Date: Tue, 16 Sep 2003 17:26:17 -0700 From: Lev Walkin <vlm@netli.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Any workarounds for Verisign .com/.net highjacking? Message-ID: <3F67AA29.4030409@netli.com> In-Reply-To: <20030916.180417.44250294.imp@bsdimp.com> References: <20030916.175558.10083602.imp@bsdimp.com> <XFMail.20030916170025.jdp@polstra.com> <20030916.180417.44250294.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
M. Warner Losh wrote: > In message: <XFMail.20030916170025.jdp@polstra.com> > John Polstra <jdp@polstra.com> writes: > : On 16-Sep-2003 M. Warner Losh wrote: > : > I think we should put a filter for this nonsense into the base > : > system. Hack the resolve to filter out the adddress, and hack bind to > : > filter it out too. that way we can leverage our position in the name > : > servers in the world to do something about this BS. > : > : I think so too, in principle. But we need something better than a > : hard-coded IP address. It would take Verisign about an hour to figure > : out they need to change the address frequently. (Well, OK, a day ... > : it's Verisign, after all.) > > Agreed. but it wouldn't be too hard to determine at boot/hourly doing > a bogus query to find the address of the moment. Even they would be > hard pressed to change things more than hourly. They will then be able to make this router to filter out the better half of Internet after a while. -- Lev Walkin vlm@netli.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F67AA29.4030409>