lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Sep 2003 16:44:18 -0600 From: "D. Ian Miller" <miller@...lgary.ca> To: Jose Nazario <jose@...key.org> Cc: Thor Larholm <thor@...x.com>, list@...ield.org, bugtraq@...urityfocus.com, NTBugtraq <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>, full-disclosure@...ts.netsys.com Subject: Re: Verisign abusing .COM/.NET monopoly, BIND releases new FYI ... looks like Verisign has pulled the wildcard A record as we have not patched but invalid domain searches no longer go to verisign ... sitefinder-idn.verisign.com is no longer responding to queries ... maybe someone got the message ... wonder how they will explain this one ... Jose Nazario wrote: >a number of options exist to help you remedy this issue: > > - bind 9.2.3rc2 supports "delegation-only", stopping some > wildcard implementations from making any difference > >if you simply want to stop traffic getting there (they are running a >website and a partially functional MTA on that IP): > > - you can BGP null route this > http://www.merit.edu/mail.archives/nanog/msg13715.html > > - cisco's NBAR functionality may be used to detect and block those > reply packets from coming in by looking for the response from > the nameservers. >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e2/nbar2e.htm > >note that this wont stop the query from reaching verisign, it will just >stop you from going to that IP. however, for some enforcing network >privacy concerns, that may be worthwhile. > >hope this helps, > >___________________________ >jose nazario, ph.d. jose@...key.org > http://monkey.org/~jose/ > > > -- ======================================= D. Ian Miller }8-) Systems Analyst Information Technologies University of Calgary W: 403.220.8643 M: 403.605.9856 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists