lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F68E3C2.4060704@ucalgary.ca>
Date: Wed, 17 Sep 2003 16:44:18 -0600
From: "D. Ian Miller" <miller@...lgary.ca>
To: Jose Nazario <jose@...key.org>
Cc: Thor Larholm <thor@...x.com>, list@...ield.org, bugtraq@...urityfocus.com,
   NTBugtraq <NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>,
   full-disclosure@...ts.netsys.com
Subject: Re: Verisign abusing .COM/.NET monopoly, BIND releases new


FYI ... looks like Verisign has pulled the wildcard A record as we have 
not patched but invalid domain searches no longer go to verisign ... 
sitefinder-idn.verisign.com is no longer responding to queries ... maybe 
someone got the message ... wonder how they will explain this one ...

Jose Nazario wrote:

>a number of options exist to help you remedy this issue:
>
>	- bind 9.2.3rc2 supports "delegation-only", stopping some
>	  wildcard implementations from making any difference
>
>if you simply want to stop traffic getting there (they are running a
>website and a partially functional MTA on that IP):
>
>	- you can BGP null route this
>	  http://www.merit.edu/mail.archives/nanog/msg13715.html
>
>	- cisco's NBAR functionality may be used to detect and block those
>	  reply packets from coming in by looking for the response from
>	  the nameservers.
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e2/nbar2e.htm
>
>note that this wont stop the query from reaching verisign, it will just
>stop you from going to that IP. however, for some enforcing network
>privacy concerns, that may be worthwhile.
>
>hope this helps,
>
>___________________________
>jose nazario, ph.d.			jose@...key.org
>					http://monkey.org/~jose/
>
>  
>

-- 
=======================================
D. Ian Miller                      }8-)
Systems Analyst
Information Technologies
University of Calgary
W: 403.220.8643
M: 403.605.9856



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