> From: Steve Atkins <[EMAIL PROTECTED]>
> Subject: Re: Hey, SiteFinder is back, again...
> Date: Tue, 6 Nov 2007 13:07:14 -0800
>
> On Nov 6, 2007, at 12:20 PM, Robert Bonomi wrote:
> >> From: Barry Shein <[EMAIL PROTECTED]>
> >> Date: Tue, 6
On Nov 6, 2007 5:35 PM, Greg Skinner <[EMAIL PROTECTED]> wrote:
>
>
[ snip ]
> Hmmm. When using IE 7 on Windows Vista out of the box, and I give it
> a non-existent domain, it prompts me to connect to a network (even if
> I'm already connected to one). It also puts the browser in "work
> offlin
Bill Stewart wrote:
> When Verisign hijacked the wildcard DNS space for .com/.net, they
> encoded the Evil Bit in the response by putting Sitefinder's IP
> address as the IP address. In theory you could interpret that as
> damage and route around it, or at least build ACLs to block any
> traffic
On Nov 6, 2007, at 12:20 PM, Robert Bonomi wrote:
From: Barry Shein <[EMAIL PROTECTED]>
Date: Tue, 6 Nov 2007 13:05:26 -0500
Subject: Re: Hey, SiteFinder is back, again...
Since this is verizon, one wonders why this has never been tried on
wrong, non-working phone numbers?
> From: Barry Shein <[EMAIL PROTECTED]>
> Date: Tue, 6 Nov 2007 13:05:26 -0500
> Subject: Re: Hey, SiteFinder is back, again...
>
> Since this is verizon, one wonders why this has never been tried on
> wrong, non-working phone numbers?
>
> Visit your local ch
Since this is verizon, one wonders why this has never been tried on
wrong, non-working phone numbers?
Visit your local chevy dealer, no interest for 12 months! We're
sorry, the number you have reached
is it illegal?
How long before they'll just make you sit thru a few seconds o
On Mon, 5 Nov 2007 23:46:08 -0800
"Christopher Morrow" <[EMAIL PROTECTED]> wrote:
>
> On 11/5/07, Eliot Lear <[EMAIL PROTECTED]> wrote:
>
> >
> > Cough. So, how much is that NXDOMAIN worth to you?
>
> So, here's the problem really... NXDOMAIN is being judged as a
> 'problem'. It's really only
ittle
jerky.
Frank
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Stefan Bethke
Sent: Monday, November 05, 2007 11:38 PM
To: Stephane Bortzmeyer
Cc: nanog@merit.edu
Subject: Re: Hey, SiteFinder is back, again...
Am 05.11.2007 um 17:16 schrieb Ste
On 11/5/07, Eliot Lear <[EMAIL PROTECTED]> wrote:
>
> Cough. So, how much is that NXDOMAIN worth to you?
So, here's the problem really... NXDOMAIN is being judged as a
'problem'. It's really only a 'problem' for a small number of
APPLICATIONS on the Internet. One could even argue that in a
web-
David Conrad wrote:
>
> On Nov 5, 2007, at 2:13 PM, Bora Akyol wrote:
>> Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
>> Validation? If not, then do people have a choice?
>
> Yes and no.
Of course, nobody supports the "Evil bit" today, so some change would be
necessary on
Am 05.11.2007 um 17:16 schrieb Stephane Bortzmeyer:
3) Provide DNS recursors which do the mangling *and* block users,
either by filtering out port 53 or by giving them a RFC 1918 address
with no NAT for this port.
I've seen 1) and 2) in the wild and I am certain I will see 3) one day
or the ot
> Mark,
>
> On Nov 5, 2007, at 5:31 PM, Mark Andrews wrote:
> > All you have to do is move the validation to a machine you
> > control to detect this garbage.
>
> You probably don't need to bother with DNSSEC validation to stop the
> Verizon redirection. All you need do is run a cach
Mark,
On Nov 5, 2007, at 5:31 PM, Mark Andrews wrote:
All you have to do is move the validation to a machine you
control to detect this garbage.
You probably don't need to bother with DNSSEC validation to stop the
Verizon redirection. All you need do is run a caching server
In article <[EMAIL PROTECTED]> you write:
>
>On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
>> What affect will Allegedly Secure DNS have on such provider
>> hijackings, both of DNS and crammed-in content?
