[Dshield] Re: Verisign abusing .COM/.NET monopoly, BIND releases new

Doug White doug at clickdoug.com
Wed Sep 17 23:26:21 GMT 2003


It could be the wholesale move of domains away from them that may have gotten
their attention.

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "D. Ian Miller" <miller at ucalgary.ca>
To: "Jose Nazario" <jose at monkey.org>
Cc: <full-disclosure at lists.netsys.com>; "Thor Larholm" <thor at pivx.com>;
"NTBugtraq" <NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>; <bugtraq at securityfocus.com>;
<list at dshield.org>
Sent: Wednesday, September 17, 2003 5:44 PM
Subject: [Dshield] Re: Verisign abusing .COM/.NET monopoly, BIND releases new


| FYI ... looks like Verisign has pulled the wildcard A record as we have
| not patched but invalid domain searches no longer go to verisign ...
| sitefinder-idn.verisign.com is no longer responding to queries ... maybe
| someone got the message ... wonder how they will explain this one ...
|
| Jose Nazario wrote:
|
| >a number of options exist to help you remedy this issue:
| >
| > - bind 9.2.3rc2 supports "delegation-only", stopping some
| >   wildcard implementations from making any difference
| >
| >if you simply want to stop traffic getting there (they are running a
| >website and a partially functional MTA on that IP):
| >
| > - you can BGP null route this
| >   http://www.merit.edu/mail.archives/nanog/msg13715.html
| >
| > - cisco's NBAR functionality may be used to detect and block those
| >   reply packets from coming in by looking for the response from
| >   the nameservers.
|
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121lim
it/121e/121e2/nbar2e.htm
| >
| >note that this wont stop the query from reaching verisign, it will just
| >stop you from going to that IP. however, for some enforcing network
| >privacy concerns, that may be worthwhile.
| >
| >hope this helps,
| >
| >___________________________
| >jose nazario, ph.d. jose at monkey.org
| > http://monkey.org/~jose/
| >
| >
| >
|
| -- 
| =======================================
| D. Ian Miller                      }8-)
| Systems Analyst
| Information Technologies
| University of Calgary
| W: 403.220.8643
| M: 403.605.9856
|
|
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|




More information about the list mailing list