Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Study Reveals How ISPs Responded to SiteFinder

michael posted more than 10 years ago | from the routing-around-verisign dept.

The Internet 172

penciling_in writes "During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals the details and analysis, including specific networks disabling Site Finder during its operational period. For example, the study reports China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs have been slower to act, but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23." That link is a summary; or cut straight to the study itself.

cancel ×

172 comments

Sorry! There are no comments related to the filter you selected.

I for one (-1, Redundant)

scumbucket (680352) | more than 10 years ago | (#7154196)

I for one welcome our SiteFinding overlords.

Intresting preup? story (5, Informative)

Sir Haxalot (693401) | more than 10 years ago | (#7154201)

here [newsfactor.com]

Re:Intresting preup? story (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7154214)

go away you stupid fuck. noone cares about your sad karma whoring attempts.

Sad News Cruz Bustamonde dead at 54 (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154377)

I just heard some sad news on talk radio, the incompetent Lt Gov of California Cruz Bustamonde 54 was found dead in his East LA home. Even if you did not admire his total stupidity and lack of morals, their is no denying his contributions to hardcore gangsta Mexican rap. Truly a Mexican-American icon!

LOL (0)

Anonymous Coward | more than 10 years ago | (#7154445)

Sorry, I saw the subject and started laughing.

God I hope I get FP (-1, Offtopic)

Gizzmonic (412910) | more than 10 years ago | (#7154209)

My karma is getting terrible lately, and I don't understand why. It seems even my most challenging and witty comments get modded down.

So God, if you're up there, please let me have FP. It's the only thing I have left. PLEASE!

Re:God I hope I get FP (-1)

Anonymous Coward | more than 10 years ago | (#7154294)

Sorry, you got 3rd! LOSER!

Re:God I hope I get FP (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7154364)

u fail it, linux f4gg0rt!

g0d h4t3z u.

Eww! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154211)

My diaper is full of feces! Will someone please change my dirty diaper?

"service" (1)

dilvie (713915) | more than 10 years ago | (#7154215)

IMO, that's equivalent to spam-blocking -- something most ISP's at least try to accomplish.

Spam Solution (3, Interesting)

RuB1X (707519) | more than 10 years ago | (#7154789)

Copied from here [theregister.co.uk]

But there is(was) a solution, perhaps mail servers should check to see if the sender domain for a particular piece of email resolves to the Ip above.If it does, forward the email toVerisign, any of the email addresses on this page should do :

http://www.verisign.com/corporate/about/contact/in dex.html?sl=060104

If the email sender domain resolves to the bogus Verisign wildcard entry, then its only fair that the email gets forwarded back to them, as it?s obviously spam and it resolves to their address.

Just in case Verisign turns it back on, be ready.

Disturbing (0, Redundant)

gsparrow (696382) | more than 10 years ago | (#7154218)

I can't believe how blatantly they would push to forward their own interest.

Re:Disturbing (2, Interesting)

wankledot (712148) | more than 10 years ago | (#7154353)

Why can't you believe that? Verisign is not a NPO, they're a company that exists to make money. Seems pretty straightforward to me.

Re:Disturbing (2, Interesting)

gsparrow (696382) | more than 10 years ago | (#7154850)

They are a for profit corporation, but they are also responsible for managing the .com and .net domains and if they want to continue doing so they will have to consider all the implications that making decisions like this will have. I don't think that anyone will argue that there was a blatant disregard for the rest of the internet community. Is that who you want managing the root DNS server for the .com and .net domains?

Re:Disturbing (2, Interesting)

wankledot (712148) | more than 10 years ago | (#7154906)

I'm not arguing that they were wrong, I think it was an obvious misuse of their power. But I'm also not surprised.

When you have a company in that position... with the ability to easily use a position for an obvious gain, and with a grey area of what's right and wrong (grey to them, not to us.) I think that it's very likely they will try to get as much out of their investment into the .com and .net domains as possible, and push the envelope at every turn. Thankfully they're being met with some resistance.

I'm sure trying this was seen as a measured risk for them, and now it's not paying off, much to their displeasure.

Re:Disturbing (0)

rd4tech (711615) | more than 10 years ago | (#7154889)

yeah, but practising bussiness usually requires a bit foresight..

It never "worked" for me... (0)

captain_craptacular (580116) | more than 10 years ago | (#7154224)

I guess my provider didn't use verisign in the first place? We are an Educational Institution though, so that could be the reason.

Re:It never "worked" for me... (4, Informative)

gregmac (629064) | more than 10 years ago | (#7154457)

I guess my provider didn't use verisign in the first place?

No, everyone "uses" verisign. They control the database for the gTLDs .com and .net, so all nameservers everywhere on the internet listen to them. When a nameserver tries to resolve a name, it first goes to the root nameservers (A.ROOT-SERVERS.NET, B.ROOT-SERVERS.NET, etc. There's 13 of them. I believe verisign runs two of those, ISC (people that make BIND) run one, I'm not sure who else does). Verisign basically controls what those servers do. They added a wildcard entry for *.com - anything that's not specifically picked up by a registered domain will be connected to their sitefinder server.

