Hey, SiteFinder is back, again...

Greg Skinner gds at best.com
Tue Nov 6 22:35:51 UTC 2007

Bill Stewart wrote:

> When Verisign hijacked the wildcard DNS space for .com/.net, they
> encoded the Evil Bit in the response by putting Sitefinder's IP
> address as the IP address.  In theory you could interpret that as
> damage and route around it, or at least build ACLs to block any
> traffic to that IP address except for TCP/80 and TCP/UDP/53.  But if
> random ISPs are going to do that at random locations in their IP
> address space, and possibly serve their advertising from servers that
> also have useful information, it's really difficult to block.

> Does anybody know _which_ protocols Verizon's web-hijacker servers are
> supporting?  Do they at least reject ports 443, 22, 23, etc.?

> In contrast, Microsoft's IE browser responds to DNS no-domain
> responses by pointing to a search engine, and I think the last time I
> used IE it let you pick your own search engine or turn it off if you
> didn't like MS's default.  That's reasonable behaviour for an
> application, though it's a bit obsequious for my taste.

Hmmm.  When using IE 7 on Windows Vista out of the box, and I give it
a non-existent domain, it prompts me to connect to a network (even if
I'm already connected to one).  It also puts the browser in "work
offline" mode.  (Very annoying.)  I've never been pointed to a search
engine or prompted to select one.  Perhaps this is something that is
controlled by the machine's initial setup.


More information about the NANOG mailing list