Study Reveals How ISPs Responded to SiteFinder 172
penciling_in writes "During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals the details and analysis, including specific networks disabling Site Finder during its operational period. For example, the study reports China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs have been slower to act, but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23." That link is a summary; or cut straight to the study itself.
I disabled it immediately (Score:1, Interesting)
So it comes down to this (Score:5, Interesting)
Looking through the study, I found something interesting: most of the blockages of SiteFinder were outside the U.S. Interesting.....
Denmark (Score:5, Interesting)
Re:Disturbing (Score:2, Interesting)
Wasted some of my time (Score:5, Interesting)
Telenor (Score:3, Interesting)
This is a company that isn't exactly the most liked in Norway, but I was very pleased with their handling of the problem and the responses.
And it shows that most admins are not willing to tolerate absurd changes like this.
Re:AAARRRGGG!!! (Score:5, Interesting)
Well, when people code DNS clients and librarys, they generally do so by following the RFC.
The RFC states that when a domain does not exist, the name server returns the code NXDOMAIN.
So, logically, if you get a NXDOMAIN code back, the domain does not exist.
Verisign changed this RFC defined rule, and every single DNS using application is now broken, as they assume the information in the RFC spec is correct, and it is not so any longer.
There are many different things that broke because of this, which as an end-user of the internet you probably wont notice much of.
People that run service on the internet however do need to know how such servers are suppost to act. Verisign changed the rules without so much as telling anyone.
RFC stands for request for comments. You submit one, and _request comments_
Only after that phase is the RFC out of draft and so people start concidering to use it. This is how a standard is born via RFC. Verisign did not submit a new RFC requeting a change to the original one.
It would be like a web server chaning the numerical error codes.
404 means page not found. 900 is not defined.
Sending a 900 code when page isnt found would break every existing client.
This is what verisign did for DNS
How I responded to it (Score:3, Interesting)
When the first BIND patch with delegation-only rolled out, that went on our resolvers and the real problem went away. Now the spammers couldn't make up arbitrary crap in
Anyone in the organization who heard about the fuss and tried to play with sitefinder had a window of about 12 hours before the changes took effect. Since then, it's been walled off.
Chances are, the bigger the organization is, the slower they move on changes like this. There's just too much bureaucracy to go through before you can do something like replacing your resolvers with new code.
Spam Solution (Score:3, Interesting)
But there is(was) a solution, perhaps mail servers should check to see if the sender domain for a particular piece of email resolves to the Ip above.If it does, forward the email toVerisign, any of the email addresses on this page should do :
http://www.verisign.com/corporate/about/contact/i
If the email sender domain resolves to the bogus Verisign wildcard entry, then its only fair that the email gets forwarded back to them, as it?s obviously spam and it resolves to their address.
Just in case Verisign turns it back on, be ready.
Criminal Skills (Score:5, Interesting)
My personal solution was to add it to my junkbuster config, so it would never show, and never register as a hit on their web page.
Re:Disturbing (Score:2, Interesting)
Less mysterious, yet very annoying breakage... (Score:3, Interesting)
*mumble*
I'm just glad that was the worst that happened to me before this "service" got blocked here. I feel for the grandparent.
Re:Disturbing (Score:2, Interesting)
When you have a company in that position... with the ability to easily use a position for an obvious gain, and with a grey area of what's right and wrong (grey to them, not to us.) I think that it's very likely they will try to get as much out of their investment into the
I'm sure trying this was seen as a measured risk for them, and now it's not paying off, much to their displeasure.
Verisign did break HTTP too (Score:3, Interesting)
This plays havoc with Web Services, that expect 200+text/xml on a successful response. The SOAP Stacks either died on the 302 error code (Apache Axis), or the HTML body (MS
My solution for my small ISP (Score:4, Interesting)
Like I said, we're a really small ISP, but it appears we caught 281 typo's (excluding anything that was referred from Slashdot).
It's pretty amazing to look at the common sites that folks typo.
Re:Wasted some of my time (Score:3, Interesting)
NSI/Verisign violated agreements by charging for domains in the first place; NSI/Verisign charged an "illegal tax" on domain registrants and stole millions of dollars; Verisign strong-armed the community by almost-monopolizing the SSL Cert business and charging outrageous prices; ICANN made a total mess out of the new TLD rollouts; ICANN pulled political deals that weren't in the best interest of the Internet community when they continued to allow NSI/Verisign to manage
The only way to teach these entities a lesson is to take away their power NOW!