We are an Educational Institution though, so that could be the reason.

Likely they just blocked it very quickly.

Root Servers have their own webpage :) (1)

tugrul (750) | more than 10 years ago | (#7154818)

http://www.root-servers.org/ [root-servers.org]

Yup (3, Funny)

pmz (462998) | more than 10 years ago | (#7154229)


The markets reacted as expected. I'm breathless.

Re:Yup (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7154379)

Your post has been moderated positively but that moderation must have been in jest or error. Your post sucks. Please review this form to understand the weaknesses in your post and how to produce higher quality posts in the future.

[X] Your post was modded funny but is not really funny. This is because:
() You post simply used M$ instead of MS
() You went back to beating the Windows security dead horse
() You made a tired SCO joke
() You made a Jon Katz joke (who?)
() MS blowz, linux rules (or a variant)
() You made an unoriginal joke about Slashdotting (servers turning to powder, melting, etc.)
(X) Other (please comment here: )

No one gives a flying fuck what you think.

[] Your post is modded insightful, informative, or interesting. In fact it
is neither of the three. This is because:
() You stated the obvious
() You simply tossed out lots of five-dollar words
() It was in response to a poorly-written post or troll
() You copied text from a previous post that really might have been one of the three I's
() You simply criticized Microsoft without making it funny
() It is bloated with unnecessary technical claptrap
() All you did was pose questions (like a stoner)
() All you did was pose questions (like a lawyer)

[] Your post may be rated too highly in general for the following reasons:
() You are an asterisk who has, knowing the story's release time in advance, pounceposted to get first p0st and get modded up early
() You are one of the editors and are getting your ass kissed
() One of your fans has weighed in for you
() One of the editors has blessed it with an "underrated"

[] Additional comments:

Re:Yup (0, Offtopic)

pmz (462998) | more than 10 years ago | (#7154449)


Thank you for your insightful feedback. My future is brighter for it. However, please see that you were moderated offtopic, for the same reason you cited for me. Good day.

Re:Yup (0)

Anonymous Coward | more than 10 years ago | (#7154533)

You weren't pegged as off-topic, dumbass. You were pegged as being modded as funny, when you're in fact rather l4m3.

Re:Yup (1, Funny)

pmz (462998) | more than 10 years ago | (#7154606)


What does being a lamb have anything to do with moderation?

In other news.... (1)

chef_raekwon (411401) | more than 10 years ago | (#7154808)

Hell freezes over...

I disabled it immediately (1, Interesting)

Anonymous Coward | more than 10 years ago | (#7154230)

I wonder how many other small-network admins did... I guess they're harder to sample though.

Not worth the trouble (1)

ajensen (155948) | more than 10 years ago | (#7154566)

I actually let it happen. After speaking with my boss, our conclusion was as follows:

People are still getting a "domain not found" error. They still know that the site they entered doesn't exist. While it may be very unfair business practice for Verisign to do this, we didn't see any reason to disable it. The bandwidth required is quite small and we had more pressing things to deal with.

I'm very glad to see it gone (for now), but SiteFinder was more hype than it was trouble.

-a

Re:Not worth the trouble (3, Informative)

shepd (155729) | more than 10 years ago | (#7154901)

>While it may be very unfair business practice for Verisign to do this, we didn't see any reason to disable it.

I can give you one reason:

All your mail with mistyped domains has been "rejected" (probably read by a marketing bot) by verisign.

That's gotta be worth at _least_ blacklisting the IP, never mind messing with the DNS servers.

wonder of wonders (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7154232)

what are the chances - using the search page that comes up at the verisign site to search for "register" we find at the top of the
list a link to networksolutions.com (a verisign company). we also note that searching for the same word at google does not result in that site being present in at least the first four pages of results.

yeah - thats a real useful search tool verisign has there - thanks so much.

good to see someone doing something (5, Insightful)

intermodal (534361) | more than 10 years ago | (#7154235)

while I'm not a general fan of censorship, I don't see this as censorship. This was simply sitefinder's overlords abusing their position. Freedom of speech does not mean that you're free to make everyone listen. Same goes for network traffic. This is no different from me adding doubleclick.net in my /etc/hosts pointing to 127.0.0.1 in that I don't want to hear what they have to say, same goes for sitefinder.

Re:good to see someone doing something (1)

Geekenstein (199041) | more than 10 years ago | (#7154387)

I don't agree with SiteFinder, but I don't agree with your reasoning either. Censorship is the act of removing from view objectionable material. The fact that this was done not by the individual deciding not to receive SF's results, but by a third party controlling their network access, is a direct example of censorship.

Let's have an example, shall we?

FCC censors cut dirty words out of programming on broadcast TV, regardless of wheather or not the person on the other end wants to hear it. That is censorship. The V-Chip in newer TV's allows the viewer to decide what not to watch. That is self choice.

