Subject: Microsoft announces new ways to bypass security controls Date: Sun, Sep 14,
2003 at 10:03:32PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]):
Of course, Microsoft isn't the only one with mail protocol security
weaknesses.
POP3 is probably responsible for more cleartext passwords
At 03:22 AM 9/15/2003, Mans Nilsson wrote:
Subject: Microsoft announces new ways to bypass security controls Date:
Sun, Sep 14, 2003 at 10:03:32PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]):
Of course, Microsoft isn't the only one with mail protocol security
weaknesses.
POP3 is probably
Speaking on Deep Background, the Press Secretary whispered:
We see that even when we offer POP with SSL and SMTP AUTH with SSL, few
customers wind up using it. That there are continuing problems with the
commercial certificate infrastructure doesn't help matters.
Examples of the
I am helping on several areas for the design, testing, and deployment of a
Metro Ethernet network (based on MPLS) in the Pacific rim. If you or if you
know anyone interested in working over seas for a year or so drop me an
email with contact information.
Cheers,
Doug Peeples
Hallo nanogers,
someone out there in the Detroit Area ? Need some information about T1
connection and Watchguard reseller/partner.
Please contact me off list
--
Best regards,
Frank Kuempelmailto:[EMAIL PROTECTED]
If it's there and you can see it - it's
Hallo nanogers,
would anyone know of any pathchar servers
(similarly to traceroute servers)?
Fontas
PS: clink or pchar would be fine too
We are seeing the same problem on all of the 6400-nrp aggregation boxes we
have in the network. Here is the IOS bug ID - CSCec12495.. Actually by rate
limiting icmp on our network the problems have stopped/slowed down a lot.
Sorry for the delay.. Was out of the country for a while..
Mark
--
When I checked last week 1 in 4 packets was an ICMP message, so we rate
limited ICMP ECHO and ICMP ECHO-REPLY messages.. And it only bugged PING'ers
and windows traceroute users.. All those low memory alarms are now no
longer plaguing our NMS.
Mark
--
Mark Segal
Director, Network Planning
I realize this isn't arguing about Windows patch mechanisms, but recently
realized I've never answered this issue to my own satisfaction... How long
do we keep upgrading and using network hardware once it's fallen off the
support lists? The Cisco 7500 finally went off back in Feb of this year,
I couldn't find anything that said the 7500 is end-of-life/support/etc...
This is all I found on their site regarding the 7500:
End-of-Sale/End-of-Life: FEIP2-DSW-2TX FEIP2-DSW-2FX
09/Jul/2003
End of Sale/End of Life: SA-ENCRYPT Services Adapter
31/Mar/2003
End of Sales - VIP2-50, No. 1868
Got love nanog..
A nice man from cisco called me, it looked like a lot of packets on my
router were being process switched (sh ip cache - displayed A LOT of
entries). Anyway, it turns our some of my atm sub-ints inherited a no ip
route-cache cef from a parent int and well you can see what
Ah, quite right. It's the RSP2 that EOLd, but of course the RSP4/8/16 can
be used in the 7500, so the chassis continues to be supported. Good
news in this customer's case, though actually, they do have an RSP2, so
are still somewhat affected. RSP2 went away as of 16 Feb 2003, as per
Hi
I am looking if somebody has some experience with Internetwork smarTest.
Any feedback (preferably off list) would be greatly appreciated.
Dean
Anyone experiencing problems connecting to Earthlink through WilTel ?
Tracing the route to 207.217.121.218
1 elpstx1wce2-pos3-1.wcg.net (64.200.226.225) [AS 7911] 12 msec 12
msec 16 msec
2 dllstx1wcx2-oc48.wcg.net (64.200.210.209) [AS 7911] 96 msec 224 msec
40 msec
3
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
It even responds on port 25 (says 550 on every RCPT TO). Gah.
--
On Tue, 16 Sep 2003, Niels Bakker wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
It even responds on port 25
A wildcard A record in the net TLD.
It's Verisign's return shot at the web browser couldn't find this page
searches. Doesn't seem to have much by way of advertising yet, but I'm
sure that'll change. I heard about this coming from somewhere last week,
though I don't recall where. Probably
Once upon a time, Niels Bakker [EMAIL PROTECTED] said:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
It even responds
On Tue, Sep 16, 2003 at 12:56:57AM +0200, Niels Bakker wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
It even
On 9/15/03 3:56 PM, Niels Bakker [EMAIL PROTECTED] wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
It even
On Monday, September 15, 2003, at 07:11 PM, George William Herbert
wrote:
A wildcard A record in the net TLD.
