[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F68E3C2.4060704@ucalgary.ca>
Date: Wed, 17 Sep 2003 16:44:18 -0600
From: "D. Ian Miller" <miller@...lgary.ca>
To: Jose Nazario <jose@...key.org>
Cc: Thor Larholm <thor@...x.com>, list@...ield.org, bugtraq@...urityfocus.com,
NTBugtraq <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>,
full-disclosure@...ts.netsys.com
Subject: Re: Verisign abusing .COM/.NET monopoly, BIND releases new
FYI ... looks like Verisign has pulled the wildcard A record as we have
not patched but invalid domain searches no longer go to verisign ...
sitefinder-idn.verisign.com is no longer responding to queries ... maybe
someone got the message ... wonder how they will explain this one ...
Jose Nazario wrote:
>a number of options exist to help you remedy this issue:
>
> - bind 9.2.3rc2 supports "delegation-only", stopping some
> wildcard implementations from making any difference
>
>if you simply want to stop traffic getting there (they are running a
>website and a partially functional MTA on that IP):
>
> - you can BGP null route this
> http://www.merit.edu/mail.archives/nanog/msg13715.html
>
> - cisco's NBAR functionality may be used to detect and block those
> reply packets from coming in by looking for the response from
> the nameservers.
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e2/nbar2e.htm
>
>note that this wont stop the query from reaching verisign, it will just
>stop you from going to that IP. however, for some enforcing network
>privacy concerns, that may be worthwhile.
>
>hope this helps,
>
>___________________________
>jose nazario, ph.d. jose@...key.org
> http://monkey.org/~jose/
>
>
>
--
=======================================
D. Ian Miller }8-)
Systems Analyst
Information Technologies
University of Calgary
W: 403.220.8643
M: 403.605.9856
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists