Any workarounds for Verisign .com/.net highjacking?
Lev Walkin
vlm at netli.com
Tue Sep 16 17:52:03 PDT 2003
M. Warner Losh wrote:
> In message: <XFMail.20030916170025.jdp at polstra.com>
> John Polstra <jdp at polstra.com> writes:
> : On 16-Sep-2003 M. Warner Losh wrote:
> : > I think we should put a filter for this nonsense into the base
> : > system. Hack the resolve to filter out the adddress, and hack bind to
> : > filter it out too. that way we can leverage our position in the name
> : > servers in the world to do something about this BS.
> :
> : I think so too, in principle. But we need something better than a
> : hard-coded IP address. It would take Verisign about an hour to figure
> : out they need to change the address frequently. (Well, OK, a day ...
> : it's Verisign, after all.)
>
> Agreed. but it wouldn't be too hard to determine at boot/hourly doing
> a bogus query to find the address of the moment. Even they would be
> hard pressed to change things more than hourly.
They will then be able to make this router to filter out the better
half of Internet after a while.
--
Lev Walkin
vlm at netli.com
More information about the freebsd-hackers
mailing list