Re: Verisign vs. ICANN
Title: Re: Verisign vs. ICANN Stephen J. Wilcox (SJW) wrote: SJW I do not believe there is any technical spec prohibiting this, SJW in fact that DNS can use a wildcard at any level is what enables SJW the facility. It is not always the case that everything a spec defines, is included or enumerated in the spec, particularly when specs refer to other specs and it is the combination(s) of specs which define proper behaviour. (If every protocol which was built on TCP, had to also include the contents of the TCP spec, the whole RFC system would quicly collapse under its own weight.) SJW I think this is a non-technical argument.. SJW altho it was demonstrated that owing to the age and status of the com/net SJW zones a number of systems are now in operation which make SJW assumptions about the response in the event of the domain not existing... If it were merely an *internal* issue *within* the DNS system, perhaps there would be areas of disagreement which could be settled via either extending, or clarifying, the relevant RFCs. However, the issue is, to some degree, actually outside of the proper scope of the DNS lookup/resolver system. (see below...) On Sat, 19 Jun 2004, Alexei Roudnev (AR) wrote: AR The technical roots of the problem are: proposed services VIOLATES AR internet specification (which is 100% clean - if name do not exist, AR resolver must receive negative response). AR So, technically, there is not any ground for SiteFinder - vice versa To make Alexei's argument's syntax agree with the intended semantics: He means to say, Technically, there is no grounds for implementing SiteFinder by means of inserting wildcards to the .com and .net zones. Rather, there are specific grounds for *not* inserting wildcards, regardless of the purpose of those wildcards, in .net and .com zones. (E.g.: in contrast with .museum zone, which is generally special-purpose, and for which assumptions about which services are expected (www only) are reasonable and valid, the .com and .net zone are general-purpose, and pretty much any service, including all assigned values for TCP and UDP ports from the IANA, should and must be presumed to be used across the collection of IPv4 space.) The crux of the problem appears in a particular case, for which *no* workaround exists, and for which no workaround *can* exist, from a straight derivational logic of state-machine origins. The DNS *resolver* system, is only one of the places where the global namespaces is *implemented*. Any assigned DNS name *may* be placed into the DNS. And *only* the owner of that name has authority to register that name, or cause its value to return from any query. An assigned name, however, can *also*, or even *instead* of being placed into the DNS *resolver* system, be put into other systems for resolving and returning name-address mappings. These include: the predecessor to BIND, which is the archaic /etc/hosts file(s) on systems; Sun's NIS or NIS+ systems (local to any NIS/NIS+ domain space); LDAP and similar systems; X.500 (if this is by any chance distinct from LDAP - I'm no expert on either); and any other arbitrary system for implementing name-address lookups. And the primary reason for *REQUIRING* NXDOMAIN results in DNS, is that in any host system which queries multiple sources, only a negative response on a lookup will allow the search to continue to the next system in the search order. Implementing root-zone wildcards, places restrictions on both search-order, and content population, of respective name-resolution systems, which violates any combination of RFCs and best-common practices. And, most importantly, *cannot* be worked around, *period*. Until the RFCs are extended to permit population of zones with authoritative *negative* information, and all the servers and resolvers implement support for such, *and* operators of root zone databases automatically populate assigned zones with such negative values, wildcards *will* break, in unreconcileable fashion, existing, deployed systems which refer to multiple implementations of zone information services, and for which *no* workaround is possible. Apologies for a long, semi-on-topic post. Hopefully this will end this thread, and maybe even put a stake through the heart of the VeriSign filing (at least this version of it). While the law generally doesn't recognize mathematically excluded things as a matter of law, when it comes to affirmative testimony, counter-arguments can demonstrably be shown as de-facto purgury (sp?). Brian Dickson (who has had to deploy systems in heterogeneous environments, and is aware of deployed systems that broke because of *.com)
Re: [Fwd: [IP] Feds: VoIP a potential haven for terrorists]
On Fri, Jun 18, 2004 at 06:48:06PM +0530, Suresh Ramasubramanian wrote: WASHINGTON--The U.S. Department of Justice on Wednesday lashed out at Internet telephony, saying the fast-growing technology could foster drug trafficking, organized crime and terrorism. But the change is real. I don't think anybody would argue now that the Internet isn't becoming a major factor in our lives. However, it's very new to us. Newsreaders still feel it is worth a special and rather worrying mention if, for instance, a crime was planned by people over the Internet. They don't bother to mention when criminals use the telephone or the M4, or discuss their dastardly plans over a cup of tea, though each of these was new and controversial in their day. --- Douglas Adams, 1999 --- complete Article at http://www.douglasadams.com/dna/19990901-00-a.html
Re: what's going on with yahoo and gmail lately?
A question out of focusing, who know when Google will open Gmail to public? Why wait for Gmail when you can get max 10M messages and 1G total from rediff.com ? how american of us. i doubt there uas been 1G of *real content* in my email for the last two decades. randy
Re: what's going on with yahoo and gmail lately?
--On 21 June 2004 10:43 -0400 Randy Bush [EMAIL PROTECTED] wrote: Why wait for Gmail when you can get max 10M messages and 1G total from rediff.com ? how american of us. i doubt there uas been 1G of *real content* in my email for the last two decades. I'm trying to work out whether in the last two decades I've ever received a non-local email smaller than 100 bytes. Even your gnomic insights exceed this with headers. Alex
Re: what's going on with yahoo and gmail lately?