>
>If what Verizon is doing is rewriting NXDOMAIN at their caching
>servers, DNSSEC will
In article <[EMAIL PROTECTED]> you write:
>
>On Sun, 4 Nov 2007 11:52:11 -0500 (EST)
>Sean Donelan <[EMAIL PROTECTED]> wrote:
>
>> I just wish the IETF would acknowledge this and go ahead and define a
>> DNS bit for artificial DNS answers for all these "address correction" and
>> "domain parking"
On Nov 5, 2007, at 2:13 PM, Bora Akyol wrote:
Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?
Yes and no.
If you run your own caching server and that caching server supports
DNSSEC and you enable DNSSEC and set up/maint
Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?
Regards
Bora
On 11/5/07 11:54 AM, "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
>
> On Mon, 5 Nov 2007 11:17:29 -0800
> David Conrad <[EMAIL PROTECTED]> wrote:
>
>> On
David Conrad wrote:
>
> As an aside, I note that Verizon is squatting on address space allocated
> to APNIC. From the self-help web page offered to opt out of this
> "service" (specific to the particular hardware customers might be using,
> e.g., http://netservices.verizon.net/portal/link/help/i
On Nov 5, 2007, at 11:54 AM, Steven M. Bellovin wrote:
On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
What affect will Allegedly Secure DNS have on such provider
hijackings, both of DNS and crammed-in content?
If what Verizon is doing is rewriting NXDOMAIN at their caching
servers, DNSSEC wi
On Mon, 5 Nov 2007 11:17:29 -0800
David Conrad <[EMAIL PROTECTED]> wrote:
> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
> > What affect will Allegedly Secure DNS have on such provider
> > hijackings, both of DNS and crammed-in content?
>
> If what Verizon is doing is rewriting NXDOMAIN at th
On Mon, 5 Nov 2007 17:16:11 +0100
Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote:
>
> On Mon, Nov 05, 2007 at 10:54:05AM -0500,
> Andrew Sullivan <[EMAIL PROTECTED]> wrote
> a message of 29 lines which said:
>
> > One could argue that it is less evil to do this at recursive
> > servers, becaus
On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
What affect will Allegedly Secure DNS have on such provider
hijackings, both of DNS and crammed-in content?
If what Verizon is doing is rewriting NXDOMAIN at their caching
servers, DNSSEC will _not_ help. Caching servers do the validation
an
I think ICANN should probably come out and specify that doing
wildcard matchin on TLD delegations is Not A Good thing.
You mean like http://www.icann.org/committees/security/sac015.htm ?
Regards,
-drc
Hi,
Based on the procedures they document to opt-out, doesn't look like
Sitefinder-like authoritative wildcarding. Looks more like caching
server NXDOMAIN rewriting. If so, easy to get around: just run your
own caching server. Also means you can't defeat this using DNSSEC
(if it was a
On Mon, Nov 05, 2007 at 11:52:02AM -0500, Patrick W. Gilmore wrote:
> authority for a TLD is bad, because most people don't have a choice of
> TLD. (Or at least think they don't.)
I don't think that's the reason; I think the reason is that someone
who needs to rely on Name Error can't do it, i
When Verisign hijacked the wildcard DNS space for .com/.net, they
encoded the Evil Bit in the response by putting Sitefinder's IP
address as the IP address. In theory you could interpret that as
damage and route around it, or at least build ACLs to block any
traffic to that IP address except for
On Sun, 4 Nov 2007 11:52:11 -0500 (EST)
Sean Donelan <[EMAIL PROTECTED]> wrote:
> I just wish the IETF would acknowledge this and go ahead and define a
> DNS bit for artificial DNS answers for all these "address correction" and
> "domain parking" and "domain tasting" people to use for their keen
On Nov 5, 2007, at 10:54 AM, Andrew Sullivan wrote:
On Sun, Nov 04, 2007 at 08:32:25AM -0500, Patrick W. Gilmore wrote:
A single provider doing this is not equivalent to the root servers
doing it. You can change providers, you can't change "." in DNS.
This is true, but Verisign wasn't doing
On Nov 5, 2007, at 7:40 AM, Joe Greco wrote:
Reinventing the DNS protocol in order to intercept odd stuff on the
Web
seems to me to be overkill and bad policy. Could someone kindly
explain
to me why the proxy configuration support in browsers could not be
used
for this, to limit the scope
What affect will Allegedly Secure DNS have on such provider
hijackings, both of DNS and crammed-in content?
[Assuming we ever get to such; I know ASD is in line to deploy just
after perpetual motion and honest politicians..]
