[Dshield] spam - dns - Verisign

Shawn Berg shawn at saeweb.com
Tue Sep 16 17:08:46 GMT 2003


One big problem I have with this is that personally I do not trust NetSol at
all seeing the scams they tried to pull back in the day, not releasing
domain names that expired years after their expiration, selling domains
names registered through them that had expired, etc. Now they are going to
be able to use this to monopolize the whole domain market. They will easily
be able to pull reports to see the most accessed domain name that doesn't
exist, and register it themselves for their own use, etc. I just think that
somebody should be stepping in here to stop this. Maybe it's just me. Who
knows.

Shawn

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Jon R. Kibler
Sent: Tuesday, September 16, 2003 12:07 PM
To: General DShield Discussion List
Subject: Re: [Dshield] spam - dns - Verisign


Shawn Berg wrote:
>
> What is the purpose of Verisign doing this? Do they want to hi-jack all
web
> traffic for unregistered domains so it goes to a page on their site where
> you can register? Sounds like they are up to something a little sneaky. I
> don't see much reason to resolve domain names that haven't been registered
> or that are expired, on hold, etc. Anyone else?
>
> Shawn
>

According to Verisign's documentation, this is a new "service" that: "Before
this service was implemented, when a user entered a URL containing a
nonexistent (e.g. unregistered) domain name ending in .com or .net, his or
her web browser returned an error message that contained no useful
information. With the rollout of Site Finder, in the same situation users
now receive a helpful web page offering links to possible intended
destinations and allowing an Internet search."

(GAG!!)

They also, admit that they are monitoring this activity, and their
statements lead me to the conclusion that they are collecting data for some
marketing purpose.

A temporary work-around to this problem: Block all traffic to/from IP
64.94.110.11. This will prevent accessing the Verisign web page and sending
mail to their mail server.

What is REALLY needed is for ISC to implement a patch to BIND that returns
NXDOMAIN whenever a wildcard A record response is returned.

Also, complaining to ICANN wouldn't hurt -- don't know if it would help
much, but "the squeaky wheel gets the grease."

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA





==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 9/1/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 9/1/2003




More information about the list mailing list