On Mon, 2004-06-21 at 16:43, Randy Bush wrote: A question out of focusing, who know when Google will open Gmail to public? Why wait for Gmail when you can get max 10M messages and 1G total from rediff.com ? how american of us. i doubt there uas been 1G of *real content* in my email for the last two decades. How else can you build up the largest spam folder in the world, harddisks are so extremely expensive today. I really wonder what the use for these freemail things is actually. Except for the 'I can be mostly anonymous' part. As one isn't paying, when the service goes down or crashes or deletes your mail or whatever, there is nothing to demand that you get your 1 Gigabyte of email back. I rather pay for a service and know that my email is in good hands and also is backupped correctly and works(tm). The argument for 'I need more than one address' isn't doable either as most ISP's will give one a zillion aliases if one requests them. Then again those are usually with a ~20mb max and that is on the small side. Also on the '1G in 20 years' front, remember that many people think that using images (BMP's ;) and HTML and crap is 'email' while they are actually sending websites over SMTP... Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
John, While I agree that not many domestic (or EU) vendors will offer services contrary to the law in this area, do you truly believe this won't simply cause companies that really want to make money in this market to move to places where the laws are less difficult? Afterall, I can get pretty good fiber connectivity in Malaysia or other parts of Asia/SoPac without really needing to worry much about any sort of LI procedures. As long as the company offering the services does so via a web site and can collect on credit card billings (even if they have to keep rotating shell companies that do the billings), money can be made without dealing with US regulations. Frankly, the harder DOJ works on pushing this LI crap down our throats, the more damage they will do to US internet industry and consequently the more job-loss they will create. Terrorists that are sophisticated enough to be a real threat already know how to: 1. Cope with lawful intercept through disinformation and other tactics. 2. Encrypt the communications (voice or otherwise) that they don't want intercepted -- It's just not that hard any more. I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around. Owen --On Sunday, June 20, 2004 09:43:32 PM -0400 John Curran [EMAIL PROTECTED] wrote: At 8:20 PM -0400 6/20/04, John Todd wrote: I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods. JT - It's not just the US Goverment with interest in this matter. Lawful Intercept has basis in both EU directives and laws of many member states. The last RIPE meeting had a very good presentation by Jaya Baloo on this particular topic, and I'll note that describes an ETSI framework for a lot more than just facilitating VoIP intercept: http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi. pdf As I noted earlier, the coming reality of abundant, ad-hoc, encrypted, p2p communication is going to eventually make efforts to facilitate just VoIP intercept seem quaint, unless we all recognize that only most obtuse criminal will be likely to have their communications uncovered in this manner. There's likely to be disagreement on how far away that day is; based on different views of technology availability and criminal behavior. As long as facilitating lawful intercept has a reasonable cost and perceived benefit tradeoff, there will be significant pressure to come up with viable architectures for deployment. In the US, this may take the direction of simply facilitation of VoIP intercept, or could be something more inclusive such as the architecture as outlined by ETSI for mail, transport headers, and entire packet streams. Finally, it is not simply through tax or regulatory measures that governments can seek compliance. Not many firms are going to offer services contrary to law in this area if the consequences are defined as criminal violations, since most corporate officers dislike the potential consequences. /John
Re: what's going on with yahoo and gmail lately?
Randy Bush [EMAIL PROTECTED] wrote: [...] how american of us. i doubt there uas been 1G of *real content* in my email for the last two decades. I never delete real mail. Slightly over one decade is approaching about 700MB of mail. I'd have expected you to have a much larger mail volume than myself, so 1GB in two decades should be easy. -- In an expanding universe, time is on the side of the outcast. Those who once inhabited the suburbs of human contempt find that without changing their address they eventually live in the metropolis. - Quentin Crisp
Re: what's going on with yahoo and gmail lately?
On 2004-06-21, Randy Bush [EMAIL PROTECTED] wrote: A question out of focusing, who know when Google will open Gmail to public? Why wait for Gmail when you can get max 10M messages and 1G total from rediff.com ? how american of us. i doubt there uas been 1G of *real content* in my email for the last two decades. Reminds me of that (apocryphal) Bill Gates quote about how 640K RAM ought to be enough for anyone. If people still only sent email with SNDMSG or even /bin/mail there wouldn't be all this need for six MB mailboxes, let alone 1 GB. Given increasing mailbox size, I'm sure it won't take a genius to find out how to stretch MIME to its limits wrt just how much active and multimedia rich content can be crammed into an email. srs
Re: what's going on with yahoo and gmail lately?
Why wait for Gmail when you can get max 10M messages and 1G total from rediff.com ? how american of us. i doubt there uas been 1G of *real content* in my email for the last two decades. Given increasing mailbox size, I'm sure it won't take a genius to find out how to stretch MIME to its limits wrt just how much active and multimedia rich content can be crammed into an email. it is easy to generate a lot of bytes. it is hard to generate content. this list is a rekknown example. randy
Re: what's going on with yahoo and gmail lately?
