lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030917052818.GR28270@ifokr.org>
From: full-disclosure at ifokr.org (Brian Hatch)
Subject: Verisign abusing .COM/.NET monopoly, BIND releases new



> This is simply amazing, Verisign has just turned the .COM and .NET TLD
> DNS servers up-side-down for their own economical gain and, in doing so,
> disrupted network traffic for most of the Internet. Mail administrators
> who use any non-existant DNSBL to mark email as spam suddenly has all
> their mails deleted, people using localhost.localdomain.com on their
> servers for administrative purposes are scrambling to find out the cause
> of their problems and DNS problems arise everywhere as neg caching is
> essentially disabled and all DNS caches have to cache each and every
> randomly typed DNS query.
> 
> The BIND patch that prevents this should be released Wednesday.

I hate to muck with a DNS server to fix this problem.  And since
I prefer DJBDNS, a BIND patch wouldn't do me any good anyway.

Is it always returning the same IP address, or have any other
noticable characteristics?  If so I'd think we could set up
a firewall rule to drop all DNS replies that contain the
Verisign-be-damned IP address.  That'd protect everything,
regardless of name server or method of access (using
host/nslookup/etc manually.)


--
Brian Hatch                  "The universe is run by
   Systems and                the complex interweaving
   Security Engineer          of three elements: energy,
http://www.ifokr.org/bri/     matter, and enlightened
                              self-interest."
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030916/91d670b3/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