Study Reveals How ISPs Responded to SiteFinder 172
penciling_in writes "During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals the details and analysis, including specific networks disabling Site Finder during its operational period. For example, the study reports China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs have been slower to act, but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23." That link is a summary; or cut straight to the study itself.
Intresting preup? story (Score:5, Informative)
"service" (Score:1)
Spam Solution (Score:3, Interesting)
But there is(was) a solution, perhaps mail servers should check to see if the sender domain for a particular piece of email resolves to the Ip above.If it does, forward the email toVerisign, any of the email addresses on this page should do :
http://www.verisign.com/corporate/about/contact/in dex.html?sl=060104
If the email sender domain resolves to the bogus Verisign wildcard entry, then its only fair that the email gets forwarded back to them, as it?s obviously spam and it resolve
It never "worked" for me... (Score:1)
Re:It never "worked" for me... (Score:5, Informative)
No, everyone "uses" verisign. They control the database for the gTLDs .com and .net, so all nameservers everywhere on the internet listen to them. When a nameserver tries to resolve a name, it first goes to the root nameservers (A.ROOT-SERVERS.NET, B.ROOT-SERVERS.NET, etc. There's 13 of them. I believe verisign runs two of those, ISC (people that make BIND) run one, I'm not sure who else does). Verisign basically controls what those servers do. They added a wildcard entry for *.com - anything that's not specifically picked up by a registered domain will be connected to their sitefinder server.
We are an Educational Institution though, so that could be the reason.
Likely they just blocked it very quickly.
Root Servers have their own webpage :) (Score:2)
Re:It never "worked" for me... (Score:1)
Yup (Score:4, Funny)
The markets reacted as expected. I'm breathless.
In other news.... (Score:2)
Re:Yup (Score:1, Funny)
What does being a lamb have anything to do with moderation?
On the internet... (Score:3, Funny)
I disabled it immediately (Score:1, Interesting)
Re: (Score:1)
Re:Not worth the trouble (Score:3, Informative)
I can give you one reason:
All your mail with mistyped domains has been "rejected" (probably read by a marketing bot) by verisign.
That's gotta be worth at _least_ blacklisting the IP, never mind messing with the DNS servers.
Re:Not worth the trouble (Score:2)
wonder of wonders (Score:1, Insightful)
list a link to networksolutions.com (a verisign company). we also note that searching for the same word at google does not result in that site being present in at least the first four pages of results.
yeah - thats a real useful search tool verisign has there - thanks so much.
Re:wonder of wonders (Score:2)
#7 on the list searching for "register", the first link related to domain registration.
And of course, it doesn't even appear on the first page of google results...
good to see someone doing something (Score:5, Insightful)
Re:good to see someone doing something (Score:2)
Let's have an example, shall we?
FCC censors cut dirty words out of programming on broadcast TV, regardless of wheather or not the person on the other end wants to hear it. That is censorsh
Re:good to see someone doing something (Score:1)
A giant stride forward for the arts: (Score:1)
Belgium! (European readers may be excused for not getting the joke...)
Re:A giant stride forward for the arts: (Score:3, Funny)
6. To be obscene, material must meet a three-prong test...
I always figured by the time you got to three prongs, you'd gone way past "obscene" and were in hardcore country!
GTRacer
- Belgium? There's no need for such language!
Re:A giant stride forward for the arts: (Score:1)
Maybe he was using it in a Serious Screenplay?
Re:A giant stride forward for the arts: (Score:2, Funny)
Who approaches the Bridge of Death
Must answer me
These questions three!
Ere the other side he see.
Re:good to see someone doing something (Score:2)
SiteFinder is not a form of free expression. One can't possibly argue that preventing every damn misspelled hostname from returning an obnoxious webpage somehow infringes VeriSign's abi
Re:good to see someone doing something (Score:3, Insightful)
It's like you stopping me from spray painting your car as "censorship"...
Tom
It wasn't censorship. (Score:2)
It isn't like they were blocking it because the sitefinder page contained naughty words. They were censoring it because the damn service broke the Internet.
If I live next to a busy highway and decide to shine a mega-bright spotlight into oncoming traffic, that would completely mess up traffic and possibly kill a few people. If the cops come in and "censor" my spotlight, that's a good thing, right?
Censorship [cambridge.org] is removing objectionable, or unsuitable content. Preventing someone from shouting "Fire!"
Re:It wasn't censorship. (Score:2)
I fail to see that there's anything crystal clear about most peoples definition of censorship, or the one you linked to.
