Hey, SiteFinder is back, again...
gds at best.com
Tue Nov 6 22:35:51 UTC 2007
Bill Stewart wrote:
> When Verisign hijacked the wildcard DNS space for .com/.net, they
> encoded the Evil Bit in the response by putting Sitefinder's IP
> address as the IP address. In theory you could interpret that as
> damage and route around it, or at least build ACLs to block any
> traffic to that IP address except for TCP/80 and TCP/UDP/53. But if
> random ISPs are going to do that at random locations in their IP
> address space, and possibly serve their advertising from servers that
> also have useful information, it's really difficult to block.
> Does anybody know _which_ protocols Verizon's web-hijacker servers are
> supporting? Do they at least reject ports 443, 22, 23, etc.?
> In contrast, Microsoft's IE browser responds to DNS no-domain
> responses by pointing to a search engine, and I think the last time I
> used IE it let you pick your own search engine or turn it off if you
> didn't like MS's default. That's reasonable behaviour for an
> application, though it's a bit obsequious for my taste.
Hmmm. When using IE 7 on Windows Vista out of the box, and I give it
a non-existent domain, it prompts me to connect to a network (even if
I'm already connected to one). It also puts the browser in "work
offline" mode. (Very annoying.) I've never been pointed to a search
engine or prompted to select one. Perhaps this is something that is
controlled by the machine's initial setup.
More information about the NANOG