| 
 
 
 
 |  | 
| Current Topic: Technology |  
 
| 
|  | PFIR Statement on VeriSign/NSI |  |  | 
|---|
 
| Topic: Technology | 11:37 pm EDT, Sep 16, 2003 |  | ] VeriSign/Network Solutions' recent actions to effectively] "hijack" all unused domain names in the ".COM" and ".NET"
 ] TLDs (Top Level Domains) for their "Site Finder" service,
 ] unilaterally and without prior warning or consultation
 ] with the Internet technical or policy communities,
 ] represents an arrogant and dangerous abuse of their
 ] vested, dominant, special position, and have vast policy,
 ] legal, and technical implications.
 Lauren Weinstein, Peter Neumann, and Dave Farber rip Verisign a new asshole. 'Bout damn time someone did it. This is an undercovered story. PFIR Statement on VeriSign/NSI  |  
 
 
| 
|  | Perl script to count 'Snubby' SMTP servers behind sitefinder-idn.verisign.com |  |  | 
|---|
 
| Topic: Technology | 6:03 pm EDT, Sep 16, 2003 |  | This is similar to my last script to count the number of servers operating the web clusters at sitefinder.verisign.com.  It works the same way.  The SMTP daemon gives its machine name in the banner.  By keeping track of what servers it sees, this script determines how many there are. When it runs, "+" means it saw a new server, "." means it saw a server again, and SIGINT (ctrl-c) makes it stop and print its report. At the time of writing this script, I was seeing 3 servers on the West Coast and 4 on the East Coast. Their SMTP rejector is _so_ broken.  This is really the most unclued RFC breaking peice of code I have ever seen put in such a place of importance.  Here is an easy way to display how stupid this peice of code is:  Telnet to the SMTP Rejector (telnet sitefinder-idn.verisign.com 25), after it connects and you see the banner, just hit enter five times.. [ Update:  This script no longer works..  They have replaced that SMTP server.  I have not taken a close look at the new one yet. ] Perl script to count 'Snubby' SMTP servers behind sitefinder-idn.verisign.com |  
 
 
| 
|  | Global fight looms for Net management | CNET News.com |  |  | 
|---|
 
| Topic: Technology | 10:57 am EDT, Sep 16, 2003 |  | ] A battle is brewing over the role of governments in] managing the Internet, as policymakers prepare for a
 ] United Nations-backed summit on the network's future.
 ]
 ]  Mohamed Sharil Tarmizi of the Internet Corporation for
 ] Assigned Names and Numbers (ICANN) said two camps are
 ] forming over the wording of a key article to be adopted
 ] at the World Summit on the Information Society  in
 ] December.
 ]
 ]  "Some governments are arguing that the management of
 ] things like  (Internet protocol) addressing, global
 ] domain names (and) privacy should be	done by an
 ] intergovernmental organization because they feel the
 ] Internet is a public resource, and they have
 ] responsibility over public  resources,'' said Mohamed
 ] Sharil, who is chairman of the government  advisory
 ] committee for ICANN, the body that governs Internet
 ] domain names.
 ]
 ]  "Then there are some governments who feel that the
 ] Internet should be  managed by an international body," he
 ] added. "International by definition means everyone is
 ] involved, from  governments to private sector and civil
 ] society. Whereas  intergovernmental gives an indication
 ] that only governments are  involved and not necessarily
 ] the people.''
 Global fight looms for Net management | CNET News.com |  
 
 
| 
|  | IAB to ICANN on VeriSign:  'the DNS is designed to provide authoritative answers to queries' |  |  | 
|---|
 
| Topic: Technology | 10:32 am EDT, Sep 16, 2003 |  | ] The IAB feels that the system VeriSign had deployed] for .com and .net contains significant DNS protocol
 ] errors, risks the further development of secure DNS,
 ] and confuses the resolution mechanisms of the DNS
 ] with application-based search systems.
 The Internet Architecture Board gives SiteFinder the thumbs down. ] The IAB has begun the process of shepherding the] creation of an Informational RFC on concerns with
 ] operational practices with the DNS. We anticipate
 ] discussing the issues raised in your notes in more
 ] detail as part of that document.  Given the scope of
 ] the issue, and our desire to ensure that it will have
 ] adequate review by the (DNS) operational community,
 ] we will be enlisting the help of the broader IETF
 ] community through relevant IETF working groups.
 ] In advance of that document, we have outlined below
 ] the issues with the VeriSign system which led us to
 ] the conclusion above.
 They are going to come up a set of SOPs for the NIC, and find a way to force VeriSign to obey them. IAB to ICANN on VeriSign:  'the DNS is designed to provide authoritative answers to queries' |  
 
 
| 
|  | Perl script to count number of servers behind sitefinder.verisign.com |  |  | 
|---|
 
