[rescue] The Verisign Exploit

Patrick Giagnocavo +1.717.201.3366 patrick at zill.net
Wed Sep 17 16:18:39 CDT 2003


On Wed, Sep 17, 2003 at 04:58:06PM -0400, Sheldon T. Hall wrote:
> I suppose you all know that Verisign has, essentially, hijacked the DNS
> protocol, and now any otherwise-unassigned .com or .net domain name resolves
> to 64.94.110.11.  Unless you have today's patch for BIND, it seems all
> mistyped browser addresses end up on a Verisign page.
> 
> This not only affects browsers, but e-mail, and breaks anti-spam measures
> that refuse mail that arrives with an otherwise-unresolvable "From" domain.


Don't need that.  Just add an entry to /etc/hosts for
sitefinder.verisign.com that redirects to localhost or a site of your
choice.  For multiple people that are using your DNS, make yourself
authoritative for that FQDN and serve up whatever you want in its stead.



More information about the rescue mailing list