[CLUE-Tech] How to Thwart Verisign's Latest DNS Trickery
Jed S. Baer
thag at frii.com
Mon Sep 15 21:22:06 MDT 2003
Hi Folks.
Probably a few of you have seen this story on /. already, but I'd like to
hear any suggestions for blocking such behavior.
http://slashdot.org/article.pl?sid=03/09/16/0034210&mode=nested&tid=126&tid=95&tid=98&tid=99
<quote>
As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep
2003 as I write this), VeriSign added a wildcard A record to the .COM and
.NET TLD DNS zones. The IP address returned is 64.94.110.11, which
reverses to sitefinder.verisign.com. What that means in plain English is
that most mis-typed domain names that would formerly have resulted in a
helpful error message now results in a VeriSign advertising opportunity.
For example, if my domain name was 'somecompany.com,' and somebody typed
'soemcompany.com' by mistake, they would get VeriSign's advertising.
</quote>
It's pretty intermittent, right now. I've tried several phony domains,
including random typing, and deliberate mistypes. Here's an example:
$ lynx --mime-header http://www.jfgsdjklfgdjasfhgdusgfo.com/
HTTP/1.1 302 Found
Date: Tue, 16 Sep 2003 03:12:58 GMT
Server: Apache
Location:
http://sitefinder.verisign.com/lpc?url=www.jfgsdjklfgdjasfhgdusgfo.com&host=www.jfgsdjklfgdjasfhgdusgfo.com
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
HREF="http://sitefinder.verisign.com/lpc?url=www.jfgsdjklfgdjasfhgdusgfo.
com&host=www.jfgsdjklfgdjasfhgdusgfo.com">here</A>.<P>
</BODY></HTML>
$ host www.jfgsdjklfgdjasfhgdusgfo.com
www.jfgsdjklfgdjasfhgdusgfo.com has address 64.94.110.11
I can start using OpenNIC as my default nameserver, and set up Privoxy to
black-hole any verisign addresses. But is there anything else? If I were a
really 133t h4x0r, I'd hack DNS to always return addies for obnoxious
sites for any queries coming from Verisign/Network Polutions.
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list