| Topic: Technology | 7:36 am EDT, Sep 16, 2003 |  | I was grilling over the source code to the SiteFinder webpage looking at the Omniture Javascript and noticed a comment containing the name of the server that handled the request.  I wrote a little perl script to repeatedly hit the site, check the string for the server name, and track how many servers it sees. At the time I wrote this script, I was seeing 2 pools of 30 servers on the West Coast and 2 pools of 30 servers on the East Coast.  So, 120 servers in the US.  And thats just for sitefinder.verisign.com..  Might be a separate pool for the initial HTTP redirect engine (sitefinder-idn.verisign.com).  Both of the IPs are in the same ASN, but different subnets. Here is the server counting script.  When you run it "+" means it saw a new server, "." means it saw a server again, and SIGINT (ctrl-c) makes it stop and print out its report.  When you start seeing mostly .'s, hit ctrl-c.  Have a blast. [U:  Oh yeah, if they change the string it checks, this will not work..  ] Perl script to count number of servers behind sitefinder.verisign.com |  
 
 
| 
|  | Omniture - the leading provider of web analytics for large, complex sites |  |  | 
|---|
 
| Topic: Technology | 7:06 am EDT, Sep 16, 2003 |  | Omniture is handling the statistics gathering for VeriSign's SiteFinder.  These are the folks responsible for all those .2o7.net cookies you find in your browser.  SiteFinder has a big wad of JavaScript that makes a request to a domain under .2o7.net, like verisignwildcard.112.2o7.net with information about things like what plug-ins you have installed and how big your screen is.  It also sends cookies for any other site's you happen to have visited that Omniture is tracking. Omniture is now tracking hits to every nonexistent .com/.net domain thanks to Verisign. Omniture - the leading provider of web analytics for large, complex sites |  
 
 
| 
|  | Reuters | Verisign already under FTC watch |  |  | 
|---|
 
| Topic: Technology | 10:56 pm EDT, Sep 15, 2003 |  | ] U.S. regulators will make  sure Internet domain-name] seller VeriSign Inc provides refunds or free
 ] service to consumers it signed up in a  controversial
 ] marketing campaign last year, according to court
 ] documents filed late last week.
 How ironic.  This went over Reuters today. For those who don't remember..  VeriSign had a scam going on awhile back where they were sending fake "renewal" notices to people who's domain's they didn't host.  It was an effort to con people in to switching their domain's from other registrars. ] VeriSign agreed to provide refunds or a year of free] service to thousands of customers under a class-action
 ] settlement reached earlier this year in a California court.
 ] Friday's FTC settlement, in which the company did not
 ] admit or deny guilt, means that it could face steep fines
 ] if it resorts to such marketing tactics again.
 ] VeriSign must also allow the FTC to monitor its marketing] efforts for the next five years.
 Good.  I hope they are paying attention to today's events. Reuters | Verisign already under FTC watch |  
 
 
| 
|  | NANOG Mailing List | Change to .com/.net behavior |  |  | 
|---|
 
| Topic: Technology | 8:17 pm EDT, Sep 15, 2003 |  | From: Matt LarsonDate: Mon Sep 15 19:32:04 2003
 Subject: Change to .com/.net behavior
 Today VeriSign is adding a wildcard A record to the .com and .net zones.  The wildcard record in the .net zone was activated from 10:45AM EDT to 13:30PM EDT.  The wildcard record in the .com zone is being added now.  We have prepared a white paper describing VeriSign's wildcard implementation, which is available here: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf By way of background, over the course of last year, VeriSign has bee engaged in various aspects of web navigation work and study.  These activities were prompted by analysis of the IAB's recommendations regarding IDN navigation and discussions within the Council of European National Top-Level Domain Registries (CENTR) prompted by DNS wildcard testing in the .biz and .us top-level domains.  Understanding that some registries have already implemented wildcards and that others may in the future, we believe that it would be helpful to have a set of guidelines for registries and would like to make them publicly available for that purpose.  Accordingly, we drafted a white paper describing guidelines for the use of DNS wildcards in top-level domain zones.  This document, which may be of interest to the NANOG community, is available here: http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Matt--
 Matt Larson [mlarson@verisign.com]
 VeriSign Naming and Directory Services
 Lots of list chatter about BIND hacks to undo VeriSign's wildcard hack. NANOG Mailing List | Change to .com/.net behavior |  
 
 
| 
|  | VeriSign Rerouting .net DNS queries |  |  | 
|---|
 
| Topic: Technology | 7:26 pm EDT, Sep 15, 2003 |  | Do some DNS queries that end with .net for some nonexistent domains..  They are all being responded to with an A record pointing to 64.94.110.11, which is a VeriSign search engine. This is complete bullshit.  This must not be allowed. VeriSign Rerouting .net DNS queries |  
 
 
|  | 
|---|
 
| Topic: Technology | 5:55 pm EDT, Sep 15, 2003 |  | ] RATE radio is a collaborative filtering client/server mp3] player/downloader. The iRATE server has a large database
 ] of music. You rate the tracks and it uses your ratings
 ] and other peoples to guess what you'll like. The tracks
 ] are downloaded from websites which allow free and legal
 ] downloads of their music.
 Hmm.. iRATE radio home |  
 
 |