----- Forwarded message from Joel Baker <fenton@xxxxxxxxxx> -----
Subject: Re: Debian + Verisign's .com/.net hijack
From: Joel Baker <fenton@xxxxxxxxxx>
Date: Fri, 19 Sep 2003 10:10:46 -0600
On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote:
> On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> > They've put a wildcard DNS entry for .com and .net to resolve to their
> > product called "SiteFinder" which offers a IE/MSN like "Did you mean
> > to type ...." services.
> > So any domain that doesn't exist, or in the PENDING/DELETE states, or has
> > no nameservers associated with it, now resolves.
> Ah, so what would happen if many thousands of people ran pings
> and other things against nonexistant names?
There is some evidence (from NANOG) that something much more beautifully
subtle and ironic is happening in a similar vein:
1) Take standard-issue Windows 2000 or XP host with a default configuration
(to wit, 'append domain when searching for host' - unline the BIND
resolver, this is tried *before* the straight name).
2) Set the domain name to 'thiscompanydoesnotexist.com' or some similar
value (must be .com/.net, and not actually exist).
3) Do a lookup on 'windowsupdate.com' - it tries to lookup
'windowsupdate.com.thiscompanydoesnotexist.com' (using the example domain
above). Returns VeriSign's A record.
And now, the payoff...
4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at
Microsoft, VeriSign, and MS Blaster - three great tastes that go great
together! (Well, okay, three really nasty tastes that cause a beautifully
elegant reprisal against stupidity.)
Joel Baker <fenton@xxxxxxxxxx> ,''`.
Debian GNU NetBSD/i386 porter : :' :
----- End forwarded message -----
In parole povere: e` una puttana o un coglione?