[rescue] The Verisign Exploit
Sheldon T. Hall
shel at cmhcsys.com
Wed Sep 17 15:58:06 CDT 2003
I suppose you all know that Verisign has, essentially, hijacked the DNS
protocol, and now any otherwise-unassigned .com or .net domain name resolves
to 18.104.22.168. Unless you have today's patch for BIND, it seems all
mistyped browser addresses end up on a Verisign page.
This not only affects browsers, but e-mail, and breaks anti-spam measures
that refuse mail that arrives with an otherwise-unresolvable "From" domain.
Although they resolve it, they don't answer pings ...
foo $ ping whatabunchoffsckinggarbage.com
Pinging whatabunchoffsckinggarbage.com [22.214.171.124] with 32 bytes of data:
Request timed out.
They do answer to "telnet whatabunchoffsckinggarbage.com 25", though.
And my question is ... where can I get a patched version of BIND for Solaris
7, one that will install with the fewest hassles?
More information about the rescue