In a message written on Mon, Jun 21, 2004 at 11:33:59AM -0400, Randy Bush wrote: it is easy to generate a lot of bytes. it is hard to generate content. this list is a rekknown example. Content is in the eye of the viewer. While you may have no use for a spiffy new camera phone, and e-mailing video clips to each other a teenager might value having an e-mail account not provided by their parents where friends can send all the video clips they want without running out of disk space. Just because you use a text e-mail client and don't like your e-mail HTML formatted with 250kb JPEG's as signatures doesn't make you part of the majority (at least, of e-mail users). Sadly, far too many people want to send an HTML formatted message, with embedded company logos and graphical signatures attaching videos, or various Microsoft Office formatted documents (if you want to give it a business spin). To the users, that is all content. To you it is likely bloat. I know many corporate e-mail users (eg, account execs, sending flashy proposals) who would blow through a gigabyte of e-mail in under a month. While I never want such trash to appear in my e-mail box, as a provider of network services I take great pleasure that people want to do that to their e-mail, because in the end it is more bits moving across my network. If google helps people send bigger e-mails, with more attachments and more graphics and so on good for them! More bits for all of us to bill. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgp3mtp61M9Jq.pgp Description: PGP signature
Interesting Occurrence
Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Regards, Brent
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
At 8:04 AM -0700 6/21/04, Owen DeLong wrote: John, While I agree that not many domestic (or EU) vendors will offer services contrary to the law in this area, do you truly believe this won't simply cause companies that really want to make money in this market to move to places where the laws are less difficult? Afterall, I can get pretty good fiber connectivity in Malaysia or other parts of Asia/SoPac without really needing to worry much about any sort of LI procedures. As long as the company offering the services does so via a web site and can collect on credit card billings (even if they have to keep rotating shell companies that do the billings), money can be made without dealing with US regulations. With respect to enforcement, I am sure there are ways to prevent being caught involving amusing offshore logistics, but that will still prevent the vast majority of US businesses from offering non-2281 compliant services. Frankly, the harder DOJ works on pushing this LI crap down our throats, the more damage they will do to US internet industry and consequently the more job-loss they will create. Terrorists that are sophisticated enough to be a real threat already know how to: 1. Cope with lawful intercept through disinformation and other tactics. 2. Encrypt the communications (voice or otherwise) that they don't want intercepted -- It's just not that hard any more. I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around. I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings). /John
RE: Interesting Occurrence
Title: Message That almost looks like one of the dummy user accounts that gets added as part of IIS. I see a couple of these on one win2k server that I maintain: "IWAM_hostname" (Launch IIS Process Account) "IUSER_hostname" (Internet Guest Account) Luke -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Monday, June 21, 2004 1:45 PMTo: [EMAIL PROTECTED]Subject: Interesting Occurrence Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Regards, Brent
Re: Interesting Occurrence
On Mon, Jun 21, 2004 at 12:44:50PM -0500, [EMAIL PROTECTED] wrote: Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Dare I ask, what part of North American Network Operators Group made you think that this could POSSIBLY be on-topic or of interest to anyone here? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Interesting Occurrence
Yes, the XP version. I already chastised him for that faux pax. He replied that the guy who sold him the satellite system said it would be adequate. I offered to go find the guy and Ummm... rectify the situation. ;-) Brent Jeff Shultz [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 06/21/2004 01:55 PM Please respond to Jeff Shultz To:[EMAIL PROTECTED] cc: Subject:Re: Interesting Occurrence ** Reply to message from [EMAIL PROTECTED] on Mon, 21 Jun 2004 12:44:50 -0500 Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Regards, Brent Out of curiosity, was he running any sort of (including the XP one) of firewall software? -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
RE: Interesting Occurrence
you sent html as opposed to an email message. as i do not use a web browser to read mail, i can not read your message. if you want me to read your email, send email. randy !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META HTTP-EQUIV=Content-Type CONTENT=text/html; charset=us-ascii TITLEMessage/TITLE META content=MSHTML 6.00.2800.1400 name=GENERATOR/HEAD BODY DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004That almost looks like one of the dummy user accounts that gets added as part of IIS.nbsp; I see a couple of these on one win2k server that I maintain:/SPAN/FONT/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004/SPAN/FONTnbsp;/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004IWAM_lt;hostnamegt; (Launch IIS Process Account)/SPAN/FONT/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004/SPAN/FONTnbsp;/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004IUSER_lt;hostnamegt; (Internet Guest Account)/SPAN/FONT/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004/SPAN/FONTnbsp;/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004Luke/SPAN/FONT/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004/SPAN/FONTnbsp;/DIV DIVFONT face=Arial color=#ff size=2SPAN class=613275217-21062004/SPAN/FONTnbsp;/DIV DIV/DIV DIVFONT face=Tahoma size=2-Original Message-BRBFrom:/B [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] BOn Behalf Of /B[EMAIL PROTECTED]BRBSent:/B Monday, June 21, 2004 1:45 PMBRBTo:/B [EMAIL PROTECTED]BRBSubject:/B Interesting OccurrenceBRBR/DIV/FONT BLOCKQUOTE style=PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #ff 2px solid; MARGIN-RIGHT: 0pxBRFONT face=sans-serif size=2Okay... Here is a new one for me. nbsp;Got a call from my dad saying he left his PC on last night connected to his broadband. nbsp;He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. nbsp;He immediately deleted is and called me. nbsp;I had him ensure his critical updates we all applied - they were. nbsp;I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). nbsp;He is running XP Home./FONT BRBRFONT face=sans-serif size=2I searched the antivirus sites and elsewhere for references. nbsp;Any idea if there is a new vulnerability that has not been publicly released? nbsp;Any clues?/FONT BRBRFONT face=sans-serif size=2Regards,/FONT BRFONT face=sans-serif size=2Brent/FONT BR/BLOCKQUOTE/BODY/HTML
Re: Interesting Occurrence
I'm sure Susan will make sure to revoke his posting rights. -chris On Mon, 21 Jun 2004, Richard A Steenbergen wrote: On Mon, Jun 21, 2004 at 12:44:50PM -0500, [EMAIL PROTECTED] wrote: Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Dare I ask, what part of North American Network Operators Group made you think that this could POSSIBLY be on-topic or of interest to anyone here? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Interesting Occurrence