So please, don't mistake a third party acting on their own for freedom of speech. That's just plain dangerous, and just plain wrong.

Re:good to see someone doing something (0)

Anonymous Coward | more than 10 years ago | (#7154427)

methinks it was a karma whore

Re:good to see someone doing something (1)

lubricated (49106) | more than 10 years ago | (#7154463)

The VChip is something that now is embedded into every TV and for the 95% of us that don't use it we still pay for it. What a bunch of crap. And I still don't see tits on TV.

A giant stride forward for the arts: (1)

Thud457 (234763) | more than 10 years ago | (#7154623)

Hey, at least you can say fuck [fcc.gov] on tv now!

Belgium! (European readers may be excused for not getting the joke...)

Re:A giant stride forward for the arts: (2, Funny)

GTRacer (234395) | more than 10 years ago | (#7154736)

From Section 3-B, Paragraph 6 of the FCC analysis:

6. To be obscene, material must meet a three-prong test...

I always figured by the time you got to three prongs, you'd gone way past "obscene" and were in hardcore country!

GTRacer
- Belgium? There's no need for such language!

Re:A giant stride forward for the arts: (1)

red floyd (220712) | more than 10 years ago | (#7154846)

- Belgium? There's no need for such language!

Maybe he was using it in a Serious Screenplay?

Re:good to see someone doing something (1)

tuffy (10202) | more than 10 years ago | (#7154490)

I don't agree with SiteFinder, but I don't agree with your reasoning either. Censorship is the act of removing from view objectionable material. The fact that this was done not by the individual deciding not to receive SF's results, but by a third party controlling their network access, is a direct example of censorship.

SiteFinder is not a form of free expression. One can't possibly argue that preventing every damn misspelled hostname from returning an obnoxious webpage somehow infringes VeriSign's ability to express themselves. It's more analagous to preventing some company from inserting commercial breaks in the middle of your DVD viewing session.

Its stifling an unwelcome nuisance, not preventing a point of view.

It wasn't censorship. (1)

Merk (25521) | more than 10 years ago | (#7154833)

It isn't like they were blocking it because the sitefinder page contained naughty words. They were censoring it because the damn service broke the Internet.

If I live next to a busy highway and decide to shine a mega-bright spotlight into oncoming traffic, that would completely mess up traffic and possibly kill a few people. If the cops come in and "censor" my spotlight, that's a good thing, right?

Censorship [cambridge.org] is removing objectionable, or unsuitable content. Preventing someone from shouting "Fire!" in a crowded theatre isn't censorship because it isn't that the words are objectionable, it's that the result of shouting them will cause chaos and damage. Likewise, Verisign's wildcard caused damage and so it was blocked.

Re:good to see someone doing something (1)

shepd (155729) | more than 10 years ago | (#7154952)

Good point, but he's not talking about censorship. He's talking about freedom of speech.

One could, for example, call running your lawnmower freedom of speech. Try doing it at 3:00 am. You won't be told to stop because of censorship. You'll be told to stop because you're disturbing the peace and preventing the lawful enjoyment of people's own property.

This is the same thing. Versign could certainly keep sitefinder.verisign.com running, *but* when they added all that noise, they disturbed the peace of the internet, and prevented people from enjoying what they (nowadays) are paying for. Ergo, no censorship, just vandalism.

More importantly, how does sitefinder respond (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154237)

To goatseeeeeeeecx [goatse.cx] ???

OH my GOD! DO NOT click on this LINK! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154346)

it is really revolting, why would someone do this to themselves?

Re:OH my GOD! DO NOT click on this LINK! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154485)

Welcome to Slashdot o Noobie. You have been blessed by the angel of Goatse.

Re:OH my GOD! DO NOT click on this LINK! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7154653)

Everytime you ambush a noob with GOATSE [goatse.cx] , an angel gets its wings! (Or is that God kills a kitten?!!)

My solution... (1)

myov (177946) | more than 10 years ago | (#7154242)

was just to firewall off sitefinder. At least non-http connections dropped immediately (with a couldn't connect message), rather than waiting for them to time out.

So it comes down to this (4, Interesting)

The One KEA (707661) | more than 10 years ago | (#7154263)

Most major ISPs and institutions successfully blocked a "service" which only resulted in widespread disruption in the way the Internet works. It didn't necessarily stay blocked, as in the case of Adelphia, but it was blocked rather quickly. I like the graphs showing SiteFinder traffic; they're very easy to read and they show the drops quite clearly.

Looking through the study, I found something interesting: most of the blockages of SiteFinder were outside the U.S. Interesting.....

Re:So it comes down to this (2, Informative)

sharekk (654035) | more than 10 years ago | (#7154597)

not suprising - I believe the page not found response is generally viewed in the browser's language while sitefinder was english only.

Re:So it comes down to this (2, Funny)

Anonymous Coward | more than 10 years ago | (#7154738)

Also, if IRC most of the world is outside America...

