|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Verisign insanity - Distributed non-attack
After reading the posts on this list about Verisign's insane behaviour regarding the .com and .net TLD wildcards, I'd like to make a suggestion: Anyone remember the old RC5, distributed.net or [email protected] projects? If Verisign continues with this irrational behaviour I propose developing a distributed client that will inundate their wildcard hosts with invalid requests, thus making harvesting useful information from any HTTP, or SMTP traffic that they hijack nigh impossible. I nice distributed effort, a simple win32, and Unix client, and a stats based reporting system will make this a project where everyone can vote with their IP address. I've also taken a look at the BIND code myself, to see how to rid myself of these falsely reported A records, but the fact is that unless EVERYONE joins in on running such a version of bind, Verisign will still get away with it. It's ridiculous that I as an administrator have to take steps to correct the greedy self-righteousness that is the halmark of their "experiment" in an effort to get some of the FUNDAMENTALS of DNS behaviour to operate as expected. Inundating them with requests (such as the small Lynx shell script posted earlier), will force bigger ISP's to take a stance against this behaviour as well, since they'll be the ones footing the bill in terms of transparent cache servers being filled with invalid requests, sitting on expensive disc, and expiring other more cache-worthy documents, and filling up processing queues. Effectively this would amount to "denial of service" attack, but since there is nothing illegal about making an http request to an invalid hostname, Verisign will be bringing the denial of service attack upon themselves, and unfortunately dragging ISP's with them. Why ISP's haven't publically taken a stance against this yet is fascinating. I'm a mild mannered programmer/administrator by day, but blatantly monopolistic practices such as this requires decisive mass action, and makes my blood boil. There are enough issues to deal with on a day to day basis just to combat the loopholes there currently are for spammers. Having Verisign give spammers free FROM: domains to spam from has just made the task all the more unpleasant... If Verisign doesn't retract their mal-implemented "White Paper" and it's insiduous behaviour from the internet within the next week, I WILL start developing a client that allows netizens to vote with their IP's and HTTP, or SMTP traffic. I will personally put up a 100$ prize for the client that according to statistics have made the most requests to invalid .com/.net domains within the period required to get them to stop. Cheers, Roelf Diedericks Systems Programmer "I might be on the other end of a 56k modem, but I have a lot of friends with 56k modems..."
|