings are being blocked AFAIK, but there are many ports open (mail for example). Best bet is to search the NANOG lists (www.nanog.org), whole lotta information and discussion about it there. Andy.
Re: Debian + Verisign's .com/.net hijack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 While the first generation patches work with hardcoded values, there are others that are much more general. Check the link of the ISC patch for a description: http://www.isc.org/products/BIND/delegation-only.html This will only work for a little while as a colleague of mine noted. This will block * IN A 64.94.110.11 but not * IN NS 64.94.110.11 which is a valid delegation. The 64.94.110.11 nameserver should then only return 64.94.110.11 for all requests for A records. - -- arthur - [EMAIL PROTECTED] - http://tiefighter.et.tudelft.nl/~arthur -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE/aE23VYan35+NCKcRAsu1AKDTcrzQ664BAeERJjQ0gM/g/XEkdwCgrL7Z 0QCNqEsJooAzYP5oNtraSmU= =4xx8 -END PGP SIGNATURE-
Re: Debian + Verisign's .com/.net hijack
On Wed, 17 Sep 2003, Gaël Le Mignot wrote: What precisely have they done? I'd not heard about their latest idiocy... They decided to answer to all requests for a non-existing domain in .com or .net with the IP of some of their computers, hosting an advertising page... Please note they include the sentence The Value Of Trust in their corporate logo. // Thomas
Re: Debian + Verisign's .com/.net hijack
Arthur de Jong wrote: This will only work for a little while as a colleague of mine noted. This will block * IN A 64.94.110.11 but not * IN NS 64.94.110.11 which is a valid delegation. The 64.94.110.11 nameserver should then only return 64.94.110.11 for all requests for A records. Paul Vixie addressed just this possibility in [EMAIL PROTECTED] on the NANOG list. You can mark such a name server as bogus. Assuming that IP is routable at all; I have not seen a packet from 64.94.110.11 in over 24 hours. -- see shy jo pgpV66eptaCgn.pgp Description: PGP signature