--
A host is a host from coast to [EMAIL PROTECTED]
& no one will t
On Mon, Nov 05, 2007 at 10:54:05AM -0500,
Andrew Sullivan <[EMAIL PROTECTED]> wrote
a message of 29 lines which said:
> One could argue that it is less evil to do this at recursive
> servers, because people could choose not to use that service by
> installing their own full resolvers or whatev
Andrew Sullivan (andrew) writes:
>
> The last time I heard a discussion of this topic, though, I heard
> someone make the point that there's a big difference between
> authority servers and recursing resolvers, which is the same sort of
> point as above. That is, if you do this in the authority
On Sun, Nov 04, 2007 at 08:32:25AM -0500, Patrick W. Gilmore wrote:
>
> A single provider doing this is not equivalent to the root servers
> doing it. You can change providers, you can't change "." in DNS.
This is true, but Verisign wasn't doing it on root servers, IIRC, but
on the .com and .
> Sean,
> >>
> >> Yes, it sounds like the evil bit. Why would anyone bother to set it?
> >
> > Two reasons
> >
> > 1) By standardizing the process, it removes the excuse for using
> > various hacks and duct tape.
> >
> > 2) Because the villian in Bond movies don't view themselves as evil.
> > Goo
Sean,
>>
>> Yes, it sounds like the evil bit. Why would anyone bother to set it?
>
> Two reasons
>
> 1) By standardizing the process, it removes the excuse for using
> various hacks and duct tape.
>
> 2) Because the villian in Bond movies don't view themselves as evil.
> Google is happy to pre-ch
* Sean Donelan:
> I just wish the IETF would acknowledge this and go ahead and define a
> DNS bit for artificial DNS answers for all these "address correction"
> and "domain parking" and "domain tasting" people to use for their keen
> "Web 2.0" ideas.
>
> And for all the other non-Web protocols w
On Sun, 4 Nov 2007, Eliot Lear wrote:
Sean Donelan wrote:
I just wish the IETF would acknowledge this and go ahead and define a
DNS bit for artificial DNS answers for all these "address correction"
and "domain parking" and "domain tasting" people to use for their keen
"Web 2.0" ideas.
Yes, it
Sean Donelan wrote:
> I just wish the IETF would acknowledge this and go ahead and define a
> DNS bit for artificial DNS answers for all these "address correction"
> and "domain parking" and "domain tasting" people to use for their keen
> "Web 2.0" ideas.
Yes, it sounds like the evil bit. Why wo
On Sun, 4 Nov 2007 11:52:11 -0500 (EST)
Sean Donelan <[EMAIL PROTECTED]> wrote:
>
> And for all the other non-Web protocols which get confused, can treat
> that artificially generated crap/answers like NXDOMAIN. Yes, I know
> it sounds like the evil bit; but if these folks are so convinced
> p
On Sat, 3 Nov 2007, Christopher Morrow wrote:
http://www.irbs.net/internet/nanog/0607/0139.html
oops, I was right (kinda).
I don't think we're going to put the genie back in the bottle, despite
the best efforts of some IETFers.
I just wish the IETF would acknowledge this and go ahead and def
Patrick W. Gilmore wrote:
Verizon != VeriSign, despite what people think.
A single provider doing this is not equivalent to the root servers
doing it. You can change providers, you can't change "." in DNS.
Charter has been doing this for quite some time. If you have
security/network/diag
On Nov 4, 2007, at 1:52 AM, Christopher Morrow wrote:
On 11/3/07, Allan Liska <[EMAIL PROTECTED]> wrote:
I know this is just anecdotal, but I have Verizon FIOS in Northern
Virginia and I have not seen sitefinder pop up. I just verified
with a
few sites to make sure.
http://www.irbs.net/i
On 11/3/07, Allan Liska <[EMAIL PROTECTED]> wrote:
>
> I know this is just anecdotal, but I have Verizon FIOS in Northern
> Virginia and I have not seen sitefinder pop up. I just verified with a
> few sites to make sure.
>
http://www.irbs.net/internet/nanog/0607/0139.html
oops, I was right (ki
I know this is just anecdotal, but I have Verizon FIOS in Northern
Virginia and I have not seen sitefinder pop up. I just verified with a
few sites to make sure.
allan
On Nov 3, 2007, at 11:40 PM, David Lesher wrote:
www.consumeraffairs.com/news04/2007/11/verizon_search.html
November
www.consumeraffairs.com/news04/2007/11/verizon_search.html
November 3, 2007
Subscribers to Verizon's high-powered fiber-optic Internet service
(FiOS) are reporting that when they mistype a Web site address, they
get redirected to Verizon's own search engine page -- even if they
don't have
45 matches
Mail list logo