Re: [expert] Verisign hijacks .com and .net DNS space
On 20 Sep 2003 08:55:29 -0700 Jack Coates <[EMAIL PROTECTED]> uttered: > you did catch that the site is XSS vulnerable too, right? Look at the > /. discussion thread. Caution advised for the easily offended though, > one example adds "hi mom" and the other example adds the picture from > goatse.cx :-/ ya, I saw that, pretty pathetic when a site is vulnerable to such an old trick. -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ A lot of people I know believe in positive thinking, and so do I. I believe everything positively stinks. -- Lew Col Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Sat, 2003-09-20 at 07:53, HaywireMac wrote: > On Thu, 18 Sep 2003 01:41:09 -0700 > James Sparenberg <[EMAIL PROTECTED]> uttered: > > > > they're screwed anyway... > > > > > > http://www.wired.com/news/technology/0,1282,60473,00.html > > > > > > Muahahahahahahahahahaha! > > > > > > The Slashdot effect... :-D > > > > > > Can you say SWEEET! > > it gets better/worse: > > http://securityfocus.com/news/7009 > > Quote: > > "On Wednesday, Boston-based Internet security and privacy consultant > Richard Smith found buried in the SiteFinder page a so-called "Web bug," > an invisible image file delivering a cookie that doesn't expire for five > years. > > This certainly means the culling of some information, said Smith. > "They're getting a sense of what domain names are mistyped, and perhaps > this can be used by a domain name sales company. In addition, Overture > is a pay for click search engine, with questionable affiliates." you did catch that the site is XSS vulnerable too, right? Look at the /. discussion thread. Caution advised for the easily offended though, one example adds "hi mom" and the other example adds the picture from goatse.cx :-/ -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Thu, 18 Sep 2003 01:41:09 -0700 James Sparenberg <[EMAIL PROTECTED]> uttered: > > they're screwed anyway... > > > > http://www.wired.com/news/technology/0,1282,60473,00.html > > > > Muahahahahahahahahahaha! > > > > The Slashdot effect... :-D > > > Can you say SWEEET! it gets better/worse: http://securityfocus.com/news/7009 Quote: "On Wednesday, Boston-based Internet security and privacy consultant Richard Smith found buried in the SiteFinder page a so-called "Web bug," an invisible image file delivering a cookie that doesn't expire for five years. This certainly means the culling of some information, said Smith. "They're getting a sense of what domain names are mistyped, and perhaps this can be used by a domain name sales company. In addition, Overture is a pay for click search engine, with questionable affiliates." -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ The most costly of all follies is to believe passionately in the palpably not true. It is the chief occupation of mankind. -- H.L. Mencken Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Fri, 2003-09-19 at 03:41, HaywireMac wrote: > On Thu, 18 Sep 2003 01:41:09 -0700 > James Sparenberg <[EMAIL PROTECTED]> uttered: > > > Can you say SWEEET! > > Can you say "get a good lawyer"? ROTFLMAO! > > http://slashdot.org/article.pl?sid=03/09/19/039214 > > whoever at Verisign came up with this sitefinder idea must be swimming > in in it right now... :-D nah at verisign I bet he/she got a raise. James. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Thu, 18 Sep 2003 01:41:09 -0700 James Sparenberg <[EMAIL PROTECTED]> uttered: > Can you say SWEEET! Can you say "get a good lawyer"? ROTFLMAO! http://slashdot.org/article.pl?sid=03/09/19/039214 whoever at Verisign came up with this sitefinder idea must be swimming in in it right now... :-D -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ Do not take life too seriously; you will never get out of it alive. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Wed, 2003-09-17 at 14:46, HaywireMac wrote: > On Tue, 16 Sep 2003 15:57:15 +0100 > "Chris Slater-Walker" <[EMAIL PROTECTED]> uttered: > > > Has anyone else heard about this? Read it and boycott them! > > > > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&ti > > d=99 > > they're screwed anyway... > > http://www.wired.com/news/technology/0,1282,60473,00.html > > Muahahahahahahahahahaha! > > The Slashdot effect... :-D Can you say SWEEET! James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Tue, 16 Sep 2003 15:57:15 +0100 "Chris Slater-Walker" <[EMAIL PROTECTED]> uttered: > Has anyone else heard about this? Read it and boycott them! > > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&ti > d=99 they're screwed anyway... http://www.wired.com/news/technology/0,1282,60473,00.html Muahahahahahahahahahaha! The Slashdot effect... :-D -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ Death is God's way of telling you not to be such a wise guy. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