Mon, Jun 21, 2004 at 13:58, [EMAIL PROTECTED] wrote: Dare I ask, what part of North American Network Operators Group made you think that this could POSSIBLY be on-topic or of interest to anyone here? #1 - Without sounding like a suck up, some of the greatest security minds are subscribed to this list and I, being totally self centered, thought that I would try and monopolize they're time for a small portion of the day. #2 - I have seen in the past that the locomotives of security vulnerabilities are predominately discovered and discussed on this forum... likely related to others' similar feelings on #1 above. #3 - the list has been quiet today and thought I would spark up a few threads ;-) Brent
Re: Interesting Occurrence
Try Securityfocus' Incidents list. On Mon, Jun 21, 2004 at 12:44:50PM -0500, [EMAIL PROTECTED] wrote: Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Regards, Brent
Re: Interesting Occurrence
Not the best place to ask (full-discloure or the incidents list perhaps), but there are numerous phishing scams going of late (I get 3 or 4 a day) that exploit an unpatched IE bug e.g. the spam reads You Have a VoiceMessage Waiting Priority :Urgent From:xxx xxx http://www.ONEvoicemailbox.net/voicemail/ (replace ONE with 1 in the host)-- I strongly suggest NOT going to this site with IE This particular site crams in a keylogger into your PC by use of http://221.4.203.78/bestadult/shellscript_loader.js http://221.4.203.78/bestadult/shellscript.js ---Mike At 01:44 PM 21/06/2004, [EMAIL PROTECTED] wrote: Okay... Here is a new one for me. Got a call from my dad saying he left his PC on last night connected to his broadband. He went to log in this morning and noticed a new ID in his user list - IWAP_WWW. He immediately deleted is and called me. I had him ensure his critical updates we all applied - they were. I had him ensure his antivirus was up to date - it was (Norton Antivirus 2004). He is running XP Home. I searched the antivirus sites and elsewhere for references. Any idea if there is a new vulnerability that has not been publicly released? Any clues? Regards, Brent
Attn MCI/UUNet - Massive abuse from your network
(apologies to NANOG for only quasi-operational content of this message - I only post this here due to the fact that I am sure it is a problem on many of your networks) Attention UUNet, Regarding your continued unabated spam support, when do you plan to address the *189* issues outlined in the Spamhaus SBL (http://www.spamhaus.org/sbl/listings.lasso - ISPs in the United States - MCI.com )? Here's part of your AUP: Email: Sending unsolicited mail messages, including, without limitation, commercial advertising and informational announcements, is explicitly prohibited. A user shall not use another site's mail server to relay mail without the express permission of the site. What does your ethics department say about your blatant disregard for the internet in general and your complete and willful ignorance of your stated policies and procedures? Does UUNet *ever* plan on enforcing this AUP? I can't help but notice that several of these spammers are career hard-line operations- including Eddy Marin, G-Force Marketing, and Atriks to name a few. Are these customers operating under some form of undisclosed Special Customer Agreement ( http://global.mci.com/publications/service_guide/s_c_a/)? If so, how much do they pay for their pink contract? At this point I am just curious what the answers to these questions are. I have not (yet) widely blocklisted uunet, but if things don't change I fear such a measure may be the only way to stop the abuse spewing from your networks. Seeing such a large (and once-respected) network go as completely black-hat rogue as UUNet has is a sad thing. Any reply at all would be most welcome. ~Ben --- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Re: Attn MCI/UUNet - Massive abuse from your network
On Mon, 21 Jun 2004, Ben Browning wrote: (apologies to NANOG for only quasi-operational content of this message - I only post this here due to the fact that I am sure it is a problem on many of your networks) curious, why did you not send this to the abuse@ alias? Did you include any logs or other relevant data about the problems you are reporting? Attention UUNet,
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around. I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings). /John They, the DOJ is just trying to do it's job, as they are under the microscope due to the fumbles that led to the compromises by an obviously inept predecessor. Now, they are tighten the screws on everything from telecoms to bank accounts; to prevent another round of fumbled information resulting in a preventable issue going unchecked. I don't like all of the hoops either but, nothing we do or say is going to change their minds or their course of action. -Peter
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
On Mon, 21 Jun 2004, John Curran wrote: With respect to enforcement, I am sure there are ways to prevent being caught involving amusing offshore logistics, but that will still prevent the vast majority of US businesses from offering non-2281 compliant services. Off-shore would be the NSA, not the FBI. The NSA has not reported any problems tapping VOIP communications. But the NSA's budget is a lot bigger than the FBI's :-) There are lots of examples of extraterritoriality. MasterCard built a data center in Europe to process European credit card transactions. The US Department of Transportation restricts the use of Canadian train dispatchers controlling portions of US railroad tracks. All the telephone switches serving Palestinian Territory are physically located in Israel. Several third-world countries have been trying to block the use of international VOIP. There aren't that many international networks, with appropriate pressure, they could block/tap/whatever people trying to use extraterritorial VOIP. I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings). The Department of Justice has been successfully tapping computer networks since at least 1995. http://www.usdoj.gov/opa/pr/1996/March96/146.txt FEDERAL CYBERSLEUTHERS ARMED WITH FIRST EVER COMPUTER WIRERTAP ORDER NET INTERNATIONAL HACKER CHARGED WITH ILLEGALLY ENTERING HARVARD AND U.S MILITARY COMPUTERS WASHINGTON, D.C. -- The first use of a court-ordered wiretap on a computer network led today to charges against an Argentine man accused of breaking into Harvard University's computers which he used as a staging point to crack into numerous computer sites including several belonging to the Department of Defense and NASA. The wiretap, on the computer of Harvard's Faculty of Arts and Sciences during the last two months of 1995, resulted in the filing of a criminal complaint against 21-year-old Julio Cesar Ardita of Buenos Aires. An arrest warrant has been issued for Ardita. It is not a technical problem (maybe 5% technical, 95% non-technical). I don't disagree LEA may have a problem. However, almost all of the problems identified have been with either money, training for law enforcement, or non-IP technologies (i.e. push-to-talk on Nextel, which doesn't require a connection to the PSTN).