Saying that something "causes damage" is no excuse for it. Do yo
Re:good to see someone doing something (Score:1)
One could, for example, call running your lawnmower freedom of speech. Try doing it at 3:00 am. You won't be told to stop because of censorship. You'll be told to stop because you're disturbing the peace and preventing the lawful enjoyment of people's own property.
This is the same thing. Versign could certainly keep sitefinder.verisign.com running, *but* when they added all that noise, they disturbed the peace of
Re:good to see someone doing something (Score:2)
Hmmm, sounds like the rows of trees planted facing the highway to obstruct the view of junkyards.
One junked car on the front lawn is quaint and picturesque. A lot of them on one lawn or one each on a lot of lawns is an eyesore. If there is suddenly a lot of junk, somebody is a position to do something about it is likely to do something about it.
To my mind, one unsolicited commercial advertisement email is not spam. Spam is the unrelentin
Re:good to see someone doing something (Score:2)
Take a look at AOL. They block emails coming from certain servers and drop them in the bit bucket, never even allowing them to hit the "spam" folder of their users. Also a wrong approach. Sure, maybe 99% of the mail is somethi
Re:good to see someone doing something (Score:2, Insightful)
Let's assume that you watch Television. Would you like it if someone hijacked all of the unassigned channels and displayed whatever they wanted
My solution... (Score:2)
So it comes down to this (Score:5, Interesting)
Looking through the study, I found something interesting: most of the blockages of SiteFinder were outside the U.S. Interesting.....
Re:So it comes down to this (Score:2, Informative)
Re:So it comes down to this (Score:2, Funny)
Re:So it comes down to this (Score:2)
Re:So it comes down to this (Score:3, Insightful)
Re:So it comes down to this (Score:2)
Re:So it comes down to this (Score:1)
Adelphia? (Score:2, Informative)
No, they did not, at least not nationwide. I was checking it literally everyday. It kept screwing with my DNS requests. Unless they mean those 4 hours I was offline on the 22nd, they did not disable sitefinder on my dns servers.
Re:Adelphia? (Score:1)
Denmark (Score:5, Interesting)
More useful (Score:5, Funny)
Umm (Score:3, Informative)
I second that: you can tell that was guesswork (Score:3, Insightful)
I think the argument that it brings up an English page only is reason enough to implement such a block, an insult added to injury of VeriSign abusing it's position.
Bandwidth may have been a factor too, but for a different reason: a negative response is preferable to a positive response because you have the same number of DNS packets either way, but the nasty part is the browser goes ahead and opens subsequently two HTTP co
Re:I second that: you can tell that was guesswork (Score:2)
Re:I second that: you can tell that was guesswork (Score:2)
Common misspellings... (Score:1)
Re:Umm (Score:2)
2. That Site Finder pages are larger than ordinary error messages and therefore slower and more costly to transmit
They did say that there was a message returned though, impying a dns error message.
Re:Umm (Score:2)
Pretty much the same net result:
Without site finder, 1 DNS request comes back with a NAK... No other net access.
With site finder, 1 DNS request gets a bogus ACK followed by an annoying page (in english to boot).
For my part, the site finder was probematic because I had a xcript that set up a service for various boxes, but (as a sanity check) would ping the box f
Wasted some of my time (Score:5, Interesting)
Re:Wasted some of my time (Score:3, Insightful)
Let's just hope that VeriSign is prevented from ever breaking DNS like this again.
Less mysterious, yet very annoying breakage... (Score:3, Interesting)
*mumble*
I'm just glad that was the worst that happened to me before this "service" got blocked here. I feel for the grandparent.
Re:Wasted some of my time (Score:2)
They still are in business, and ICANN has not really done anything in the way of harsh punishment, nor has the question seriously been raised of handing over authority to anyone else.
So I don't see where your hope stems from. Verisign retains the ability to do what they want. I expect this incident to help VS understand what they can get away with, and I expect them to do something else that is more within the gray area,
Re:Wasted some of my time (Score:3, Interesting)
NSI/Verisign violated agreements by charging for domains in the first place; NSI/Verisign charged an "illegal tax" on domain registrants and stole millions of dollars; Verisign strong-armed the community by almost-monopolizing the SSL Cert business and charging outrageous prices; ICANN made a total mess out of t
Sad News, Sitefinder dead at 2 weeks (Score:5, Funny)
Re:Sad News, Sitefinder dead at 2 weeks (Score:2)
The reason Verisign shut down the services is because it was becoming obvious that eventually the entire Internet was going to block their unethical traffic theft, and the community was fed up with their antics.
