catahoula7
Catahoula
join:2002-12-30
|  More on VeriSign
On Monday, VeriSign began to redirect domain lookups for misspelled or nonexistent names to its own site, a process that has confused Internet e-mail utilities and drawn angry denunciations of the company's business practices from frustrated network administrators.
[..]
the Internet Research Task Force, said some spam blockers are being thrown for a loop, because the computer that VeriSign uses to respond to misspelled or nonexistent domains is misconfigured.
[..]
In an unusual kind of grassroots movement, some network administrators have begun to invent and launch technical countermeasures against VeriSign.
full article@ »news.com.com/2100-1032-5077530.html
--
-- The Catahoula Hound Dawg |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| I blocked the offending IP, incoming and outgoing, on my firewall. Now mistyped domains get a "page cannot be displayed" message, just like they're supposed to. 
Next step will be a patched BIND, when it's ready. |
|
LowWaterMark
Premium
join:2002-05-16
Wallingford, CT
| reply to catahoula7
Well, it's easy enough to block their site finder using the Hosts file in order to get back to more or less normal browser functionality.
127.0.0.1 sitefinder.verisign.com # Block Verisign SiteFinder
--
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily! |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to catahoula7
Since DNS is returning the sitefinder IP for misspelled and unassigned hostsnames then hosts blocking won't be effective. You'll have to block it at the firewall.
--
Blue mountains after rainfall - much bluer. |
|
MrChuckles
Say What?
Premium
join:2000-11-19
Westminster, MD
 ·Comcast
| said by hpguru  :
Since DNS is returning the sitefinder IP for misspelled and unassigned hostsnames then hosts blocking won't be effective. You'll have to block it at the firewall.
It's working for me in hosts file... exactly as LowWaterMark posted it.
When a bad address is typed in, I see a "No website configured at this address"
--
Maryland SETI
8 months Cancer free and counting!
My brother, my life giver |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to catahoula7
It isn't working here. What hostname did you type?
--
Blue mountains after rainfall - much bluer. |
|
MrChuckles
Say What?
Premium
join:2000-11-19
Westminster, MD
·Comcast
| Exactly as LowWaterMark posted:
127.0.0.1 sitefinder.verisign.com # Block Verisign SiteFinder
I actually copied/pasted it directly from here in to my hosts file. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to catahoula7
Sorry. I meant which misspelled host. If a meta refresh or 302 redirect is being used then hosts blocking will work but so far none of the misspelled or non-existant hosts I've typed have taken me to verisign.
--
Blue mountains after rainfall - much bluer. |
|
LowWaterMark
Premium
join:2002-05-16
Wallingford, CT
| reply to catahoula7
Host file entry works fine on this one: »www.hsdjsckjsjktgdfw.com/
Edit: I understand what you are saying regarding the DNS entry resolution, but it does work for me as far as IE seeing an error page instead of the Versign page at that named location.
[text was edited by author 2003-09-16 20:47:14] |
|
catahoula7
Catahoula
join:2002-12-30 |
Is anyone having trouble with spam blockers?
--
-- The Catahoula Hound Dawg |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to catahoula7
Here's what I get with that. Btw I'm not doing any blocking yet.
+++GET 326+++
GET / HTTP/1.1
Accept: */*
Referer: »/forum/((snip))
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0((snip))
Host: www.hsdjsckjsjktgdfw.com
Pragma: no-cache
Connection: keep-alive
** 326 Socket Error 10060 for connect() **
+++CLOSE 326+++
Do you suppose my ISP has already blocked it?
--
Blue mountains after rainfall - much bluer.
[text was edited by author 2003-09-16 21:30:25] |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs: |  reply to catahoula7
any way to add it to MS DNS?? |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to catahoula7
I hadn't intended to but I just updated the hosts file and added sitefinder.verisign.com in the hope it will benefit others. Still not working for me though.
It can be downloaded here without having to register or login.
--
Blue mountains after rainfall - much bluer. |
|
Reverend Ike
Premium
join:2001-08-24
Sacramento, CA
| reply to catahoula7
Same result as LowWaterMark here.
Typing in the nonsense URL hxxp://www.qwertasdfgzxcvb.com initially redirects the page to:
hxxp://sitefinder.verisign.com/lpc?url=www.qwertasdfgzxcvb.com&host=www.qwertasdfgzxcvb.com
After adding sitefinder.verisign.com to my Hosts file, the same nonsense URL returns a "The page cannot be displayed" standard error page. |
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR | reply to catahoula7
I hope all companies will not renew any certificates with Verisign, this is a horrible business practice to say the least. |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs: | reply to catahoula7
For some reason, I enter www.fjdosioeriekejkre.com in my address bar and I am taken to my usual Google Search page.
Is this still a Hijack, or has it already been 'fixed'??? |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to catahoula7
You may be correct. Rev Ike's url took me to Google. Even so, I intend to leave Verisign's spammy looking site in the hosts file for a while.
--
Blue mountains after rainfall - much bluer. |
|
LowWaterMark
Premium
join:2002-05-16
Wallingford, CT
| reply to catahoula7
Hey R2, did ya ever think that www.fjdosioeriekejkre.com is a legitimate website? Hmm? (You don't speak Finnish?)
(Well, no, it's not a real website, but, didn't you ever think it might be?  )
--
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily! |
|
OZO
Premium
join:2003-01-17
| reply to catahoula7
Guys, try "ping hostname". Here is mine result after adding recommended lines into "hosts" file:
C:\>ping www.fjdosioeriekejkre.com
Pinging www.fjdosioeriekejkre.com [64.94.110.11] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 64.94.110.11:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
|
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
 ·Verizon Online DSL
| Good point, even with sitefinder.verisign.com [12.158.80.10] prevented, sites which don't have a dns registry will appear as 64.94.110.11 which really is sitefinder-idn.verisign.com [64.94.110.11].
This is illegal, pure, and simple.
Now two entries for the hosts file:
127.0.0.1 sitefinder.verisign.com #Block Verisign SiteFinder
127.0.0.1 sitefinder-idn.verisign.com #Block Verisgn SiteFinder
I have also blocked 12.158.80.10, and 64.94.110.11 from any inbound or outbound connections in my firewall. Its so nice to see the normal response of the site doesn't exist.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
[text was edited by author 2003-09-17 03:02:33] |
|