Re: Attn MCI/UUNet - Massive abuse from your network
At 11:42 AM 6/21/2004, Christopher L. Morrow wrote: curious, why did you not send this to the abuse@ alias? I wanted it to get read. Did you include any logs or other relevant data about the problems you are reporting? These problems are systemic and internet-wide. I can likely drudge up a great many examples if someone from UUNet can assure me they will be read and acted on. ~Ben --- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
On Mon, 21 Jun 2004, Pete Schroebel wrote: I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around. I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings). /John They, the DOJ is just trying to do it's job, as they are under the microscope due to the fumbles that led to the compromises by an obviously inept predecessor. Now, they are tighten the screws on everything from telecoms to bank accounts; to prevent another round of fumbled information resulting in a preventable issue going unchecked. If you mean the 'misplaced' information surrounding the 9/11 hijackers, I'm not sure any amount of wiretapping/snooping would have ever changed the situation. The problem was more related to, according to news reports and senate (house?) hearings/testimony, miscommunications inside each of the parts of the DoJ/CIA/NSA. All the wiretapping in the world wont get information passed correctly inside these organizations. Smoke screen efforts are less helpful and are simple diversions from the reality of the problem.
Re: Attn MCI/UUNet - Massive abuse from your network
curious, why did you not send this to the abuse@ alias? I wanted it to get read. you have just certified yourself as an idiot plonk!
Re: Attn MCI/UUNet - Massive abuse from your network
Randy Bush wrote: curious, why did you not send this to the abuse@ alias? I wanted it to get read. you have just certified yourself as an idiot plonk! One down, only ~6 billion to go. I sure hope we donĀ“t have to list them one by one. Pete
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
They, the DOJ is just trying to do it's job, as they are under the microscope due to the fumbles that led to the compromises by an obviously inept predecessor. Now, they are tighten the screws on everything from telecoms to bank accounts; to prevent another round of fumbled information resulting in a preventable issue going unchecked. If you mean the 'misplaced' information surrounding the 9/11 hijackers, I'm not sure any amount of wiretapping/snooping would have ever changed the situation. The problem was more related to, according to news reports and senate (house?) hearings/testimony, miscommunications inside each of the parts of the DoJ/CIA/NSA. All the wiretapping in the world wont get information passed correctly inside these organizations. Smoke screen efforts are less helpful and are simple diversions from the reality of the problem. I disagree, as there are listening stations in almost every language that have been very useful; I've seen them, built them some over the years and watched others start-up, . The DOJ needs to be able to do the same with the voip/networks/internet and soon intranet. A few of the major ISP's / Mail Houses already have special contracts running Kenan's SQL over the mail archives before they are expunged. I imagine that issue will soon apply to us all here in the US. You are correct that there is nothing that is going to make a government organizations work or actually do their job; with exception of obtaining yet another holiday. -Peter
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
I disagree, as there are listening stations in almost every language that have been very useful; I've seen them, built them some over the years and watched others start-up, . The DOJ needs to be able to do the same with the voip/networks/internet and soon intranet. and don't forget the television cameras in people's living and bed rooms. randy
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
On Mon, 21 Jun 2004, Pete Schroebel wrote: Smoke screen efforts are less helpful and are simple diversions from the reality of the problem. I disagree, as there are listening stations in almost every language that have been very useful; I've seen them, built them some over the years and watched others start-up, . The DOJ needs to be able to do the same with the voip/networks/internet and soon intranet. A few of the major ISP's / Mail yes, agreed. moving toward the next technology of snooping is a good thing for DoJ. Houses already have special contracts running Kenan's SQL over the mail archives before they are expunged. I imagine that issue will soon apply to us all here in the US. You are correct that there is nothing that is going to make a government organizations work or actually do their job; with exception of obtaining yet another holiday. my smoke screen reference was aimed at the but the doj must do this to show action, because of their floundering and poor performance in the past which lead to catastrophes. Sorry for not being clear.
RE: [Fwd: [IP] Feds: VoIP a potential haven for terrorists]
It won't make any difference. Anyone (barring complete idiots) will encrypt the traffic with long keys. Curtis -- Curtis Maurand mailto:[EMAIL PROTECTED] http://www.maurand.com On Sun, 20 Jun 2004, Hannigan, Martin wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean Donelan Sent: Saturday, June 19, 2004 10:25 PM To: Cade,Marilyn S - LGCRP Cc: Steven M. Bellovin; Jim Dempsey (E-mail); North American Noise and Off-topic Gripes Subject: RE: [Fwd: [IP] Feds: VoIP a potential haven for terrorists] On Sat, 19 Jun 2004, Cade,Marilyn S - LGCRP wrote: [SNIP] A SPAN port could satisfy an ISP's obligations under TitleIII/ECPA, but not satisfy CALEA. What is required is TCAP information and bearer traffic. Typically delivered off the switch back to the LEA collector via a DS0. The TCAP information can be delivered in a multitude of ways.
