On Wed, Sep 17, 2003 at 12:04:01PM +0100, Dale Amon wrote:
> On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> > They've put a wildcard DNS entry for .com and .net to resolve to their
> > product called "SiteFinder" which offers a IE/MSN like "Did you mean
> > to type ...." services.
> >
> > So any domain that doesn't exist, or in the PENDING/DELETE states, or has
> > no nameservers associated with it, now resolves.
>
> Ah, so what would happen if many thousands of people ran pings
> and other things against nonexistant names?
There is some evidence (from NANOG) that something much more beautifully
subtle and ironic is happening in a similar vein:
1) Take standard-issue Windows 2000 or XP host with a default configuration
(to wit, 'append domain when searching for host' - unline the BIND
resolver, this is tried *before* the straight name).
2) Set the domain name to 'thiscompanydoesnotexist.com' or some similar
value (must be .com/.net, and not actually exist).
3) Do a lookup on 'windowsupdate.com' - it tries to lookup
'windowsupdate.com.thiscompanydoesnotexist.com' (using the example domain
above). Returns VeriSign's A record.
And now, the payoff...
4) Add MS Blaster (which does step 3, above, then fires off DoS traffic at
it).
Microsoft, VeriSign, and MS Blaster - three great tastes that go great
together! (Well, okay, three really nasty tastes that cause a beautifully
elegant reprisal against stupidity.)
--
Joel Baker <fenton@debian.org> ,''`.
Debian GNU NetBSD/i386 porter : :' :
`. `'
`-
Attachment:
pgpRORfUferNp.pgp
Description: PGP signature