ICANN had NOTHING to do with this. ICANN needs to be dissolved and replaced b
Re:Sad News, Sitefinder dead at 2 weeks (Score:2)
Hey, you're right! It is dead! [64.94.110.11]
(Oh, damn.... I blocked it with iptables, too)
Good riddance.. (Score:1)
Now that it is gone, lets hope it stays there. There is no reason to violate the RFCs as they did here.
shared ".com" is the problem (Score:2, Insightful)
Re:shared ".com" is the problem (Score:2)
Instead there should be ".vs" for VeriSign and ".gd" for GoDaddy.
Then you have a problem similar to the recent controversy about cell phones... lack of address (number, URL, etc.) portability. Changing providers causes more hassles than the benefit of ditching your old company, thus locking the customer in.
Re:shared ".com" is the problem (Score:1)
Re:shared ".com" is the problem (Score:1)
I see a bit of a problem... (Score:3, Insightful)
Correct me if I'm wrong, though.
Not a problem (Score:1)
In general, we look for a drop-off in Site Finder page views. So if Site Finder page views were high from a given ISP, then dropped off dramatically and suddenly, we notice this and classify the ISP as blocking Site Finder as of the corresponding date. It doesn't matter whether Alexa's other log data shows the dns-lookup-failure'd domains as msn logs, as dns looku
Re:Not a problem (Score:1)
All the same, a nearly 10% drop-off in sitefinder 'use' within two weeks is pretty phenomenal. I think as time went on and this caused more problems for people, you'd see those numbers go up. Hopefully we'll never find out.
Thanks
Telenor (Score:3, Interesting)
This is a company that isn't exactly the most liked in Norway, but I was very pleased with their handling of the problem and the responses.
And it shows that most admins are not willing to tolerate absurd changes like this.
How I responded to it (Score:3, Interesting)
When the first BIND patch with delegation-only rolled out, that went on our resolvers and the real problem went away. Now the spammers couldn't make up arbitrary crap in
Anyone in the organization who heard about the fuss and tried to play with sitefinder had a window of about 12 hours before the changes took effect. Since then, it's been walled off.
Chances are, the bigger the organization is, the slower they move on changes like this. There's just too much bureaucracy to go through before you can do something like replacing your resolvers with new code.
Re:How I responded to it (Score:2)
But it seems like you chose to do additional work, which always runs the risk of breaking something. The Sitefinder service didn't actually damage any of your users, did it? It didn't actually redirect them to any inappropriate sites; it just made suggestions. And in the end, it's unnecessary; ICANN got them to stop it.
You're right that replacing your resolvers and such i
Speakeasy (Score:1)
China... (Score:2, Insightful)
China blocks everything outside of it unless it feels there is a good reason to let it's people access it. Having a site show up on it's block list doesn't really say much.
Re:China... (Score:2)
If they can block everything incoming they don't like, why can't they block everything outspewing WE don't want?
Re:China... (Score:1)
Good to see some internet "street justice" (Score:2)
Had to drop in new bind (Score:2)
Criminal Skills (Score:5, Interesting)
My personal solution was to add it to my junkbuster config, so it would never show, and never register as a hit on their web page.
Adelphia (Score:2, Informative)
My solution for my small ISP (Score:4, Interesting)
Like I said, we're a really small ISP, but it appears we caught 281 typo's (excluding anything that was referred from Slashdot).
It's pretty amazing to look at the common sites that folks typo.
Verisign Conference (Score:2, Funny)
Please join VeriSign for a one-hour, informative Web seminar -- "Internet Security Intelligence Briefing--Evolving Trends in Internet Usage" on Tuesday, October 14, 2003, 11 AM PT, 1 PM CT, 2 PM ET.
I couldn't stop laughing for ages!
Re:Disturbing (Score:2, Interesting)
Re:Disturbing (Score:2, Interesting)
Re:Disturbing (Score:2, Interesting)
When you have a company in that position... with the ability to easily use a position for an obvious gain, and with a grey area of what's right and wrong (grey to them, not to us.) I think that it's very likely they will try to get as much out of their investment into the
Re:AAARRRGGG!!! (Score:4, Insightful)
Re:AAARRRGGG!!! (Score:1)
That is not the point (Score:4, Insightful)
Re:AAARRRGGG!!! (Score:4, Insightful)
For example, if you sent an email and mistyped the address, your MTA would attempt to send that email to verisign's sitefinder servers. That means that verisign had the opportunity to read a large percentage of the misaddressed email on the internet. Do you want to give them that opportunity? Would you let the publishers of a phone book (very often not the phone company) automatically listen to every call that you misdialed?