Operational: Was Abuse Complaints
I am beginning to think there need to be two types of abuse reports. One from individuals to their providers -- of the ilk: This guy is spamming me!!. You have to accept these from your customers because they could be about you or someone else that you have the responsibility of forwarding on. This is the controversial part of the proposal: You do not need to accept these from non-customers. This is the improvement part: Another of the ilk from abuse desks (and certain individuals who have high enough clue factor) that is in an automatically parseable format. Maybe like a radb type format. It would be fairly trivial to handle the parsing. In the event of an attack [on your abuse desk], you can say no more than 1000 per day/hr from the same source --- this keeps your abuse desk from getting flooded. Known talkers can be exempted from rate limits. You have to accept a properly formatted one of these from everyone unless they are flooding you. Obvious here is that if someone isn't going to respond to an abuse item, it doesn't matter what form you send it -- If you are Spamhaus or some other organization and you are going to blackhole them in their lack of response, you of course can still do this. The idea here is that guys who are responsive don't need to read 800 complaints about the same matter that they are already handling and responsible complainers The idea is that this type of approach, if adopted, will stream line abuse desks and allow them to have predictable manpower hours needed to resolve x number of complaints because you will not have to deal with one abuse item more than the one or twice needed. You will also not need personnel to categorize incoming messages as [spam to your abuse desk, spam complaints to your abuse desk that are valid, spam complaints to your abuse desk about someone else]. Flames in private mail please. What am I missing on this busy Monday afternoon? Thanks, DJ
Level(3)-ATT problems
Hi all, We're situated firmly on ATT, and clients of ours who are behind Level(3) are having connectivity issues reaching us. Are there any known problems? ATT has reported some to me, I am just curious if it is just the T/L3 link or if it is a bigger L3 problem. Thanks! //jbaltz -- jerry b. altzman[EMAIL PROTECTED]+1 646 230 8750 Thank you for contributing to the heat death of the universe.
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
On Mon, 21 Jun 2004, Christopher L. Morrow wrote: yes, agreed. moving toward the next technology of snooping is a good thing for DoJ. You can request copies of the law enforcement needs documents at http://www.askcalea.net/standards.html Packet Surveillance Fundamental Needs Document (PSFND) Electronic Surveillance Needs for Carrier Grade Voice over Packet Service (CGVoP) Electronic Surveillance Needs for Public IP Network Access Service (PIPNAS) If you don't like sending your name and email address to the FBI, try Google. The VOIP document is about 80 pages long, the IP document is about 100 pages. However, the historical practice has been to revise and extend the requirements. So there may be additional needs which aren't included in these documents. They are very extensive needs, not just maintaining the status quo. Is sound transmitted call-content or call-identification action? On the other hand, is silence call-content or call-identification? When reporting every packet transmitted as call-identification information really letting you partially peak into the content (sound/silence) without the hassle of a content intercept order? People have guessed the length of people's passwords based on the number of packets, even though they couldn't decrypt the packets.
Re: Operational: Was Abuse Complaints
On Mon, Jun 21, 2004 at 05:21:15PM -0400, Deepak Jain wrote: I am beginning to think there need to be two types of abuse reports. I think you're speaking of INCH. http://www.ietf.org/html.charters/inch-charter.html the ability to hand reports back and forth btw providers like this is something that could be really cool.. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Attn MCI/UUNet - Massive abuse from your network
At 12:28 PM 6/21/2004, Christopher L. Morrow wrote: the ethics office doesn't need to see your complaints, they don't really deal with these anyway. I am quite sure that the ethics department does not deal with spam complaints. My complaint is that your stated policy is clearly not being followed. MCI is currently the Number 1 spam source on many lists- certainly, your overall size skews that figure somewhat, but the listings I see (on the SBL anyway, I do not have the many hours needed to read all the documentation SPEWS has to offer) have reports that are at least 6 months old and are still alive... As an example, I see a posting that says emailtools.com was alive on 206.67.63.41 in 2000. They aren't there any more... But now: [EMAIL PROTECTED] telnet mail.emailtools.com 25 Trying 65.210.168.34... Connected to mail.emailtools.com. Escape character is '^]'. 