The Net

Articles about the Internet and the Web.

Restrain Verisign


I wrote previously how Verisign broke the Internet by boinking up the Domain Name System (DNS). The move has been met by universal opposition. ICANN, the organization that oversees the Internet DNS, has asked them to stop. The Internet Architecture Board has published a detailed technical analysis of the problems created by this. The Internet Software Consortium, which publishes the software that operates a significant portion of the DNS, has issued a patch that filters out the Verisign corruption.

NAT Breaks the Net


I'm currently sitting on the back porch of the Bouldin Creek Coffee House (motto: South Austin-style service without the sense of urgency), catching up on some email and work. Using the ssh secure protocol I can tunnel back to the network in my apartment and work as if I was sitting right there in my skivvies and bunny slippers.

Well, almost.

Earthlink to Verisign: Piss Off


It's been 48 hours since Verisign broke the Internet, and only a day since ISC released a workaround. The next step is to see whether the major providers deploy a workaround for the Verisign corruption. In particular, I'm curious what AOL, MSN, and Earthlink choose to do.

It turns out Earthlink may have acted already. I have their cable Internet service at home. If I try to look up a bogus domain, I get an error rather than the address of the Site Finder service.

    $ host
    Host not found: 2(SERVFAIL)

If the Verisign corruption was being passed through, I'd expect to see an answer that said: has address

There are two perplexing parts to this, however. First, the error returned is unexpected: SERVFAIL rather than NXDOMAIN. Second, Earthlink is running BIND 8.2.3-REL, and I'm not aware of patches being available for this version.

I'm a little confounded by the results. Maybe some DNS guru can explain what I'm seeing.

Verisign Greed Breaks the Internet

Link: Verisign redirects error pages.

Verisign, the operator of the largest databases for Internet domains, has taken greed to a new level. This week, they implemented a new service to squat on domain typos, and cavalierly broke major Internet functions in the process. Their service, called Site Finder, redirects web queries for non-existent domains to a web site they manage. They will be able to make money by showing you advertising when you make an error typing in a URL. The change, however, creates signficant havoc.

I've estimated my spam load will go up about 6.25% because of Verisign greed. Spammers can get into trouble if they forge a return address using a valid domain. So spammers often use an invalid domain in their return address. That's good news, because bogus domains are easily recognized and mail from them can be bounced as spam.

Verisign broke that. Now, when the mail server checks on a bogus domain, it no longer gets a "no such domain" response. Instead, the mail server gets a response saying the domain is valid, and it points to a Verisign mail server. This means the checks for forged domains no longer work, and all that spam that used to be bounced out of hand will now be accepted.

The Verisign change is going to create confusion for my users. Before, if they made a typo in a the domain part of an email address, my mail server would intercept it and return an error. Now, the message is going to be passed along to a Verisign mail server, which is going to cause a misleading error. The user is going to be told the user does not exist, rather than the domain is invalid.

Verisign has shown continued arrogance and hubris in their management of the Domain Name System. Unfortunately, the organizations that oversee them have been ineffectual in their management. This time, however, they may have pushed too far. The Internet Software Consortium which writes the software that runs most of the DNS, is preparing a new version that will filter out the bogus Verisign responses. I expect this will be deployed quickly, so that network operators can route around the damage created by Verisign.

Top Sobig Morons: Pace Enterprises


I previously ranted about moronware virus scanners. Now I shall rant about the morons who run them.

I thought I'd look at some of the Sobig.F bounce messages I'm getting and pick out the stupidest of the bunch. The current leader is Pace Enterprises, with this entry.

Why was Pace Enterprises selected for top moronicity? Let me count the ways.

  • First, spamming people with these useless reports qualifies one for instant moronhood. Pace Enterprises to the clue phone: I did not email you this worm.
  • Next, whoever setup the Pace Enterprises mail system misconfigured it, so it is identifying itself with an illegal Internet hostname (phoenix.paceent instead of, what I suspect should be,
  • Moreover, the moronware that Pace Enterprises uses generates illegal mail headers. If you look at the From: and Sender: fields of their report, you'll note my mail server added its own name. It needed to do that to correct protocol violations in what they sent.
  • Finally, and here is the clincher, they add a message to their moronware notice that says (with clueless AOL luser all-caps formatting preserved):

The "we will be forced to block" an innocent bystander threat is precious. In fact, I wish they would--provided they also block me from receiving mail from their misconfigured, moronware virus scanner.

Continuing Adventures in the Land of Software Morons


I'm not seeing so much of the Sobig.F worm. What I am seeing, however, is dozens and dozens of reports generated by virus scanners written by morons.

