Verisign Abuse

I was just over at Slashdot, and it looks like Verisign has gone forward with it's plan to Abuse DNS resolutions. For everyone's edification, locate your hosts file and add the line:

That IP will redirect to Google which was my choice, but feel free to redirect to the site of your choosing. Verisign can't win that easy.

That's low. I sent mine to DirectNIC:

I think it is time to organize a DDOS, mabye I will try.

All we simply do is all use incorrect domains that will trigger it, I wonder how many people we can get to do it all at once.

I think this really sucks.... it hasnt reached Australia yet though... if I enter an invalid address Mozilla still spits it out.

Was reading on /. that MSN would most likely be really annoyed at this since IE's search feature that appears when invalid addresses are entered will be rendered useless.

So should we expect Microsoft to purchase Verisign in the next
few months?

I would not be at all surprised.

Some people brought up a good point about MTAs and Spam filters being fragged by this. Think about it - if I send e-mail to somedomian.com (not the misspelling), it will succesfully deliver to the verisign IP which is running an SMTP server on port 25. The message will then bounce off them. They can collect e-mails as the bounces occur, PLUS, it breaks the MTAs second attempt because it will think that it has successfully resolved a domain and delivered the message. On top of that, what about spam filters that rely on resolving headers to valid IPs? A bunch of faked headers will "properly" resolve to the catch-all IP and allow spam through on the belief that the message came from a valid sender.

DNS caching, MTAs, and spam filters all need to be patched against this BS now and will remain broken until they do.

It truly sickens me to see just what modern capitalism can do to anything it touches. Marketers, sales people, and management are just never happy until they've ruined things for everyone else.... I hope ICANN (contact them: comments@icann.org) and the government create a severe backlash and utterly destroy these fools for good... but I'm not holding my breath.

[edit]
Here's some good explanation on the matter. Particularly, see the 2nd and 3rd follow-ups to this post:

http://gnso.icann.org/mailing-lists...a/msg00309.html
[/edit]

[edit2]
Andreas - btw... you're probably seeing cached results. If you use 'host' to query an authoritative nameserver directly you'll see the ****ed verisign ip
[/edit]

i currently can not access msn.com..

when i goto msn.com i got 207.68.173.254 which is one ofht verisign ips!

??

A quick nslookup shows that www.msn.com is 207.68.173.254

((BTW.. I'm stuck on a WinNT box atm - hence my archaic network tools))

SpamAssasin FYI

http://www.merit.edu/mail.archives/nanog/msg13665.html

And this is only the beginning. Every IT that has to work to fix
whatever they broke on us, log your man-hours so we can
charge them later in a lawsuit

I don't have SpamAssassin or anything, but is there a way to see if the address goes back to sitefinder.verisign.com and deny it?

I have gone as far as denying all of Yahoo... it's just plain annoying.

Yes, if there is any unresolved .com or .net domain.

So is Verisign run by a Darl McBride clone or something Or maybe the other way around.

Verisign has an uncanny ability to upset users, beginning with their spamming their users when they were the only domain game in town, to their deceptive to the point of fraudulent domain renewal mailings to domains that weren't registered through them, and now this.

Yecch.

so verisign wud be the dumptards.. that sent me a letter that domain renewal is 26.99 or some crap 1 week before my registrar OpenSRS did.. ??