Re:So it comes down to this (1)

ptbarnett (159784) | more than 10 years ago | (#7154801)

Speakeasy reacted quickly, changing their DNS servers to block Sitefinder. I see they are in the list, but I'm not sure if the study identified ISPs actually known to have blocked Sitefinder, or if they just concluded it from the drop in traffic.

Adelphia? (2, Informative)

Qwell (684661) | more than 10 years ago | (#7154277)

US ISP Adelphia disabled the service September 20-22
No, they did not, at least not nationwide. I was checking it literally everyday. It kept screwing with my DNS requests. Unless they mean those 4 hours I was offline on the 22nd, they did not disable sitefinder on my dns servers.

Denmark (4, Interesting)

pointwood (14018) | more than 10 years ago | (#7154285)

I know the biggest Danish ISP (TDC) blocked it pretty quickly. TDC have >80% of all DSL connections in DK.

Re:Denmark (0)

Anonymous Coward | more than 10 years ago | (#7154392)

So now only one Dane will have access to sitefinder, what a pity.

OMFG SITEFINDER SUCKED ASS (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154303)

I'M GLAD IT IS GONE.

I HATED THAT FUCKING THING. ANYTIME I MISTYPED A FUCKING URL, UP COMES THE GODDAMN SITEFINDER SHIZNIT TO FUCKING HELP ME FIND MY FUCKING WAY. I DON'T NEED THEIR HELP.

THOSE MOTHERFUCKERS NEED TO STAY THE FUCK OUT OF MY GODDAMN WAY. THE INTERNET IS FREE, LET'S KEEP IT THAT WAY, BROTHERS. FUCK VERISIGN.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal.

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal. Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal.

Re:OMFG SITEFINDER SUCKED ASS (-1)

Anonymous Coward | more than 10 years ago | (#7154350)

Are you crazy? You type in all capital letters. It's equivilant to yelling. PLEASE DON'T YELL LOL!!~!

A message (-1)

Anonymous Coward | more than 10 years ago | (#7154308)

I posted a message a short while ago about how my diaper had become full of feces and needed to be changed. Unfortunately, instead of it being omdded UP (+1, Informative), it was modded down as -1, Troll. At the very least it should have been offtopic.

I would like to conclude by converying that my disposeable "Huggies 6" diaper is now filled with urine also. I hope someone changes me.

poor little man let me change you (-1)

Anonymous Coward | more than 10 years ago | (#7154407)

ewwwwwwww you are right the fecal matter in your diapers really does smell

Re:A message (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7154430)

I would like to conclude by converying that my disposeable "Huggies 6" diaper is now filled with urine also. I hope someone changes me.

Sure thing, big boy...
I sure am feeling randy

Re:A message (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154517)

You could be my incontinent Tarzan. I will be your ape...

OH YEAH? WELL I HAVE AN ERECTION!!! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154531)

What should I do about it? My boss with the boobs (Bryanna) has called me into her office in less than five minutes. If I walk in there with this tent pole I don't know what's going to happen! It doesn't help that I'm hung like a hoarse. I've tried several approaches in the past but they've all failed. Whenever I beat off in my cubicle someone almost always finds out. One more time and I'm out the door. I've also tried beating it down with a hammer, but all that does is make it harder and even more blue than usual. But I can't help it. Just the presence of Bryanna in this office makes me horny and I haven't "gotten any" in about 7 yeras. And even that time was with my pet dog Rover. So I don't know what to do. I'm sure you've all been in the same predicament. What do you do to resolve it?

Re:OH YEAH? WELL I HAVE AN ERECTION!!! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154590)

What should I do about it? My boss with the boobs (Bryanna) has called me into her office in less than five minutes. If I walk in there with this tent pole I don't know what's going to happen! It doesn't help that I'm hung like a hoarse. I've tried several approaches in the past but they've all failed. Whenever I beat off in my cubicle someone almost always finds out. One more time and I'm out the door. I've also tried beating it down with a hammer, but all that does is make it harder and even more blue than usual. But I can't help it. Just the presence of Bryanna in this office makes me horny and I haven't "gotten any" in about 7 yeras. And even that time was with my pet dog Rover. So I don't know what to do. I'm sure you've all been in the same predicament. What do you do to resolve it?

You could be my incontinent Tarzan. I will be your hairy ape...

Re:OH YEAH? WELL I HAVE AN ERECTION!!! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7154759)

You could try to stop posting to Slashdot.

Re:OH YEAH? WELL I HAVE AN ERECTION!!! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7154869)

And how would this help me? I'd still have a hard on like an iron pipe even if I didn't post to Slashdot. What do YOU do to get rid of annoying hard ons?

Sad News Cruz Bustamonde dead at 54 (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7154311)

I just heard some sad news on talk radio, the incompetent Lt Gov of California Cruz Bustamonde 54 was found dead in his East LA home. The cause of death was from a ruptured rectum from a greased up YODA doll. Even if you did not admire his work, their is no denying his contributions to the Mexican KKK. Truly a Chicano icon!