It's Verisign's return shot at the web browser couldn't find this
page
searches. Doesn't seem to have much by way of advertising yet, but
I'm
sure that'll change. I heard about
-BEGIN PGP SIGNED MESSAGE-
Tim Wilde wrote:
On Tue, 16 Sep 2003, Niels Bakker wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name
Once upon a time, Richard A Steenbergen [EMAIL PROTECTED] said:
On Tue, Sep 16, 2003 at 12:56:57AM +0200, Niels Bakker wrote:
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
I would say time to null route this horribly inappropriate scam, but it
looks
Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is
being added now. We have prepared a white paper describing VeriSign's
wildcard implementation,
It's Verisign's return shot at the web browser couldn't find this page
searches. Doesn't seem to have much by way of advertising yet, but I'm
sure that'll change. I heard about this coming from somewhere last week,
though I don't recall where. Probably Wired or the WSJ. Verisign wants
A wildcard A record in the net TLD.
It's Verisign's return shot at the web browser couldn't find this page
searches. Doesn't seem to have much by way of advertising yet, but I'm
sure that'll change. I heard about this coming from somewhere last week,
though I don't recall where.
-- On Tuesday, September 16, 2003 00:56 +0200
-- Niels Bakker [EMAIL PROTECTED] supposedly wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer
On Tue, 16 Sep 2003, Jeroen Massar wrote:
-BEGIN PGP SIGNED MESSAGE-
Tim Wilde wrote:
On Tue, 16 Sep 2003, Niels Bakker wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host
On Mon, 15 Sep 2003, Chris Adams wrote:
Someone has already brought up the idea on the BIND list of modifying
BIND to recognize this response and converting it back to NXDOMAIN.
That would be me -- I posted to comp.protocols.dns.bind, not realizeing it
was a mailing list gateway.
This also
-- On Monday, September 15, 2003 19:30 -0400
-- Mark Vallar [EMAIL PROTECTED] supposedly wrote:
The bigger issue is DNS troubleshooting.what a nightmare when a query
of the *.gtld-servers.net servers does not return an error. What happens
when they change the IP because of null-route'ing of
On Tue, Sep 16, 2003 at 01:18:26AM +0200, Jeroen Massar wrote:
Even worse of this is that you can't verify domain names under .net
any more for 'existence' as every .net domain suddenly has a A record
and then can be used for spamming...
From: Spammer [EMAIL PROTECTED]
To: You [EMAIL
On Mon, Sep 15, 2003 at 07:17:59PM -0400, Matthew Crocker wrote:
This is sufficiently technically and business slimy that
I would null-route that IP, personally.
Nah, just route it to a Linux box with transparent proxy and show your
own 'Websites-R-Us' page to your customers.
Or a
Once upon a time, Christopher X. Candreva [EMAIL PROTECTED] said:
This also blows away the whole idea of rejeting mail from non-existant
domains -- never mind all the bounces to these non-existant domains when the
spammers get ahold of them. Boy, I hope they have a good mail server
responding
On Mon, 15 Sep 2003, Mark Vallar wrote:
This is sufficiently technically and business slimy that
I agree completely. Verisign marketing practices are getting worse by the
day with introduction of redeption period, fees for non-working international
domains, prevention of domain transferes,
On Mon, 15 Sep 2003, Patrick W. Gilmore wrote:
Anyone wanna patch BIND such that replies of that IP addy are replaced with
NXDOMAIN? That solves the web site and the spam problem, and all others,
all at once.
I took a look at the Bind 8.3.4 code this afternoon, but couldn't readily
find
On Mon, 2003-09-15 at 19:35, ken emery wrote:
According to the article in the link posted from cbronline.com this has
been done by NeuStar who runs the .biz and .us domain registries. The
company which runs this service for NeuStar claims to be able to
differentiate between http and other
I'm going to hack my BIND so it'll discard wildcard RRs in TLDs, as a
matter of reducing the flood of advertising junk reaching my desktop.
I think BIND resolver developers would do everyone a service by adding
an option having the same effect.
Thank you, VeriSign, I will never do business
Did it occur to Verisign that perhaps this needed
some external policy and technical review before
you just went ahead and did this?
