Study Reveals How ISPs Responded to SiteFinder

penciling_in writes "During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals the details and analysis, including specific networks disabling Site Finder during its operational period. For example, the study reports China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs have been slower to act, but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23." That link is a summary; or cut straight to the study itself.

wonder of wonders

[Anonymous Coward]

what are the chances - using the search page that comes up at the verisign site to search for "register" we find at the top of the
list a link to networksolutions.com (a verisign company). we also note that searching for the same word at google does not result in that site being present in at least the first four pages of results.

yeah - thats a real useful search tool verisign has there - thanks so much.

good to see someone doing something

[intermodal]

while I'm not a general fan of censorship, I don't see this as censorship. This was simply sitefinder's overlords abusing their position. Freedom of speech does not mean that you're free to make everyone listen. Same goes for network traffic. This is no different from me adding doubleclick.net in my /etc/hosts pointing to 127.0.0.1 in that I don't want to hear what they have to say, same goes for sitefinder.

Re:AAARRRGGG!!!

[SnowWolf2003]

Verisign can provide this service if they want. But they mustn't try and force me to use it. They could easily offer a browser plug-in that will do the same thing, that people can download and install if they find it usefull. But don't go trying to force everyone to use your service, and break the way the internet functions in the process, without even consulting anyone first.

That is not the point

[Perianwyr Stormcrow]

It breaks infrastructure solutions that people have been using for years and work very well. That is reason enough for it to die, all other considerations aside.

Re:AAARRRGGG!!!

[RevMike]

I don't get the big deal with this. OK, Verisign isn't the best company on the planet (I can think of one Utah based one that's much worse, and don't get me started on Redmond...), but this is insane.

OK, so maybe they're taking a bit of traffic away from Google or someone like that. Big deal. They setup a "search engine" for people to use. People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.

If it just handled a malformed url in a web browser, it would not have been a big deal. The problem is that DNS doesn't know why you want the address.

For example, if you sent an email and mistyped the address, your MTA would attempt to send that email to verisign's sitefinder servers. That means that verisign had the opportunity to read a large percentage of the misaddressed email on the internet. Do you want to give them that opportunity? Would you let the publishers of a phone book (very often not the phone company) automatically listen to every call that you misdialed?

There may be room for a service like this, but it can't break existing expectations.

shared ".com" is the problem

[bmedwar]

the problem here is the idea of a shared public asset in ".com" with VeriSign as the maintainer. This is a broken idea from the start. Instead there should be ".vs" for VeriSign and ".gd" for GoDaddy. Then it is clear that these companies wholly own these root domains and they can do anything they want with them.

Re:AAARRRGGG!!!

[Xerithane]

I don't get the big deal with this. OK, Verisign isn't the best company on the planet (I can think of one Utah based one that's much worse, and don't get me started on Redmond...), but this is insane.

They, in effect, registered every unregistered domain and pointed it towards their SiteFinder service. If you take into account the cost of registering all those domains, and how many there are (several trillion combinations, I would assume) they just "stole" service from every other .com register.

That's one argument.

Another argument is this. And this is real world, and it happened to me. I was setting up a host for a friends wife. She has two domain names, and needed DNS and email. I setup DNS, email, and verify that it works by doing a quick "ping" even though the host was down. So, I ping her domain, expecting it to resolve and have the icmp packets timeout. Well, it resolved, and with a different IP address. So, forgetting about this SiteFinder nonsense, I go back in and try to figure out how in the hell that was happening. It dawned on me 30 minutes later that my resolv.conf wasn't pointing at my DNS server, but my upstream, and the registrar hadn't refreshed. Verisign was reporting that domain belonged to the SiteFinder IP because it didn't clear registration yet.

People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.

You obviously don't know what a 404 means. 404 means that the server exists, but the document isn't found. This is replacing non-existent domains. Two totally different things.

I see a bit of a problem...

[doubleyewdee]

As far as I know, Alexa doesn't monitor for 'dns lookup failures.' If that's the case then I think this number is way off. About the 22nd or so a lot of people were deploying BIND patches to block this nonsense, and I'm not sure Alexa is registering that. I think their numbers reflect only the ISPs which actually null-routed the sitefinder IP, not ISPs that patched their nameservers.

Correct me if I'm wrong, though.

Re:Wasted some of my time

[The One KEA]

That's precisely the sort of thing that people were upset about. By removing the NXDOMAIN response from the .com and .net domains, VeriSign managed to break things in very mysterious and diffcult-to-detect ways. DNS problems and spam were only part of the problem, as your example showed.

Let's just hope that VeriSign is prevented from ever breaking DNS like this again.

I second that: you can tell that was guesswork

[pr0ntab]

The study was trying it's best to explain why networks outside the US were blocking.

I think the argument that it brings up an English page only is reason enough to implement such a block, an insult added to injury of VeriSign abusing it's position.

Bandwidth may have been a factor too, but for a different reason: a negative response is preferable to a positive response because you have the same number of DNS packets either way, but the nasty part is the browser goes ahead and opens subsequently two HTTP connections (one for a location redirect, and one for the sitefinder page) into the US, which could be slower than the DNS error message timeout across a latent or slow link.

The guys in the study were parroting the 404 argument (without saying it explicitly), which is untrue. But they've got the right idea.

I was thinking about how the study could be improved, and I started wondering if there's some other way besides Alexa to get relevant data to analyze. It seemed a little sparse, which they acknowledged. Some ideas:

Perhaps google might be nice enough to provide sample data mined from google toolbar, which I think more people would voluntarily install than Alexa.

Or here's idea: contact owners of websites that are commonly accessed by name (slashdot, cnn, localized googles, weblogs, forums, etc.) and kindly request access_log data filtered by referer coming FROM sitefinder, along with requesting IP.

This way, you get inferential proof of when certain IP addresses hit sitefinder accidentally (and how they mispelled the site name), compatible with all but the most paranoid of webbrowser settings. I wonder if site destination correlates with number of sitefinder redirects vs. total traffic. (For example, slashdot might be quite low due to informed users taking local control of their machines via host files, etc.. while many CNN visitors are at the mercy of their ISP)

China...

[stuartkahler]

China blocked the traffic at its backbone

China blocks everything outside of it unless it feels there is a good reason to let it's people access it. Having a site show up on it's block list doesn't really say much.

Re:good to see someone doing something

[tomstdenis]

I think the point you guys are dancing around is that Verisign was *not entitled* to start SF in the first place.

It's like you stopping me from spray painting your car as "censorship"...

Tom

Re:good to see someone doing something

[platipusrc]

You're totally wrong. First of all, companies have no right to free speech. Secondly, since Verisign has a monopoly over the .com and .net TLDs, they do not have the same rights concerning certain things even when compared with other companies. Putting up SF was not an act of 'Free Speech' as you say, but rather a monopolistic abuse that was detrimental to many.

Let's assume that you watch Television. Would you like it if someone hijacked all of the unassigned channels and displayed whatever they wanted on those channels instead of what is normally on them (nothing)? Would you complain to your cable company if they rectified the situation by removing the hijacking and suing the hijacker?

Re:So it comes down to this

[vjzuylen]

In your dreams, maybe. Both Europe and Asia/Pacific region have about as much Internet users as Canada and the USA combined.