There may be room for a service like this, but it can't break existing expectations.
Re:AAARRRGGG!!! (Score:5, Insightful)
They, in effect, registered every unregistered domain and pointed it towards their SiteFinder service. If you take into account the cost of registering all those domains, and how many there are (several trillion combinations, I would assume) they just "stole" service from every other
That's one argument.
Another argument is this. And this is real world, and it happened to me. I was setting up a host for a friends wife. She has two domain names, and needed DNS and email. I setup DNS, email, and verify that it works by doing a quick "ping" even though the host was down. So, I ping her domain, expecting it to resolve and have the icmp packets timeout. Well, it resolved, and with a different IP address. So, forgetting about this SiteFinder nonsense, I go back in and try to figure out how in the hell that was happening. It dawned on me 30 minutes later that my resolv.conf wasn't pointing at my DNS server, but my upstream, and the registrar hadn't refreshed. Verisign was reporting that domain belonged to the SiteFinder IP because it didn't clear registration yet.
People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.
You obviously don't know what a 404 means. 404 means that the server exists, but the document isn't found. This is replacing non-existent domains. Two totally different things.
more comple net config debugging (Score:2)
Also they will have lit up the eyes on all the accountants of the big ISPs, who probably think "we should do that" -how long before earthlink and MSN copy? They would be able to do that -its their serv
Re:AAARRRGGG!!! (Score:2)
Debugging skills are for coding. This would be "troubleshooting"
I'm not pissed, I'm irritated that instead of getting a "Host not found message" it was resolving to an incorrect IP address.
This violates the RFC.
Re:AAARRRGGG!!! (Score:2)
This was exactly my point. Thank you for wording it better than I.
Re:AAARRRGGG!!! (Score:2)
Dumbass. Nothing was malfunctioning. It was functioning exactly as it should have been given the current configuration. However, the configuration needed to be updated to reflect a different setting.
At least you are posting AC so nobody can see how stupid you really are.
Re:AAARRRGGG!!! (Score:5, Interesting)
Well, when people code DNS clients and librarys, they generally do so by following the RFC.
The RFC states that when a domain does not exist, the name server returns the code NXDOMAIN.
So, logically, if you get a NXDOMAIN code back, the domain does not exist.
Verisign changed this RFC defined rule, and every single DNS using application is now broken, as they assume the information in the RFC spec is correct, and it is not so any longer.
There are many different things that broke because of this, which as an end-user of the internet you probably wont notice much of.
People that run service on the internet however do need to know how such servers are suppost to act. Verisign changed the rules without so much as telling anyone.
RFC stands for request for comments. You submit one, and _request comments_
Only after that phase is the RFC out of draft and so people start concidering to use it. This is how a standard is born via RFC. Verisign did not submit a new RFC requeting a change to the original one.
It would be like a web server chaning the numerical error codes.
404 means page not found. 900 is not defined.
Sending a 900 code when page isnt found would break every existing client.
This is what verisign did for DNS
Verisign did break HTTP too (Score:3, Interesting)
This plays havoc with Web Services, that expect 200+text/xml on a successful response. The SOAP Stacks either died on the 302 error code (Apache Axis), or the HTML body (MS
Re:AAARRRGGG!!! (Score:2)
Not really. While you wouldn't get the correct error message, as long as you are using a browser written well, you would still get an error. It does not have the effect of returning pages where no pages exist.
Re:AAARRRGGG!!! (Score:2)
Re:AAARRRGGG!!! (Score:2)
The Domain Name System is STD13 (currently RFC 1034, but when this RFC is obsoleted by a new one, the DNS STD number remains the same). Note that STD stands for "standard".
(Not that the boat load of RFCs are not labeled "STD" don't describe standards. For the most part they do, even though there are some RFCs that simply no-one implements.)
Re:AAARRRGGG!!! (Score:1)
You are exactly correct. You obviously do not get the big deal of this. It is a big deal. I suspect you need to read all the +4 and +5 moderated posts in this and all other related articles Slashdot. Then go read up on RFCs 811 [ohio-state.edu] and 1034 [ohio-state.edu]
Re:AAARRRGGG!!! (Score:2)
Why? Because I don't understand why this is a big deal? As I've already said, I understand Verisign isn't that great of company, but, what is so damn wrong with them "filling in the wholes" (so to speak)? Fine, OK, I get the fact that they don't own the world. I get that. This is about the absence of a user typing something right and someone trying to help them out. What the hell is wrong with that?
And please don't start on t
Verisign is helping itself, not users (Score:3, Informative)