More useful (4, Funny)

jolyonr (560227) | more than 10 years ago | (#7154336)

My 404 page redirects people to www.mavisbeacon.com if they mistype a URL.

Re:More useful (0)

Anonymous Coward | more than 10 years ago | (#7154716)

Mine redirects them to this [goatse.cx] place!

AAARRRGGG!!! (-1, Troll)

xanadu-xtroot.com (450073) | more than 10 years ago | (#7154345)

There's a company that's trying to help out (L)users! Oh no! Stop them!

I don't get the big deal with this. OK, Verisign isn't the best company on the planet (I can think of one Utah based one that's much worse, and don't get me started on Redmond...), but this is insane.

OK, so maybe they're taking a bit of traffic away from Google or someone like that. Big deal. They setup a "search engine" for people to use. People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.

Whatever.

Re:AAARRRGGG!!! (3, Insightful)

SnowWolf2003 (692561) | more than 10 years ago | (#7154401)

Verisign can provide this service if they want. But they mustn't try and force me to use it. They could easily offer a browser plug-in that will do the same thing, that people can download and install if they find it usefull. But don't go trying to force everyone to use your service, and break the way the internet functions in the process, without even consulting anyone first.

Re:AAARRRGGG!!! (1)

ryan76 (666210) | more than 10 years ago | (#7154433)

A service that was taking business away from companies that thier sole purpose on the internet was to provide site-finder like functionality. This sitefinder was given (perhaps) unfair competitive advantage.

That is not the point (3, Insightful)

Perianwyr Stormcrow (157913) | more than 10 years ago | (#7154470)

It breaks infrastructure solutions that people have been using for years and work very well. That is reason enough for it to die, all other considerations aside.

Re:AAARRRGGG!!! (3, Insightful)

RevMike (632002) | more than 10 years ago | (#7154492)

I don't get the big deal with this. OK, Verisign isn't the best company on the planet (I can think of one Utah based one that's much worse, and don't get me started on Redmond...), but this is insane.

OK, so maybe they're taking a bit of traffic away from Google or someone like that. Big deal. They setup a "search engine" for people to use. People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.

If it just handled a malformed url in a web browser, it would not have been a big deal. The problem is that DNS doesn't know why you want the address.

For example, if you sent an email and mistyped the address, your MTA would attempt to send that email to verisign's sitefinder servers. That means that verisign had the opportunity to read a large percentage of the misaddressed email on the internet. Do you want to give them that opportunity? Would you let the publishers of a phone book (very often not the phone company) automatically listen to every call that you misdialed?

There may be room for a service like this, but it can't break existing expectations.

Re:AAARRRGGG!!! (4, Insightful)

Xerithane (13482) | more than 10 years ago | (#7154513)

I don't get the big deal with this. OK, Verisign isn't the best company on the planet (I can think of one Utah based one that's much worse, and don't get me started on Redmond...), but this is insane.

They, in effect, registered every unregistered domain and pointed it towards their SiteFinder service. If you take into account the cost of registering all those domains, and how many there are (several trillion combinations, I would assume) they just "stole" service from every other .com register.

That's one argument.

Another argument is this. And this is real world, and it happened to me. I was setting up a host for a friends wife. She has two domain names, and needed DNS and email. I setup DNS, email, and verify that it works by doing a quick "ping" even though the host was down. So, I ping her domain, expecting it to resolve and have the icmp packets timeout. Well, it resolved, and with a different IP address. So, forgetting about this SiteFinder nonsense, I go back in and try to figure out how in the hell that was happening. It dawned on me 30 minutes later that my resolv.conf wasn't pointing at my DNS server, but my upstream, and the registrar hadn't refreshed. Verisign was reporting that domain belonged to the SiteFinder IP because it didn't clear registration yet.

People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.

You obviously don't know what a 404 means. 404 means that the server exists, but the document isn't found. This is replacing non-existent domains. Two totally different things.

Re:AAARRRGGG!!! (0)

Anonymous Coward | more than 10 years ago | (#7154673)

Another argument is this. And this is real world, and it happened to me. I was setting up a host for a friends wife. She has two domain names, and needed DNS and email. I setup DNS, email, and verify that it works by doing a quick "ping" even though the host was down. So, I ping her domain, expecting it to resolve and have the icmp packets timeout. Well, it resolved, and with a different IP address. So, forgetting about this SiteFinder nonsense, I go back in and try to figure out how in the hell that was happening. It dawned on me 30 minutes later that my resolv.conf wasn't pointing at my DNS server, but my upstream, and the registrar hadn't refreshed. Verisign was reporting that domain belonged to the SiteFinder IP because it didn't clear registration yet.


So, basically you're pissed because you have shitty debugging skills and blaming SiteFinder.