220 mail.emailtools.com ESMTP Merak 5.1.5; Mon, 21 Jun 2004 18:55:20 -0400 quit 221 2.0.0 mail.emailtools.com closing connection Connection closed by foreign host. [EMAIL PROTECTED] whois `dnsip mail.emailtools.com` UUNET Technologies, Inc. UUNET65 (NET-65-192-0-0-1) 65.192.0.0 - 65.223.255.255 MTI SOFTWARE UU-65-210-168-32-D9 (NET-65-210-168-32-1) 65.210.168.32 - 65.210.168.39 I can furnish as many examples as needed of cases where UUNet has demonstrably ignored complaints. Alternately, you could go ask any major anti-spam community(NANAE for example) or entity (SpamCop, etc) how they feel your abuse@ response has been. If this sounds like a pain, I will gladly collect such stories and send them to whoever there can effect changes in these policies. On Mon, 21 Jun 2004, Ben Browning wrote: At 11:42 AM 6/21/2004, Christopher L. Morrow wrote: curious, why did you not send this to the abuse@ alias? I wanted it to get read. messages to abuse@ do infact get read... Allow me to rephrase- I wanted it to be read and hoped someone would act on complaints. I have no doubt MCI is serious about stopping DDOS and other abusive traffic of that ilk- when it comes to proxy hijacking and spamming, though, abuse@ turns a blind eye. What other conclusion can I draw from the 200ish SBL entries under MCI's name? Why else would emailtools.com(for example) still be around despite their wholesale raping of misconfigured proxies? All I want is a couple of straight-up answers. Why do complaints to uunet go unanswered and the abusers remain connected if, in fact, the complaints are read? Why has MCI gone from 111 SBL listings as of January 1 to 190 as of today? To whom does the anti-spam community turn when it becomes obvious a tier-1 provider is ignoring complaints? If I am a kook and an idiot for wanting a cleaner internet, well then I guess I am a kook and an idiot. ~Ben --- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Being abused by a spammer.. Need help - AOL/swbell/adelphia.net
Below are several examples of spam apperantly being sent out forging both my from address domain and Received from server information. Obviously this could become problematic. Fortunatly it's inaccurate. Any help on how I can do something about this or find ouy who and how they are doing it would be greatly appreciated. Also I would share that this started after i started notifying upstream ISP's of spam violations. Who apparently shared my information to earn myself retaliation. The ISP's were most likely Media Dreamland and UUNET/MCI but I cannot be certain of course. Nicole Return-Path: [EMAIL PROTECTED] Received: (qmail 18818 invoked from network); 21 Jun 2004 14:20:10 - Received: from exprod6mx50.postini.com (HELO psmtp.com) (12.158.35.194) by adams.net with SMTP; 21 Jun 2004 14:20:10 - Received: from source ([67.23.190.129]) by exprod6mx50.postini.com ([12.158.35.251]) with SMTP; Mon, 21 Jun 2004 07:20:08 PDT Received: from unixgirl.com (mx20.webweaver.net [64.124.90.17]) by 67-23-190-129.bflony.adelphia.net (Postfix) with ESMTP id 8F0CC0C0CB for [EMAIL PROTECTED]; Mon, 21 Jun 2004 10:19:38 -0500 Message-ID: [EMAIL PROTECTED] From: Denier I. Hobbs [EMAIL PROTECTED] To: Sgrigsby [EMAIL PROTECTED] Subject: See the Cutset Chcks Chick Gaping asloeshs filled with Date: Mon, 21 Jun 2004 10:19:38 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0016_C8B1DB09.BE7DF58C X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE: 6.20.0.1; VDF: 6.20.0.46; host: 67-23-190-129.bflony.adelphia.net) Hlelo, chief :) Young Cum Wrohe creampie vidoes ready to dlownoad http://hO7paPqK.u.shoppostfalls.org/acfe22eeddf82266e32f/47XHt4LTK/FQUcOgkUBRsmA woyAxRJDAMW.htm - Return-Path: [EMAIL PROTECTED] Received: from 61-27-138-9.home.ne.jp (61-27-138-9.home.ne.jp [61.27.138.9]) by theta.nas.net (8.11.6/8.10.1) with SMTP id i5L4VbK20918 for [EMAIL PROTECTED]; Mon, 21 Jun 2004 00:31:38 -0400 (EDT) Received: from unixgirl.com (mx20.webweaver.net [64.124.90.17]) by 61-27-138-9.home.ne.jp (Postfix) with ESMTP id A5F4DC0886 for [EMAIL PROTECTED]; Mon, 21 Jun 2004 00:31:11 -0500 Message-ID: [EMAIL PROTECTED] From: Selfsame R. Routinizing [EMAIL PROTECTED] To: Awilbur [EMAIL PROTECTED] Subject: Hot Chick Gteting Jizezd Inetrnally in her Ass Date: Mon, 21 Jun 2004 00:31:11 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0003_1BC6E4BE.73348A74 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Hlelo teerh! Hot Chick Fileld with Cum http://oitjl.pMkOx1kQ.0kzP5jE.shoppostfalls.org/acfe22eeddf82266e32f/2wFjk/BxUHP wwSFSIIBxoyDQQCERVMAT1ABAY=.htm -- Received: from bm9.sec.tds.net ([216.170.230.79]) by mta02.mail.tds.net with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Sun, 20 Jun 2004 21:14:13 -0500 Received: from adsl-209-30-158-163.dsl.rcsntx.swbell.net (adsl-209-30-158-163.dsl.rcsntx.swbell.net [209.30.158.163]) by bm9.sec.tds.net (8.12.10/8.12.2) with SMTP id i5L2E8qt001719 for [EMAIL PROTECTED]; Sun, 20 Jun 2004 21:14:10 -0500 (CDT) Received: from unixgirl.com (mx20.webweaver.net [64.124.90.17]) by adsl-209-30-158-163.dsl.rcsntx.swbell.net (Postfix) with ESMTP id 3F39723BDF for [EMAIL PROTECTED]; Sun, 20 Jun 2004 22:13:44 -0500 Message-ID: [EMAIL PROTECTED] From: Frazzled F. Restrains [EMAIL PROTECTED] To: Becky [EMAIL PROTECTED] Subject: The Httseot Chick gteting their asses fileld with cum Date: Sun, 20 Jun 2004 22:13:44 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0035_D46F3F18.B5679917 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.5; AVE: 6.17.0.2; VDF: 6.17.0.5; host: adsl-209-30-158-163.dsl.rcsntx.swbell.net) Good day. Spam explicatives deleted. http://tvLvT.shoppostfalls.org/acfe22eeddf82266e32f/PAmrZy9Yi/o1DBZY/6Cyo18y/BAc NOBcnEwESAUAwAQo=.htm - Received: from smtp-dtc01.proxy.aol.com (smtp-dtc01.proxy.aol.com [205.188.118.17]) by rly-ip04.mx.aol.com (v98.19) with ESMTP id RELAYIN10-b40d62f2867; Sun, 20 Jun 2004 20:43:20 -0400 Received: from AC9935A8.ipt.aol.com (AC9935A8.ipt.aol.com [172.153.53.168]) by smtp-dtc01.proxy.aol.com (8.12.11/8.12.11) with SMTP id i5L0hCtZ013596 for [EMAIL PROTECTED]; Mon, 21 Jun 2004 00:43:15 GMT Received: from