Most every email worm transmits itself using forged sender information. If a virus scanner catches the message and tries to mail back a report, it almost certainly is going to hit the mailbox of an innocent victim, not the true sender. When you combine a particularly virulent worm (like Sobig.F) and a particularly well-distributed email address (like mine) you end up with a mailbox full of useless moronware reports.

For the record, the ideal way to handle this is to scan the email during SMTP delivery, and don't accept the message until the scan completes. That way you don't ever have to generate a bounce message.

For poorly designed software that does not run at delivery time, the next best thing is to discard the contaminated message and generate a report to the recipient, letting them know of the action.

Could everybody out there please check the configuration of your virus scaner and disable sending bounce notices? I thank you, and my "D" key thanks you. Hits a Sour Note


This was supposed to be a glowing review of a wonderful music download service. That was a great plan, until I actually tried to use it. I had high hopes for Instead, I ended up canceling my trial subscription.

Just Ignore the GWF


I was reading a mailing list yesterday, where ISP abuse desk personnel were complaining about the morons who run crummy firewall software on their home computers and call support with complaints like, "I'm being hacked from"

These people need to have their Internet driver's license taken away from them. is a special address reserved for your own damn computer. Such complaints, though common, indicate you've got the software locked down too tight and misconfigured to boot.

Apparently, standard procedure is to just close the trouble tickets for these sorts of incidents, marking them "GWF." That stands for goober with firewall. I think it's a great term, but I'll never again be able to read personal ads in the same way.

Cyveillance Dirty Tricks


Has your web site been visited by Cyveillance recently? It's quite possible, but you probably wouldn't know it. Cyveillance crawls the net spying on web sites. If you say something they don't like about one of their clients, they'll tattle on you.

Cyveillance uses a couple of dirty tricks when they crawl the web. First, they ignore the robot exclusion protocol. This standard allows you to specify portions of a web site that are off limits to robots and other automatic agents. Cyveillance fails to honor the exclusions you may have declared for your web site. They crawl places that 'bots are not supposed to go, in spite of your explicit instructions not to do so.

This can be a problem for web sites that present deep, dynamic content. For example, I have a spam robot trap on my web site. When a 'bot crawling for email addresses to spam hits that page, the trap is sprung. If the 'bot moves beyond that page, it ends up in a never-ending maze of bogus, generated email addresses. The trap keeps the 'bot tied up, and it fills its database with bogus data.

I don't want to trap well behaved 'bots, such as those used by Google to spider web pages. Therefore, I post an exclusion for this area. This protects the well-behaved 'bot from garbage data, and it protects my website from unnecessary load.

Cyveillance ignores these instructions. Their 'bot gets caught in the trap, crawling places I'm specifically trying to keep 'bots away from.

Another problem with the way Cyveillance crawls is that they provide fradulent header information in the HTTP request. Rather than admitting they are a spy 'bot, they pretend they are a web surfer running Microsoft Internet Explorer. When they submit a request to a web site, they declare:

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

For comparison, when Google crawls a web site, they declare:

User-Agent: Googlebot/2.1 (+

You could try to keep Cyveillance out of your web site by blocking their network. The problem is that if enough people do this, they may try to hide their origin to get around the blocks. That would be a pretty sleazy thing to do, but no more sleazy than what they do already.

Desolate Landscape

Happy broadband to me!

It was over a year ago that I lost my broadband Internet connection. The cost of a business-class service became beyond my budget. Plus, my old ISP initiated a novel business strategy: let's act like a bunch of morons and chase off our customers. The parent company eventually crashed into bankruptcy, which I assume was the desired result of their "act like morons" business strategy.

Since then, I've been running across a 56K dialup modem attached to my router. It was serviceable, because I moved the servers out of the apartment and into a downtown data center. But, still, it sucks.

This morning, my cable Internet service was turned up. First thing I did was download a badly needed bunch of operating system upgrades. Next thing I did was point my browser to Shoutcast to tune into some of those delicious music streams I so badly missed. I was aghast to find I'd stepped into the middle of an empty ghost town.

It seems in the interim, the big Internet content providers succeeded in killing off the burgeoning Internet radio movement. Very few of the stations have survived. My favorite station had to abandon the open MP3 streaming format for a lower fidelity, proprietary system. I don't have a problem paying a subscription fee, but no way am I going to pay for a non-portable, proprietary format stream.

Why is it that whenever the big content providers get involved, it all goes to shit?

Syndicate content