Have you formally or informally asked ICANN, the US DOC,
etc. for policy approval? If so, where and when?
Did you consider that nonexistent domains returning
On Tue, 16 Sep 2003, Daniel Roesen wrote:
VeriSign: WHO DO YOU THINK YOU ARE?
And don't try to tell us that you want to help users who mistype
addresses. You want to make money with typos, that's all. Any Site
Finder stuff is absurd by itself.
and their list of justifications for why what
On Mon, 15 Sep 2003, Vadim Antonov wrote:
I'm going to hack my BIND so it'll discard wildcard RRs in TLDs, as a
matter of reducing the flood of advertising junk reaching my desktop.
Please share your hack !
==
Chris Candreva -- [EMAIL
-BEGIN PGP SIGNED MESSAGE-
Matthew S. Hallacy wrote:
On Tue, Sep 16, 2003 at 01:18:26AM +0200, Jeroen Massar wrote:
Even worse of this is that you can't verify domain names under .net
any more for 'existence' as every .net domain suddenly has
a A record
and then can be used
You mean you have been studying a way for more people to buy domain through you.
I also am modifying BIND to convert your wildcard #$%^^% to NXDOMAIN.
Between the domains that I have with you and all the problems we've had with it
each time you 'change' your web interface, I've already made my
Haesu wrote:
[]
Before I figure out this BIND thing, for now..
box02jp5-cr01.twdx.net# set routing-options static route 64.94.110.11/32 discard;
Please do no do that. You, or your users, will end up having
TONS of undeliverable bounces for forged/bogus domains sitting
in mail spools...
/mjt
Can they realistically enforce a TOS on a site like that, and how can they
provide a remedy for it?
I, for one, do not agree to their terms of service.
Thanks
-a-
Adam 'Starblazer' Romberg Appleton: 920-738-9032
System Administrator
Jeroen Massar [EMAIL PROTECTED] wrote:
Any kiddie group already planning to take down the advert server ?
It's just 1 IP to take out a *lot* of domains, anything you can mistype ;)
Look mommy we took down think up something.net, now you see it now you...
idea for next virus: after
It looks like it broke. Your web server (64.94.110.11) is inoperative.
How about backing out the change
Matt Larson wrote:
Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The
Looks like they pulled it now.
[EMAIL PROTECTED]:/var/log$ host rarrarrarrarblah.com
rarrarrarrarblah.com does not exist (Authoritative answer)
thanks,
-a-
Adam 'Starblazer' Romberg Appleton: 920-738-9032
System Administrator
ExtremePC
On Tue, 16 Sep 2003, Michael Tokarev wrote:
Haesu wrote:
Before I figure out this BIND thing, for now..
box02jp5-cr01.twdx.net# set routing-options static route 64.94.110.11/32 di$
Please do no do that. You, or your users, will end up having
TONS of undeliverable bounces for
http://www.verisign.com/corporate/about/contact/index.html
Give 'em hell.
apl
Niels Bakker wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain name pointer
On Mon, Sep 15, 2003 at 07:28:51PM -0500, Adam 'Starblazer' Romberg wrote:
Looks like they pulled it now.
[EMAIL PROTECTED]:/var/log$ host rarrarrarrarblah.com
rarrarrarrarblah.com does not exist (Authoritative answer)
; DiG 8.4 any rarrarrarrarblah.com.
;; res options: init recurs
Yeah, speaking too quickly.
*hides*
Thanks
-a-
Adam 'Starblazer' Romberg Appleton: 920-738-9032
System Administrator
ExtremePC LLC-=- http://www.extremepcgaming.net
On Mon, 15 Sep 2003, Jared Mauch wrote:
On Mon, Sep 15, 2003
On Mon, 15 Sep 2003, Adam 'Starblazer' Romberg wrote:
Looks like they pulled it now.
[EMAIL PROTECTED]:/var/log$ host rarrarrarrarblah.com
rarrarrarrarblah.com does not exist (Authoritative answer)
They haven't implemented it on .com, only .net .
--
Jay Hennigan - CCIE #7880 - Network
Adam 'Starblazer' Romberg wrote:
Looks like they pulled it now.
[EMAIL PROTECTED]:/var/log$ host rarrarrarrarblah.com
rarrarrarrarblah.com does not exist (Authoritative answer)
Nah, just zone propagation issues. Some gtld servers still
have old zone data.
