Re: Verisign's SiteFinder

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

Some more references to this.  There is a change that can be made to DNS to deal with this, which our DNS folks 
implemented a few weeks ago, but I can't find the technical details on that now...

M.

-- 

The media angle
http://www.theregister.co.uk/content/6/32852.html

The IAB commentary - this is the most detailed coverage of it's effect.
http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html

The ICANN advisory
http://www.icann.org/announcements/advisory-19sep03.htm

M.


-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Associate Director, Center for Applied Cybersecurity Research (http://cacr.iu.edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu




-----Original Message-----
From: Omar Herrera [mailto:omar_herrera () BANXICO ORG MX] 
Sent: Friday, September 26, 2003 2:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Verisign's SiteFinder


Verisign seems to be doing something "weird" with this service. There
are many discussions around this everywhere, here is a sample of what
seems to be going on:

http://www.techweb.com/wire/story/TWB20030926S0003

I have not reviewed all the information with detail but it seems that
Verisign is being accused of doing some sort of traffic hijacking.

Omar Herrera, CISSP

Instituto Tecnológico y de Estudios Superiores de Monterrey, 
Mexico City Campus 
Information security topic and laboratory


> -----Mensaje original-----
> De: The EDUCAUSE Security Discussion Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] En nombre de Matthew Dalton
> Enviado el: Viernes, 26 de Septiembre de 2003 01:01 PM
> Para: SECURITY () LISTSERV EDUCAUSE EDU
> Asunto: [SECURITY] Verisign's SiteFinder
>
> Has anyone else out there notices an increase in bad traffic filling
up
> their queues since the SiteFinder "service" went into affect?  If so,
what
> are other people doing about it from a technological standpoint and/or
> awareness standpoint?  If you want to reply to me off-list, I will be
> happy to summarize to both lists the results.  Thanks.
>
> --
************************************************************************
**
> |Matthew Dalton                     |Phone: (585)273-1721
|
> |ITS Security Group                 |Email:
Matthew.Dalton () rochester edu |
> |University of Rochester            |
|
> |Rochester, NY 14620                |
|
>
************************************************************************
**
> **********
> Participation and subscription information for this EDUCAUSE
Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.