Re:AAARRRGGG!!! (1)

Xerithane (13482) | more than 10 years ago | (#7154907)

So, basically you're pissed because you have shitty debugging skills and blaming SiteFinder.

Debugging skills are for coding. This would be "troubleshooting"

I'm not pissed, I'm irritated that instead of getting a "Host not found message" it was resolving to an incorrect IP address.

This violates the RFC.

Re:AAARRRGGG!!! (5, Interesting)

dissy (172727) | more than 10 years ago | (#7154551)

> I don't get the big deal with this.

Well, when people code DNS clients and librarys, they generally do so by following the RFC.

The RFC states that when a domain does not exist, the name server returns the code NXDOMAIN.

So, logically, if you get a NXDOMAIN code back, the domain does not exist.
Verisign changed this RFC defined rule, and every single DNS using application is now broken, as they assume the information in the RFC spec is correct, and it is not so any longer.

There are many different things that broke because of this, which as an end-user of the internet you probably wont notice much of.
People that run service on the internet however do need to know how such servers are suppost to act. Verisign changed the rules without so much as telling anyone.

RFC stands for request for comments. You submit one, and _request comments_
Only after that phase is the RFC out of draft and so people start concidering to use it. This is how a standard is born via RFC. Verisign did not submit a new RFC requeting a change to the original one.

It would be like a web server chaning the numerical error codes.
404 means page not found. 900 is not defined.
Sending a 900 code when page isnt found would break every existing client.
This is what verisign did for DNS

Re:AAARRRGGG!!! (1)

happyfrogcow (708359) | more than 10 years ago | (#7154584)

I don't get the big deal with this.

You are exactly correct. You obviously do not get the big deal of this. It is a big deal. I suspect you need to read all the +4 and +5 moderated posts in this and all other related articles Slashdot. Then go read up on RFCs 811 [ohio-state.edu] and 1034 [ohio-state.edu]

Umm (2, Informative)

ad0gg (594412) | more than 10 years ago | (#7154367)

2. That Site Finder pages are larger than ordinary error messages and therefore slower and more costly to transmit. "Cannot find server or DNS Error" is not a page that a server sends back since there is no server in the loop. Its clientside generated page.

Re:Umm (0)

Anonymous Coward | more than 10 years ago | (#7154494)

NXDOMAIN

I second that: you can tell that was guesswork (3, Insightful)

pr0ntab (632466) | more than 10 years ago | (#7154626)

The study was trying it's best to explain why networks outside the US were blocking.

I think the argument that it brings up an English page only is reason enough to implement such a block, an insult added to injury of VeriSign abusing it's position.

Bandwidth may have been a factor too, but for a different reason: a negative response is preferable to a positive response because you have the same number of DNS packets either way, but the nasty part is the browser goes ahead and opens subsequently two HTTP connections (one for a location redirect, and one for the sitefinder page) into the US, which could be slower than the DNS error message timeout across a latent or slow link.

The guys in the study were parroting the 404 argument (without saying it explicitly), which is untrue. But they've got the right idea.

I was thinking about how the study could be improved, and I started wondering if there's some other way besides Alexa to get relevant data to analyze. It seemed a little sparse, which they acknowledged. Some ideas:

Perhaps google might be nice enough to provide sample data mined from google toolbar, which I think more people would voluntarily install than Alexa.

Or here's idea: contact owners of websites that are commonly accessed by name (slashdot, cnn, localized googles, weblogs, forums, etc.) and kindly request access_log data filtered by referer coming FROM sitefinder, along with requesting IP.

This way, you get inferential proof of when certain IP addresses hit sitefinder accidentally (and how they mispelled the site name), compatible with all but the most paranoid of webbrowser settings. I wonder if site destination correlates with number of sitefinder redirects vs. total traffic. (For example, slashdot might be quite low due to informed users taking local control of their machines via host files, etc.. while many CNN visitors are at the mercy of their ISP)

Re:I second that: you can tell that was guesswork (1)

graxrmelg (71438) | more than 10 years ago | (#7154723)

I don't think cnn.com was much affected by SiteFinder.com, since typos of such a short name are unlikely to result in unassigned domains.

Re:Umm (0)

Anonymous Coward | more than 10 years ago | (#7154661)

They mean that getting the sitefinder page requires more overhead (loading a web page of data) than a simple NXDOMAIN response.

Re:Umm (1)

bucky0 (229117) | more than 10 years ago | (#7154694)

They didnt say that "Cannot find server or DNS Error" was a server generated page.

2. That Site Finder pages are larger than ordinary error messages and therefore slower and more costly to transmit

They did say that there was a message returned though, impying a dns error message.

Wasted some of my time (5, Interesting)

Anonymous Coward | more than 10 years ago | (#7154391)

Sitefinder did not seem to redirect images. I was trying to debug an image server I set up and keep getting a 404 when trying to load a test image. After spending about an hour looking at httpd.conf, I realized that I had mistyped the url. The 404s were coming from sitefinder. My server was set up correctly from the very start.

