[Dshield] spam - dns - Verisign

Shawn Berg shawn at saeweb.com
Tue Sep 16 14:48:11 GMT 2003


What is the purpose of Verisign doing this? Do they want to hi-jack all web
traffic for unregistered domains so it goes to a page on their site where
you can register? Sounds like they are up to something a little sneaky. I
don't see much reason to resolve domain names that haven't been registered
or that are expired, on hold, etc. Anyone else?

Shawn

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Johannes B. Ullrich
Sent: Tuesday, September 16, 2003 7:48 AM
To: list at dshield.org
Subject: [Dshield] spam - dns - Verisign



  A new 'twist' to spam filters: Starting this week, Verisign (aka
Network Solutions) is setting up its root DNS servers (.net and .com) to
resolve all domain names. All non existing domain names will point to a
Verisign page.

  So if you are using any check to see if the origin domain exists, it
will never trigger.





--
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 9/1/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 9/1/2003




More information about the list mailing list