What *are* they smoking?

• Previous message (by thread): What *are* they smoking?
• Next message (by thread): What *are* they smoking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Matthew S. Hallacy wrote:

> On Tue, Sep 16, 2003 at 01:18:26AM +0200, Jeroen Massar wrote:
> > 
> > Even worse of this is that you can't verify domain names under .net
> > any more for 'existence' as every .net domain suddenly has 
> a A record
> > and then can be used for spamming...
> > 
> > From: Spammer 
> <i at spam.using.verisign.eventhoughthisdomaindoesntexist.net>
> > To: You <spamtarget at example.com>
> > 
> > Thank you Verisign! Now we need to check for existence of an MX
> > and then just break a couple of RFC's in the process :(
> 
> Checking for NS or SOA record(s) is sufficient, neither are 
> being returned,
> only A records.
> 
> Of course, you could just block anything that resolves to netsol.

example.com.		NS ns1.example.com
				A 10.100.13.42
blaat				A 10.100.13.42

It's completely legal, per RFC, to mail user at blaat.example.com
as it is a host, but blaat.example.com doesn't need an NS record.

Having an extra lookup checking with a NS if the first
level domain exists is an option though.

But the best option is just to let dns servers return NXDOMAIN
and let people use google or let them *type* correctly.

Or is Verisign suddenly also all knowledgable about which
url's are going to be valid? "oops the user is going to make a typo,
lets point everything on our box and let that log and figure out
what the dumb user really meaning"... go figure..

Btw it doesn't do IPv6 which is bad and doesn't scale into the future :)
And no HTTP SSL support either. No POP3/IMAP support telling people
they typed in the wrong hostname for their mailserver etc...

Any kiddie group already planning to "take down" the advert server ?
It's just 1 IP to take out a *lot* of domains, anything you can mistype ;)
"Look mommy we took down <think up something>.net, now you see it now you..."

I also wonder what privacy implications this has, stupid example:
http://www.thawhaithouse.net/login/?user=president&password=cannedremember

There goes your privacy act (if you still thought there was any :)

Greets,
 Jeroen

-----BEGIN PGP SIGNATURE-----
Version: Unfix PGP for Outlook Alpha 13 Int.
Comment: Jeroen Massar / jeroen at unfix.org / http://unfix.org/~jeroen/

iQA/AwUBP2ZVuCmqKFIzPnwjEQKQggCcDGgy0kXNIA89kvL9EiFPosVNy+QAn3G9
hepKhdO0XS6nTtgrYGg/jAna
=9VhA
-----END PGP SIGNATURE-----

• Previous message (by thread): What *are* they smoking?
• Next message (by thread): What *are* they smoking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]