[Dshield] NAV problems question

Paul Marsh pmarsh at nmefdn.org
Thu Jan 8 21:52:28 GMT 2004


Below is an explanation as to why NAV was/is having issues today.  Can
some one please enlighten me as to why NAV would be having a problem
because of Verisign Cert.  I'm having problems on 4 out of 25
workstations, when you launch and office app it hangs but finally loads.
On the same workstation when I launch Sys. Works2k4 it hangs but finally
loads.  All other workstations are running fine no problem.  Maybe I'm
just missing the boat but I don't get how a cert. has anything to do
with it.

Thanx, Paul 

Verisign Certificate Expiration linked to Symantec AV issue 

Today, a Verisign root certificate included with Internet Explorer
expired. As a result, Verisign's certificate revocation list server was
not able to handle all the requests from clients attempting to contact
it as a result of the expiration. 

Verisign, apparently to lower the load on its server, now resolves this
server to non-routable 10/8 IP addresses 50% of the time. 

Some applications, most notably Norton Antivirus, use this server to
verify certificates. In the case of Norton Antivirus, it is used to
verify its signature file. 

As 50% of the time, users will not be able to contact Verisigns
certificate revocation list, Norton Antivirus will stall. 

Workarounds: 

Verisign set the TTL of its DNS records rather short. So if you try
after one minute again, you will likely get a valid IP address. If this
is not an option, edit your hosts file and insert one of these IPs for
'crl.verisign.net': 198.49.161.200, 198.49.161.205, 198.49.161.206,
64.94.110.11. 

However, this is not recommended as a long term solution, as these IPs
may change at any time.




More information about the list mailing list