Re:Wasted some of my time (2, Insightful)

The One KEA (707661) | more than 10 years ago | (#7154574)

That's precisely the sort of thing that people were upset about. By removing the NXDOMAIN response from the .com and .net domains, VeriSign managed to break things in very mysterious and diffcult-to-detect ways. DNS problems and spam were only part of the problem, as your example showed.

Let's just hope that VeriSign is prevented from ever breaking DNS like this again.

Less mysterious, yet very annoying breakage... (2, Interesting)

tugrul (750) | more than 10 years ago | (#7154892)

Anyone notice that while the sitefinder service was up, typos were beginning to get into the browser history since they didn't error out? And the next time you wanted to goto the same site, autocomplete would pick up the typo instead.

*mumble*

I'm just glad that was the worst that happened to me before this "service" got blocked here. I feel for the grandparent.

Sad News, Sitefinder dead at 2 weeks (5, Funny)

Anonymous Coward | more than 10 years ago | (#7154405)

I just heard some sad news on talk radio. The Verisign SiteFinder service was found dead this morning in its 64.94.110.11 IP home. The cause of death was from an ICANN beatdown. Even if you did not admire its work, there is no denying its contributions to the speed and ease of use of the Internet. Truly an Internet icon.

Good riddance.. (1)

Agent R (684654) | more than 10 years ago | (#7154460)

We already had enough problems as it is with spam and hacker-wannabe scriptkiddies.. and we were shoved with Veriscum's new invention.

Now that it is gone, lets hope it stays there. There is no reason to violate the RFCs as they did here.

shared ".com" is the problem (2, Insightful)

bmedwar (693432) | more than 10 years ago | (#7154510)

the problem here is the idea of a shared public asset in ".com" with VeriSign as the maintainer. This is a broken idea from the start. Instead there should be ".vs" for VeriSign and ".gd" for GoDaddy. Then it is clear that these companies wholly own these root domains and they can do anything they want with them.

Re:shared ".com" is the problem (1)

Experiment 626 (698257) | more than 10 years ago | (#7154617)

Instead there should be ".vs" for VeriSign and ".gd" for GoDaddy.

Then you have a problem similar to the recent controversy about cell phones... lack of address (number, URL, etc.) portability. Changing providers causes more hassles than the benefit of ditching your old company, thus locking the customer in.

Re:shared ".com" is the problem (1)

MCZapf (218870) | more than 10 years ago | (#7154810)

Someone would still have to maintain a system above these "root" domains.

I see a bit of a problem... (2, Insightful)

doubleyewdee (633486) | more than 10 years ago | (#7154522)

As far as I know, Alexa doesn't monitor for 'dns lookup failures.' If that's the case then I think this number is way off. About the 22nd or so a lot of people were deploying BIND patches to block this nonsense, and I'm not sure Alexa is registering that. I think their numbers reflect only the ISPs which actually null-routed the sitefinder IP, not ISPs that patched their nameservers.

Correct me if I'm wrong, though.

Not a problem (1)

bedelman (42523) | more than 10 years ago | (#7154755)

doubleyewdee, even if Alexa doesn't monitor or record DNS lookup failures, I don't think this presents a problem given our method of analysis.

In general, we look for a drop-off in Site Finder page views. So if Site Finder page views were high from a given ISP, then dropped off dramatically and suddenly, we notice this and classify the ISP as blocking Site Finder as of the corresponding date. It doesn't matter whether Alexa's other log data shows the dns-lookup-failure'd domains as msn logs, as dns lookup failures, as something else, or as nothing at all (so long as they don't show them as Site Finder, which they definitely would not) -- we'd still see the distinctive drop-off in Site Finder traffic.

Ben Edelman [harvard.edu]
Berkman Center for Internet & Society [harvard.edu]
Harvard Law School [harvard.edu]

Telenor (3, Interesting)

Anonymous Coward | more than 10 years ago | (#7154545)

I left a note for Norway's biggest ISP and phone company, Telenor [telenor.net] , with details of what had happened and a polite request that they undo it at their name servers. I was very pleased to see an email come in from the hostmaster himself, saying they were aware of the problem and that he would get back to me on it. A few days later (actually, this was after VeriSign had agreed to succumb to ICANN's demand) I got a new mail from him again, saying he had given the notice for the patches to be applied.

This is a company that isn't exactly the most liked in Norway, but I was very pleased with their handling of the problem and the responses.

And it shows that most admins are not willing to tolerate absurd changes like this.

You will stop the entire flow of the Internet (0)

Anonymous Coward | more than 10 years ago | (#7154554)

Hey guys,

quit trying to stifle innovation [slashdot.org] .

How I responded to it (3, Interesting)

Anonymous Coward | more than 10 years ago | (#7154660)

I don't work for an ISP but I do have about 1500 staff users, plus another 9-10 thousand K-12 students who use the network too. The day this happened, I added some IP-based blocks to our web proxies to deny all access to sitefinder, then made the deny info throw back something that essentially said "That domain does not exist. Check the spelling and try again". Then I filtered outgoing packets on the mail servers to prevent leakage there.

