[rescue] The Verisign Exploit
Sheldon T. Hall
shel at cmhcsys.com
Wed Sep 17 15:58:06 CDT 2003
I suppose you all know that Verisign has, essentially, hijacked the DNS
protocol, and now any otherwise-unassigned .com or .net domain name resolves
to 64.94.110.11. Unless you have today's patch for BIND, it seems all
mistyped browser addresses end up on a Verisign page.
This not only affects browsers, but e-mail, and breaks anti-spam measures
that refuse mail that arrives with an otherwise-unresolvable "From" domain.
Although they resolve it, they don't answer pings ...
foo $ ping whatabunchoffsckinggarbage.com
Pinging whatabunchoffsckinggarbage.com [64.94.110.11] with 32 bytes of data:
Request timed out.
^C
foo $
They do answer to "telnet whatabunchoffsckinggarbage.com 25", though.
And my question is ... where can I get a patched version of BIND for Solaris
7, one that will install with the fewest hassles?
-Shel
More information about the rescue
mailing list