17 September 2003

Verisign hack the DNS

Verisign, possibly the most incompetent name registrar on the Internet (but that’s another story), have decided to leverage their monopoly control over the current de facto standard root DNS servers.

They’ve set things up so that any nonexistent domain name now maps to one of their servers. If you type a random bogus domain name like xyloturbot.com into your web browser, you now get Verisign ads and a pay-for-hits search engine.

This is bad for many reasons. Firstly, they’re violating at least four different RFCs, including the Requirements For Internet Hosts. Secondly, they made the change without warning, breaking many anti-spam systems that were checking to see if alleged sender e-mail addresses look valid.

As if that wasn’t bad enough, spam sent with completely bogus addresses now ends up queued indefinitely on many mail servers—rather than bouncing it immediately as it’s to an invalid sender, they can now resolve every single bogus address, so they’ll queue the mail and try delivering it for a couple of weeks. There are probably lots of servers out there that aren’t given much attention, that are now gradually filling up with spam thanks to Verisign.

Another problem is that it gives the Internet a single vector for massive virus infestation. Imagine if a hacker cracks the Verisign web server and puts a new Windows virus on that server for download—it could spread across the entire Internet in seconds.

Finally, what they’re doing is probably illegal under the anti-’cybersquatting’ laws passed in the USA. They are, after all, squatting on other people’s trademarked names, in order to make cash.

There are already patches for most DNS servers to permanently blackhole the Verisign machine in question. It took IBM less than a day to decide to blackhole all traffic to that server, and according to the software authors the clamor for patches has been enormous. It’ll be interesting to see how the crooks respond.

In the meantime, it seems to me that the best thing to do is take advantage of the situation. Since every bogus e-mail address now resolves, and since all the incompetently-managed open relay servers will end up sitting delivering e-mail to Verisign 24×7, why not generate a few hundred bogus e-mail addresses every day, link to them on well-trafficked pages (like this one), and wait for the spambots to harvest them? In fact, you may already have spotted me doing just that…

© mathew 2017