When the first BIND patch with delegation-only rolled out, that went on our resolvers and the real problem went away. Now the spammers couldn't make up arbitrary crap in .com and .net, and my old deny page was no longer necessary.

Anyone in the organization who heard about the fuss and tried to play with sitefinder had a window of about 12 hours before the changes took effect. Since then, it's been walled off.

Chances are, the bigger the organization is, the slower they move on changes like this. There's just too much bureaucracy to go through before you can do something like replacing your resolvers with new code.

Speakeasy (1)

Lost Race (681080) | more than 10 years ago | (#7154669)

As I posted earlier: [slashdot.org]
Speakeasy's name servers were returning NXDOMAIN instead of sitefinder by the 17th. Maybe earlier but that was when I first checked. No discussion announcement as far as I know, they just did the right thing quietly and with impressive alacrity.

China... (2, Insightful)

stuartkahler (569400) | more than 10 years ago | (#7154670)

China blocked the traffic at its backbone

China blocks everything outside of it unless it feels there is a good reason to let it's people access it. Having a site show up on it's block list doesn't really say much.

Article Text (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#7154672)

The Aftermath: How ISPs Responded to Site Finder Around the World

By Benjamin Edelman

During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals details and analysis, including specific networks disabling Site Finder during its operational period. For example, China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs seem to have been slower to act, in general -- but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23.

As part of its discussion, the analysis further reveals:

"We find evidence that at least a handful of networks have disabled Site Finder, but that at least some of these networks are extremely large (e.g. China). From the majority of these networks, Site Finder traffic has dropped off significantly since the introduction of the service -- supporting the inference that Site Finder was blocked on these networks sometime subsequent to the service's introduction (typically during the week of September 22). In addition, at a few large networks, Site Finder never reached significant traffic -- supporting the inference that the corresponding ISPs blocked the Site Finder service quickly.

Our analysis indicates that approximately 9% of Internet users at the time of the study did not receive Site Finder when they request a nonexistent .COM or .NET domain. More than half of this proportion results from China's apparent decision, effective beginning September 24-25, to block Site Finder, while the remainder reflects other network operators jointly. We reach these estimates using Alexa data as to web usage by network -- logs that tell us what proportion of web browsing (of sites generally) comes from which networks, allowing us to estimate the amount of web traffic likely to result from the networks we have identified. Of course, the accuracy of our ultimate estimate requires certain assumptions -- namely that Site Finder page request counts are proportional to ordinary web browsing traffic, and that Alexa users connect to the Internet via designated networks in proportion to the networks' overall web usage and user base.

We observe that the majority of networks blocking access to Site Finder are located outside the United States. To some extent this result may reflect greater centralized coordination of networks in certain countries, e.g. China, allowing faster or more successful response to network changes deemed undesirable. We note, however, that Site Finder is blocked by networks in countries with no special experience at Internet filtering (e.g. Greece, Korea, Russia). We also note that relatively more intense blocking of Site Finder outside the US is precisely as anticipated by two distinct sets of concerns:

1. That Site Finder pages are always presented in English (notwithstanding users' language preferences)

2. That Site Finder pages are larger than ordinary error messages and therefore slower and more costly to transmit.

Both these concerns disproportionately affect non-US users -- for whom English web pages are less likely to be useful than pages in native languages, and for whom data transfer cost and speed constraints may be particularly acute. Meanwhile, we consider equally noteworthy our finding that relatively few large US ISPs have made efforts to block Site Finder."

Good to see some internet "street justice" (1)

192939495969798999 (58312) | more than 10 years ago | (#7154686)

I am glad that people didn't just sit idly by and let this happen... if I misspell a web address, that doesn't mean i want to, care to, or will ever click on any ads.

Had to drop in new bind (1)

Greyfox (87712) | more than 10 years ago | (#7154760)

Had to locate and compile the new bind (By the way, has anyone ever been to www.issc.org? I didn't even know they had those!) And then configure it to drop the delegations. Took a bit over an hour (Mainly because of the issc.org thing.) Can I bill Verisign for my time?

Criminal Skills (5, Interesting)

g051051 (71145) | more than 10 years ago | (#7154836)

My company uses SmartFilter. One day, it started blocking access to Site Finder. The reason code it returned indicated that sitefinder.verisign.com had been classified as "Criminal Skills". That sure seems appropriate to me.

My personal solution was to add it to my junkbuster config, so it would never show, and never register as a hit on their web page.

Adelphia (2, Informative)

brokencomputer (695672) | more than 10 years ago | (#7154953)

Adelphia did block the service, meaning the site would not load when bonus addresses were entered into the browser, but when pinging bogus internet addresses, A pong came back from the numerical IP of the sitefinder. When going to sitefinder.verisign.com, it was not blocked.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?