/mjt
On Mon, Sep 15, 2003 at 07:39:20PM -0500, Adam 'Starblazer' Romberg wrote:
Yeah, speaking too quickly.
*hides*
I also typed a bit too quickly.
I'm guessing due to the uprising they've pulled this.
I was just going to call the dept of commerce tomorrow and
file a
FYI: A quick look shows 14 TLDs that appear to have wildcard records:
ac
cc
com
cx
mp
museum
net
nu
ph
pw
sh
tk
tm
ws
The following TLDs answer for '*.tld' but do not appear to have wildcard
records:
bz
cn
tw
It appears that the most reliable way to detect a wildcard response for
At 04:18 PM 9/15/2003, Jeroen Massar wrote:
Even worse of this is that you can't verify domain names under .net
any more for 'existence' as every .net domain suddenly has a A record
and then can be used for spamming...
so, every spammer in the world spams versign. The down side of this is ...
I want my root servers back
Matt Larson wrote:
Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is
being added now. We have prepared a white paper
- Original Message -
From: Patrick W. Gilmore [EMAIL PROTECTED]
Date: Monday, September 15, 2003 7:34 pm
Subject: Re: What *are* they smoking?
No, it accepts if the from domain exists - but only if it *REALLY*
exists.
Anyone want to guess what happens to all those from addresses
On Mon, 15 Sep 2003, Chris Adams wrote:
It appears that the most reliable way to detect a wildcard response for
'somedomain.tld' is to query for '*.tld'; if the results match, then
'somedomain.tld' doesn't really exist.
Just make up a number of fake domains and resolve them. If they return
The information provided through the VeriSign Services is not
necessarily complete and may be supplied by VeriSign's commericial
licensors, advertisers or others.
There's something immoral about *shoving it down our throats*, then,
VeriSign.
apl
Adam 'Starblazer' Romberg wrote:
Can they
On Tue, 16 Sep 2003, Johnny Eriksson wrote:
idea for next virus: after reproducing itself, construct a random domain
name ending in .net and ddos it at a low rate for a day or so. if the
faked up domain is someones real one, you get a small number of packets
to that domain. if a large
On Mon, 15 Sep 2003 17:29:43 -0700
Roy [EMAIL PROTECTED] wrote:
It looks like it broke. Your web server (64.94.110.11) is inoperative.
How about backing out the change
Chances are your ISP has null-routed that IP address. Two of the larger
ISPs in my area (Ontario, Canada) have, as
On Mon, 15 Sep 2003 17:45:26 -0700
Fred Baker [EMAIL PROTECTED] wrote:
At 04:18 PM 9/15/2003, Jeroen Massar wrote:
Even worse of this is that you can't verify domain names under .net
any more for 'existence' as every .net domain suddenly has a A record
and then can be used for spamming...
I abandoned them a long time ago, but the big question is, how
can we get rid of them as root servers operators? Sounds like
time to push for more independent servers, and a truly separate
company to handle the root server portion of .com/.net. They
could still exist as a registrar, but with
It's bad enough now; it could be even worse. They could respond on
port 443, too, with a legitimate-seeming certificate -- they're
*Verisign*, the leading certficate authority.
In the security world, we call this a man- (or monkey-)in-the-middle
attack, for which the standard defense is
So then now instead of mail to misspelled domains, instead of
bouncing, now goes to /dev/null and you have no idea that your
critically important piece of information didn't get through?
Neat.
On Mon, Sep 15, 2003 at 08:17:43PM -0500, netmask wrote:
- Original Message -
From:
On Mon, 15 Sep 2003, Jared Mauch wrote:
I also typed a bit too quickly.
I'm guessing due to the uprising they've pulled this.
I was just going to call the dept of commerce tomorrow and
file a complaint myself. perhaps I still will.
It appears GTLD servers A-D are
i'm not sure if it could be cached, but i still see verisign pretending
to 0wn the net...
as is usually suggested on this list, do your talking with your money,
pull your zones from verisign, and never do business with them again,
file complaints with all relevant state and federal authorities,
In other news, Verisign has a press release on their website announcing
something called Next Registration Rights Service, where you can place
an order to have somebody else's domain transferred to you if they ever
don't pay their bill. The press release goes on to say that this is a
On Mon, 15 Sep 2003, Alex Lambert wrote:
The information provided through the VeriSign Services is not
necessarily complete and may be supplied by VeriSign's commericial
licensors, advertisers or others.
