erlug
[Top] [All Lists]

[Erlug] [fenton@xxxxxxxxxx: Re: Debian + Verisign's .com/.net hijack]

To: erlug@xxxxxxxxxxxxxx
Subject: [Erlug] [fenton@xxxxxxxxxx: Re: Debian + Verisign's .com/.net hijack]
From: Maurizio Lemmo - Tannoiser <tann@xxxxxxxxx>
Date: Mon, 22 Sep 2003 18:57:25 +0200
Ridere, please.

----- Forwarded message from Joel Baker <fenton@xxxxxxxxxx> -----

Subject: Re: Debian + Verisign's .com/.net hijack
From: Joel Baker <fenton@xxxxxxxxxx>
Date: Fri, 19 Sep 2003 10:10:46 -0600
To: debian-security@xxxxxxxxxxxxxxxx
User-Agent: Mutt/1.3.28i

On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote:
> On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> > They've put a wildcard DNS entry for .com and .net to resolve to their
> > product called "SiteFinder" which offers a IE/MSN like "Did you mean
> > to type ...." services.
> > 
> > So any domain that doesn't exist, or in the PENDING/DELETE states, or has
> > no nameservers associated with it, now resolves.
> 
> Ah, so what would happen if many thousands of people ran pings 
> and other things against nonexistant names?

There is some evidence (from NANOG) that something much more beautifully
subtle and ironic is happening in a similar vein:

1) Take standard-issue Windows 2000 or XP host with a default configuration
(to wit, 'append domain when searching for host' - unline the BIND
resolver, this is tried *before* the straight name).

2) Set the domain name to 'thiscompanydoesnotexist.com' or some similar
value (must be .com/.net, and not actually exist).

3) Do a lookup on 'windowsupdate.com' - it tries to lookup
'windowsupdate.com.thiscompanydoesnotexist.com' (using the example domain
above). Returns VeriSign's A record.

And now, the payoff...

4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at
it).

Microsoft, VeriSign, and MS Blaster - three great tastes that go great
together! (Well, okay, three really nasty tastes that cause a beautifully
elegant reprisal against stupidity.)
-- 
Joel Baker <fenton@xxxxxxxxxx>                                        ,''`.
Debian GNU NetBSD/i386 porter                                        : :' :
                                                                     `. `'
                                                                       `-





----- End forwarded message -----

-- 
In parole povere: e` una puttana o un coglione?
        -- Fogbank

<Prev in Thread] Current Thread [Next in Thread>