IPB

Welcome Guest ( Log In | Register )

> Hydrogenaudio Forum Rules

- No Warez. This includes warez links, cracks and/or requests for help in getting illegal software or copyrighted music tracks!
- No Spamming or Trolling on the boards, this includes useless posts, trying to only increase post count or trying to deliberately create a flame war.
- No Hateful or Disrespectful posts. This includes: bashing, name-calling or insults directed at a board member.
- Click here for complete Hydrogenaudio Terms of Service

 
Reply to this topicStart new topic
Verisign DNS Tragedy - * -> 64.94.110.11, Let's hack 64.94.110.11 -> www.goatse.cx
TrNSZ
post Sep 17 2003, 06:32
Post #1





Group: Developer
Posts: 717
Joined: 25-September 01
Member No.: 20



I'd be impressed to see someone hack 64.94.110.11 and redirect traffic to www.goatse.cx.

That would be worth a monetary donation for sure. =)

On a more serious note:

In the meantime, there are some good solutions for users looking to get NXDOMAIN responses. I'm currently using dnsmasq which has a new option, --bogus-nxdomain, which allows you specify, for example, 64.94.110.11 and workaround the issue as long as you keep the IP addresses used by the generic redirection up to date.

A quick hack for Windows users is to add 64.94.110.11, sitefinder.verisign.com, and other IP such as 12.158.80.10, to 127.0.0.0 using the hosts file. I'm sure there are better solutions for Windows.

dnsmasq should be compilable on Win32. There are BIND ports for Win32, and BIND released a similar patch to deal with this issue too.
Go to the top of the page
+Quote Post
rjamorim
post Sep 17 2003, 16:53
Post #2


Rarewares admin


Group: Members
Posts: 7515
Joined: 30-September 01
From: Brazil
Member No.: 81



Erm... sorry, but I don't understand what's going on here.

What's the deal with 64.94.110.11?


--------------------
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org
Go to the top of the page
+Quote Post
Gabriel
post Sep 17 2003, 17:02
Post #3


LAME developer


Group: Developer
Posts: 2950
Joined: 1-October 01
From: Nanterre, France
Member No.: 138



Verisign now own virtually any unregistered .com/.net domain name.
Go to the top of the page
+Quote Post
jsheridan
post Sep 17 2003, 17:32
Post #4





Group: Developer
Posts: 196
Joined: 24-December 02
Member No.: 4220



Any solution available for us Windows 2k/2k3 DNS Users? (Which are forced to use it because of active directory etc?)


--------------------
You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time.

- Abraham Lincoln
Go to the top of the page
+Quote Post
rjamorim
post Sep 17 2003, 18:20
Post #5


Rarewares admin


Group: Members
Posts: 7515
Joined: 30-September 01
From: Brazil
Member No.: 81



QUOTE (Gabriel @ Sep 17 2003, 01:02 PM)
Verisign now own virtually any unregistered .com/.net domain name.

wow...


--------------------
Get up-to-date binaries of Lame, AAC, Vorbis and much more at RareWares:
http://www.rarewares.org
Go to the top of the page
+Quote Post
spoon
post Sep 17 2003, 22:02
Post #6


dBpowerAMP developer


Group: Developer (Donating)
Posts: 2749
Joined: 24-March 02
Member No.: 1615



How is that any worse than Microsoft poping up - on MSN it cannot find the domain (for Internet Explorer Users)?


--------------------
Spoon http://www.dbpoweramp.com
Go to the top of the page
+Quote Post
kode54
post Sep 18 2003, 04:24
Post #7





Group: Admin
Posts: 4618
Joined: 15-December 02
Member No.: 4082



This affects more than just web browsers.


Example: All those spam messages that come from bogus .com and .net addresses? All those domains are now valid, thanks to Verisign. Unless, of course, your DNS servers are patched against this nonsense.

This post has been edited by kode54: Sep 18 2003, 04:26
Go to the top of the page
+Quote Post
sthayashi
post Sep 18 2003, 04:43
Post #8





Group: Members
Posts: 494
Joined: 16-April 03
From: Pittsburgh, PA
Member No.: 5997



Any information on HOW that happened? An article link or something?
Go to the top of the page
+Quote Post
Floydian Slip
post Sep 18 2003, 05:48
Post #9





Group: Members
Posts: 53
Joined: 18-January 03
Member No.: 4621



Check out this news at SlashDot

And some discussion at NANOG

IMO, Verisign should be banned on managing TLD. They should be forced to hand over their administration of the root ns to a competent not-for-profit organization.


--------------------
-- Floydian Slip
Go to the top of the page
+Quote Post
Canar
post Sep 18 2003, 07:39
Post #10





Group: Super Moderator
Posts: 3361
Joined: 26-July 02
From: princegeorge.ca
Member No.: 2796



QUOTE (TrNSZ @ Sep 16 2003, 09:32 PM)
I'd be impressed to see someone hack 64.94.110.11 and redirect traffic to www.goatse.cx.

goatse.cx? Who links to goatse.cx these days? Today's real trolls link to tubgirl.comtubgirl.com.

Note: Do not click that link if you do not want to be disgusted. Seriously.



blink.gif ph34r.gif Ack. This DNS thing really sucks. However, it seems as though it hasn't propagated to me yet; misspelled domains still give a normal error here.

Edit: Wow... HA filters out tubgirl links. Cool.

This post has been edited by Canar: Sep 18 2003, 07:41


--------------------
You cannot ABX the rustling of jimmies.
No mouse? No problem.
Go to the top of the page
+Quote Post
Andavari
post Sep 18 2003, 08:13
Post #11





Group: Members
Posts: 935
Joined: 3-June 02
From: USA
Member No.: 2204



QUOTE (rjamorim @ Sep 17 2003, 09:53 AM)
Erm... sorry, but I don't understand what's going on here.

What's the deal with 64.94.110.11?

I was thinking the same thing when I read it yesterday.

So, could this be the root of DNS problems?
I've had some weird crap happening with my ISP with the DNS server magically going down everyday, and websites not being responsive or not loading.


--------------------
Complexity of incoherent design.
Go to the top of the page
+Quote Post
YinYang
post Sep 18 2003, 12:55
Post #12





Group: Members
Posts: 371
Joined: 29-September 01
Member No.: 45



I found this explanatory rant to be pretty informative for me.

http://www.haque.net/verisign_dns_rant.php

[edit] Especially the part about their logging of mistyped URL's containing personal info was interesting [/edit]

This post has been edited by YinYang: Sep 18 2003, 12:57
Go to the top of the page
+Quote Post
AstralStorm
post Sep 18 2003, 14:28
Post #13





Group: Members
Posts: 745
Joined: 22-April 03
From: /dev/null
Member No.: 6130



Seems like my ISP has already taken care of this brain damage.

/EDIT\
Spoken too soon - got my DNS cache record. tongue.gif
\EDIT/

This post has been edited by AstralStorm: Sep 18 2003, 14:32


--------------------
ruxvilti'a
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd September 2014 - 18:31