From owner-freebsd-hackers@FreeBSD.ORG  Tue Sep 16 17:52:03 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5D90316A4B3
	for <freebsd-hackers@freebsd.org>;
	Tue, 16 Sep 2003 17:52:03 -0700 (PDT)
Received: from smtp.netli.com (ip2-pal-focal.netli.com [66.243.52.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6690743F3F
	for <freebsd-hackers@freebsd.org>;
	Tue, 16 Sep 2003 17:52:02 -0700 (PDT)	(envelope-from vlm@netli.com)
Received: (qmail 19683 invoked by uid 84); 17 Sep 2003 00:25:21 -0000
Received: from vlm@netli.com by l3-1 with qmail-scanner-0.96 (uvscan:
	v4.1.40/v4121. . Clean. Processed in 0.148523 secs); 17 Sep 2003 00:25:21
	-0000
Received: from unknown (HELO netli.com) (172.17.1.12)
  by mx01-pal-lan.netli.lan with SMTP; 17 Sep 2003 00:25:20 -0000
Message-ID: <3F67AA29.4030409@netli.com>
Date: Tue, 16 Sep 2003 17:26:17 -0700
From: Lev Walkin <vlm@netli.com>
Organization: Netli, Inc.
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820
X-Accept-Language: ru, en-us, en
MIME-Version: 1.0
Cc: freebsd-hackers@freebsd.org
References: <20030916.175558.10083602.imp@bsdimp.com>
	<XFMail.20030916170025.jdp@polstra.com>
	<20030916.180417.44250294.imp@bsdimp.com>
In-Reply-To: <20030916.180417.44250294.imp@bsdimp.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Any workarounds for Verisign .com/.net highjacking?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2003 00:52:03 -0000

M. Warner Losh wrote:
> In message: <XFMail.20030916170025.jdp@polstra.com>
>             John Polstra <jdp@polstra.com> writes:
> : On 16-Sep-2003 M. Warner Losh wrote:
> : > I think we should put a filter for this nonsense into the base
> : > system.  Hack the resolve to filter out the adddress, and hack bind to
> : > filter it out too.  that way we can leverage our position in the name
> : > servers in the world to do something about this BS.
> : 
> : I think so too, in principle.  But we need something better than a
> : hard-coded IP address.  It would take Verisign about an hour to figure
> : out they need to change the address frequently.  (Well, OK, a day ...
> : it's Verisign, after all.)
> 
> Agreed.  but it wouldn't be too hard to determine at boot/hourly doing
> a bogus query to find the address of the moment.  Even they would be
> hard pressed to change things more than hourly.

They will then be able to make this router to filter out the better
half of Internet after a while.

-- 
Lev Walkin
vlm@netli.com