> Oh and it seems that Outlook is really affected by this. One of our > people sent an e-mail to 8 of us. One e-mail addy was mistyped. Yep > you guessed it every 5 minutes or so it kept resending the e-mail > because the Verisign site didn't return an error properly. It didn't > stop sending until he turned off his laptop. (not knowing what it was > doing.) and as a result we all got 35+ copies of the mail. Hey, someone on outlook should send a mail to a bad address and to the troublesome sms address! -- Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Wed, 2003-09-17 at 00:00, James Sparenberg wrote: > On Tue, 2003-09-16 at 21:25, Jack Coates wrote: > > http://www.monkeynoodle.org/comp/verisign > > > > On Tue, 2003-09-16 at 19:12, Jack Coates wrote: > > > Just finished doing a four-page write up of it for work, I'll be > > > de-working it and putting it on monkeynoodle.org as time permits. > > ... > > Jack, > >Thanks for posting this. It saved me a bunch of work on trying to > explain this to a lot of people at work. > > Oh and it seems that Outlook is really affected by this. One of our > people sent an e-mail to 8 of us. One e-mail addy was mistyped. Yep > you guessed it every 5 minutes or so it kept resending the e-mail > because the Verisign site didn't return an error properly. It didn't > stop sending until he turned off his laptop. (not knowing what it was > doing.) and as a result we all got 35+ copies of the mail. Now take > this times the number of Outlook users (and similarly affect e-mail > clients) and you've got the perfect DDoS attack, guaranteed to take down > the net. (IMHO) > > James > Yikes! It's been about a year since I've used Outlook and then it was in corporate mode, I forgot that little "feature". -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Wed, 2003-09-17 at 01:54, HaywireMac wrote: > On 16 Sep 2003 19:12:22 -0700 > Jack Coates <[EMAIL PROTECTED]> uttered: > > > Just finished doing a four-page write up of it for work, I'll be > > de-working it and putting it on monkeynoodle.org as time permits. > > In your (very well done) exposition, you point out that: > > "The most effective and flexible method of mitigation is using a > firewall to block access to the address 64.94.110.11" > > How can I do this on my firewall? I have a configuration dialogue which > is called access control. I sent a screenshot to the list yesterday, but > I never saw it show up ( a link, not an attachment ). > > Is this where I wanna be? > > http://www.orderinchaos.org/router.png > > Thanks. I'm not familiar with that one, but yes. Change the action from ACCEPT to REJECT, put the Verisign IP in the Destination box, and click Insert. Presumably leaving the ports box blank means match all ports. -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On 16 Sep 2003 19:12:22 -0700 Jack Coates <[EMAIL PROTECTED]> uttered: > Just finished doing a four-page write up of it for work, I'll be > de-working it and putting it on monkeynoodle.org as time permits. In your (very well done) exposition, you point out that: "The most effective and flexible method of mitigation is using a firewall to block access to the address 64.94.110.11" How can I do this on my firewall? I have a configuration dialogue which is called access control. I sent a screenshot to the list yesterday, but I never saw it show up ( a link, not an attachment ). Is this where I wanna be? http://www.orderinchaos.org/router.png Thanks. -- HaywireMac Registered Linux user #282046 Homepage: www.orderinchaos.org ++ Mandrake HowTo's & More: http://twiki.mdklinuxfaq.org ++ "I gained nothing at all from Supreme Enlightenment, and for that very reason it is called Supreme Enlightenment." -- Gotama Buddha Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On Tue, 2003-09-16 at 21:25, Jack Coates wrote: > http://www.monkeynoodle.org/comp/verisign > > On Tue, 2003-09-16 at 19:12, Jack Coates wrote: > > Just finished doing a four-page write up of it for work, I'll be > > de-working it and putting it on