There's something immoral about *shoving it down our throats*, then,
VeriSign.
Nice
On Mon, 15 Sep 2003, George William Herbert wrote:
Did it occur to Verisign that perhaps this needed some external policy
and technical review before you just went ahead and did this?
I wouldn't be surprised if the real motivation is to get the attention of
(at least the US) government and
On Mon, 15 Sep 2003 17:29:43 -0700
Roy [EMAIL PROTECTED] wrote:
It looks like it broke. Your web server (64.94.110.11) is inoperative.
How about backing out the change
Chances are your ISP has null-routed that IP address. Two of the larger
ISPs in my area (Ontario, Canada) have, as
Sorry for the double-post folks, I got a bounce and didn't look closely
at it.
If somebody could check the subscriber list for an address that might
result in [EMAIL PROTECTED] filtering really innocent emails (I know
this has happened to others too), and contacting the owner, that would
be
There was an article, easily overlooked, in the NY Times this
morning. Link below. (free, registration required.)
http://www.nytimes.com/2003/09/15/technology/15MISS.html
This action does call into question Verisign's ability
to operate with public, nee international, infrastructure
interests.
Yep, and it'll be coming soon to .com. All your typo domain are belong
to Verisign.
Ever get tempted to have a 'wet ops' NANOG team?
On Mon, 15 Sep 2003 19:24:29 -0400, Matt Larson wrote:
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is
being added now. We have prepared a white paper describing VeriSign's
wildcard implementation, which is available here:
On Mon, 15 Sep 2003, George William Herbert wrote:
This is sufficiently technically and business slimy that
I would null-route that IP, personally.
Or direct it to a local server and collect the profit yourself.
Speaking on Deep Background, the Press Secretary whispered:
I abandoned them a long time ago, but the big question is, how
can we get rid of them as root servers operators? Sounds like
time to push for more independent servers, and a truly separate
company to handle the root server
A couple things come to mind --
1) Does this increase the RAM needed on a caching resolver? I.e. does it take
more RAM to cache the 15-minute positive reply, than an NXDOMAIN negative
reply?
2) In the bestpractices.pdf file, it states the following:
A response server should be configured to
Patrick W. Gilmore wrote:
-- On Tuesday, September 16, 2003 00:56 +0200
-- Niels Bakker [EMAIL PROTECTED] supposedly wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net
does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11
11.110.94.64.IN-ADDR.ARPA domain
Was playing with a test box here at home. Installed SpamAssassian from a
newely cvsup'd ports tree on a FreeBSD box, and was surprised to see
messages getting marked as received in blacklists that no longer exist.
Most noteably ORBS. Since this was a fresh Install I hadn't gone
through and
Okay, it's late and I've only spent about an hour on this, but I've
whipped up a quick piece examining this whole mess from VeriSign. I've
only *brushed* the surface of the issues that this presents and it's
already a pretty long piece already.
Questions, comments to me. Send your concerns
On Mon, 15 Sep 2003, Matt Larson wrote:
Today VeriSign is adding a wildcard A record to the .com and .net
zones.
The Web Proxy Auto-discovery Protocol (WPAD) is another reason to
fear and loathe this change. If your host has a bogus name and
makes a WPAD request, they can send your
PWG Date: Mon, 15 Sep 2003 19:40:33 -0400
PWG From: Patrick W. Gilmore
PWG Anyone wanna patch BIND such that replies of that IP addy
PWG are replaced with NXDOMAIN? That solves the web site and
PWG the spam problem, and all others, all at once.
I'd actually go for keeping the A RR for
On Tue, Sep 16, 2003 at 05:32:50AM +, E.B. Dreger wrote:
Until then, I guess it's time to null route and check for
circumvention. Is AS30060 used for anything legitimate?
we've burned a AS for this, ICK
based on the ASNAME, its seems a nice little route-map
/dev/null will be real easy.
EBD Date: Tue, 16 Sep 2003 05:32:50 + (GMT)
EBD From: E.B. Dreger
EBD I'd actually go for keeping the A RR for '*.net.' and
EBD '*.com.' in an authoritative NS's cache. If any other A RR
s,authoritative,resolver,
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth,
86 matches
Mail list logo