Re: Attn MCI/UUNet - Massive abuse from your network
On Mon, 21 Jun 2004 11:09:05 -0700, Ben Browning wrote: At this point I am just curious what the answers to these questions are. I have not (yet) widely blocklisted uunet, but if things don't change I fear such a measure may be the only way to stop the abuse spewing from your networks. Seeing such a large (and once-respected) network go as completely black-hat rogue as UUNet has is a sad thing. Any reply at all would be most welcome. For my own amusing experience with this spam enabler, see http://www.camblab.com/nugget/spam_03.pdf You will find the answer to your questions Jeffrey Race
Re: Attn MCI/UUNet - Massive abuse from your network
On Mon, 21 Jun 2004 19:28:07 + (GMT), Christopher L. Morrow wrote: Did you includeany logs or other relevant data about the problems you are reporting? These problems are systemic and internet-wide. I can likely drudge up a great many examples if someone from UUNet can assure me they will be read and acted on. the best way to get abuse complaints handled is to infact send them to the abuse@ Messages are read and ignored. I went through the complete process all the way up to the staff attorney in charge of this matter. The firm ran then (see article cited in previous post) on the Environmental Polluter business model (externalize the costs, internalize the revenue) and clearly still does. It is a policy decision of senior management. This is why they are always high up in the list of internet scum enablers. Ben, that is your answer. Wish I had better news for you. It will go on this way until the management persons responsible for this continuing fraud upon us are led away in handcuffs just as were those members of this firm who were responsible for the (similar) financial frauds. Chris, if a massively insecure network by management choice is not an operational issue for the victims, what is? Jeffrey Race
Re: Verisign vs. ICANN
Title: Re: Verisign vs. ICANN Thanks, Dickson - next time I'll try to write exact text from the very beginniong -:). This is _exactly_ what I want to say, with examples I was too lazy to write myself. To make Alexei's argument's syntax agree with the intended semantics: He means to say, "Technically, there is no grounds for implementing SiteFinder by means of inserting wildcards to the .com and .net zones. Rather, there are specific grounds for *not* inserting wildcards, regardless of the purpose of those wildcards, in .net and .com zones. (E.g.: in contrast with .museum zone, which is generally special-purpose, and for which assumptions about which services are expected (www only) are reasonable and valid, the .com and .net zone are general-purpose, and pretty much any service, including all assigned values for TCP and UDP ports from the IANA, should and must be presumed to be used across the collection of IPv4 space.) The crux of the problem appears in a particular case, for which *no* workaround exists, and for which no workaround *can* exist, from a straight derivational logic of state-machine origins. The DNS *resolver* system, is only one of the places where the global namespaces is *implemented*. Any assigned DNS name *may* be placed into the DNS. And *only* the owner of that name has authority to register that name, or cause its value to return from any query. An assigned name, however, can *also*, or even *instead* of being placed into the DNS *resolver* system, be put into other systems for resolving and returning name-address mappings. These include: the predecessor to BIND, which is the archaic "/etc/hosts" file(s) on systems; Sun's NIS or NIS+ systems (local to any NIS/NIS+ domain space); LDAP and similar systems; X.500 (if this is by any chance distinct from LDAP - I'm no expert on either); and any other arbitrary system for implementing name-address lookups. And the primary reason for *REQUIRING* NXDOMAIN results in DNS, is that in any host system which queries multiple sources, only a negative response on a lookup will allow the search to continue to the next system in the search order. Implementing root-zone wildcards, places restrictions on both search-order, and content population, of respective name-resolution systems, which violates any combination of RFCs and best-common practices. And, most importantly, *cannot* be worked around, *period*. Until the RFCs are extended to permit population of zones with authoritative *negative* information, and all the servers and resolvers implement support for such, *and* operators of root zone databases automatically populate assigned zones with such negative values, wildcards *will* break, in unreconcileable fashion, existing, deployed systems which refer to multiple implementations of zone information services, and for which *no* workaround is possible. Apologies for a long, semi-on-topic post. Hopefully this will end this thread, and maybe even put a stake through the heart of the VeriSign filing (at least this version of it). While the law generally doesn't recognize mathematically excluded things as a matter of law, when it comes to affirmative testimony, counter-arguments can demonstrably be shown as de-facto purgury (sp?). Brian Dickson (who has had to deploy systems in heterogeneous environments, and is aware of deployed systems that broke because of *.com)