monkeynoodle.org as time permits. > ... Jack, Thanks for posting this. It saved me a bunch of work on trying to explain this to a lot of people at work. Oh and it seems that Outlook is really affected by this. One of our people sent an e-mail to 8 of us. One e-mail addy was mistyped. Yep you guessed it every 5 minutes or so it kept resending the e-mail because the Verisign site didn't return an error properly. It didn't stop sending until he turned off his laptop. (not knowing what it was doing.) and as a result we all got 35+ copies of the mail. Now take this times the number of Outlook users (and similarly affect e-mail clients) and you've got the perfect DDoS attack, guaranteed to take down the net. (IMHO) James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
On September 16, 2003 09:25 pm, Jack Coates wrote: > http://www.monkeynoodle.org/comp/verisign > > On Tue, 2003-09-16 at 19:12, Jack Coates wrote: > > Just finished doing a four-page write up of it for work, I'll be > > de-working it and putting it on monkeynoodle.org as time permits. > > ... Gee, they seem to have opened up an entire can of very messy worns here. I wonder where else than slashdot or the IAB that the flames are lighting brightly tonight? ttfn John Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[Fwd: Re: [expert] Verisign hijacks .com and .net DNS space]
Chris please turn off your reply to... thanks. -Forwarded Message- > From: James Sparenberg <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [expert] Verisign hijacks .com and .net DNS space > Date: Tue, 16 Sep 2003 22:06:25 -0700 > > On Tue, 2003-09-16 at 07:57, Chris Slater-Walker wrote: > > Has anyone else heard about this? Read it and boycott them! > > > > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&ti > > d=99 > > > > > > Chris Slater-Walker > > > > BA CCDA CCNP CCSP > > Senior Network Designer > > Not to disagree, They have us by the cahony's here. How could we > boycott them. They are as big (or bigger) a Monopoly as M$ or $BC. > > However on a side note. I can't make this happen. > > > > > > > > > > __ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
http://www.monkeynoodle.org/comp/verisign On Tue, 2003-09-16 at 19:12, Jack Coates wrote: > Just finished doing a four-page write up of it for work, I'll be > de-working it and putting it on monkeynoodle.org as time permits. ... -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Verisign hijacks .com and .net DNS space
Just finished doing a four-page write up of it for work, I'll be de-working it and putting it on monkeynoodle.org as time permits. BTW: http://www.monkeynoodle.org/comp/reply-to On Tue, 2003-09-16 at 07:57, Chris Slater-Walker wrote: > Has anyone else heard about this? Read it and boycott them! > > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&ti > d=99 > > > Chris Slater-Walker > > BA CCDA CCNP CCSP > Senior Network Designer > > > > > __ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [expert] Verisign hijacks .com and .net DNS space
-Original Message- From: HaywireMac [mailto:[EMAIL PROTECTED] Sent: 16 September 2003 20:56 To: [EMAIL PROTECTED] Subject: Re: [expert] Verisign hijacks .com and .net DNS space On Tue, 16 Sep 2003 15:57:15 +0100 "Chris Slater-Walker" <[EMAIL PROTECTED]> uttered: > Has anyone else heard about this? Read it and boycott them! Or just fuck 'em. There are a couple of recommendations from Slashdot posters on how to defeat this. One is: " I just added the line: route add 64.94.110.11 reject to my /etc/rc.d/rc.local file. That ought to do it." another mentions: "if you have a REAL router (or a DSL router even) you should be able to null-route that IP. Or actually, you might even be able to convince your ISP to do it with a short, friendly letter to the admin." I would like to do that on my router/NAT, but I'm not sure what he means by "null-route"...I have an option for "access control" on there, but I am not sure if this is what it is for: http://www.orderinchaos.org/router.png what would be the easiest way to do this? == "Null routing" means sending packets with a given destination to a black hole, where they just disappear. On a Cisco router this would look like: ip route 64.94.110.11 255.255.255.255 null 0 So just as, when sending *nix output to /dev/null, it goes nowhere, routing to null also leads to nowhere. Chris Slater-Walker BA CCDA CCNP CCSP Senior network designer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com