1 VeriSign Site Finder Scott Hollenbeck SECSAC Open Meeting 7 October 2003.

Slides:



Advertisements
Similar presentations
Naming: The Domain Name System Nick Feamster CS 4251 Fall 2008.
Advertisements

ICANN Security and Stability Advisory Committee ICANN Meetings Carthage October 30, 2003.
The Wild Card Incident of 9/15/2003 Steve Crocker Chair Security and Stability Advisory Committee.
Observed Workarounds …to synthetic data returned for uninstantiated names in.COM/.NET Paul Vixie Internet Software Consortium.
Usage Statistics in Context: related standards and tools Oliver Pesch Chief Strategist, E-Resources EBSCO Information Services Usage Statistics and Publishers:
Downloading and Document Delivery Accessing and using resources.
1 NatQuery 3/05 An End-User Perspective On Using NatQuery To Extract Data From ADABAS Presented by Treehouse Software, Inc.
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Internet Basics The Internet Is… – a network of networks – a community of people, businesses, schools and organizations – , web pages, databases,
Reinventing using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)
Needles in a Haystack Harnessing the SharePoint Search Engine Presenter: Ivan Wilson – SharePoint Gurus.
Domain Name System (DNS) Adapted from a presentation by Ayitey Bulley DNS Fundamentals.
Working with the Internet
© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Introduction.
HEAT Web User Interface
Introduction to Computing Using Python CSC Winter 2013 Week 8: WWW and Search  World Wide Web  Python Modules for WWW  Web Crawling  Thursday:
SSL Implementation Guide Onno W. Purbo
Communicating Information: Web Design. It’s a big net HTTP FTP TCP/IP SMTP protocols The Internet The Internet is a network of networks… It connects millions.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
UserSupport Help Desk System at CCIN2P3 Jean-René Rouet IN2P3 Computing Center
Resources. Overview Problem Report WebCT Faculty & Student Support Searching.
Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.
Internet Basics.
Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Name Resolution Domain Name System.
Chapter 9 - Applications We will look at three main applications DNS (name services) SMTP ( ) HTTP (World Wide Web) Our main focus will be on DNS.
Hypersend Sending patient data the secure way … Chetan Wasekar University of Missouri.
Intro to Google Apps B3: Working in Google Drive.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 17 Domain Name System (DNS)
Internet Technology I د. محمد البرواني. Project Number 3 Computer crimes in the cybernet Computer crimes in the cybernet Privacy in the cybernet Privacy.
Internet Overview Part II Mrs. Wilson Internet Basics & WAY Beyond!
HOW ACCESS TO WWW Student Name : Hussein Alkhaldi.
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
What DNS is Not 0 Kylie Brown, Jordan Eberst, Danielle Franz Drew Hanson, Dennis Kilgore, Charles Newton, Lindsay Romano, Lisa Soros 0 Paul Vixie
PACKET ANALYSIS WITH WIRESHARK DHCP, DNS, HTTP Chanhyun park.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Prohibiting Redirection & Synthesized DNS Responses in Top Level Domains Mar 2010 Kuala Lumpur APTLD Meeting.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Text #ICANN51. Text #ICANN51 Potential GNSO Policy Work on gTLD Name Collision Mitigation 12 October 2014 Francisco Arias Director, Technical Services.
Internet and WWW. Internet A way to send an array of bytes from any machine to any other machine Internet.
Internet Overview Data Service Center What is the Internet? F A network of networks connecting computers/people around the world allowing them to share.
Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.
Copyright © 2013 Curt Hill SOAP Protocol for exchanging data and Enabling Web Services.
Presented by Rebecca Meinhold But How Does the Internet Work?
Registration Services Mark Kosters 10 November 1998.
AN OVERVIEW Rocky K. C. Chang13 Sept The web 2.
4343 X2 – Outline The Domain Name System The Web.
Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
AfNOG-2003 Domain Name System (DNS) Ayitey Bulley
1. Internet hosts:  IP address (32 bit) - used for addressing datagrams  “name”, e.g., ww.yahoo.com - used by humans DNS: provides translation between.
COMP 431 Internet Services & Protocols
Michigan.gov Portal II Design Changes Thursday, March 4, 2004.
DNS Removals - Changing a TLD server‘s address - Peter Koch OARC DNS Operational Meeting Ottawa, 25-SEP-2008.
The Internet What is the Internet? The Internet is a lot of computers over the whole world connected together so that they can share information. It.
4343 X2 – The Application Layer Tanenbaum Chapter 7.
1 Upgrades Option Selection Audience: All Audiences. Module Scope: This process shows the upgrade selection option for entitled or paid upgrades at the.
Web Cache. What is Cache? Cache is the storing of data temporarily to improve performance. Cache exist in a variety of areas such as your CPU, Hard Disk.
1 Lecture A.3: DNS Security r Domain Name Service r Security Problems in DNS.
Owen McShane Northgrid systems manager Christmas talk Dec 2006.
Images were sourced from the following web sites: Slide 2:commons.wikimedia.org/wiki/File:BorromeanRing...commons.wikimedia.org/wiki/File:BorromeanRing...
Sapphire Incident with Roots and VeriSign GTLDs
LINUX ADMINISTRATION 1
Introducing the World Wide Web
Some Common Terms The Internet is a network of computers spanning the globe. It is also called the World Wide Web. World Wide Web It is a collection of.
PHP Washlaundry Clone Script Pickmylaundry Clone Script Laundryheap Clone Script PHP Readymade Laundry Clone Script.
Web Statistics Statistics collected from
INTERNET APPLICATIONS
Presentation transcript:

1 VeriSign Site Finder Scott Hollenbeck SECSAC Open Meeting 7 October 2003

2Overview What is VeriSign Site Finder? Site Finder Implementation Technical Questions Raised DNS Wildcard Guidelines Questions?

3 What is VeriSign Site Finder Uses DNS wildcard A record in the.com and.net zones (specifics on next slide) Provides web search assistance –Attempts to match a requested web site with a known web site –Offers other search alternatives Provides other protocol-defined responses Web and mail examples: – –

4 What is Site Finder? DNS Perspective Before Site Finder > bookstoore.com. ; > DiG 8.1 bookstoore.com. ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; bookstoore.com, type = A, class = IN ;; AUTHORITY SECTION: // More dig output... After Site Finder > bookstoore.com. ; > DiG 8.1 bookstoore.com. ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13 ;; QUERY SECTION: ;; bookstoore.com, type = A, class = IN ;; ANSWER SECTION: bookstoore.com. 15M IN A // More dig output...

5 Site Finder Implementation Service is based on considered analysis of requests –Provides web search assistance –Provides other protocol-defined responses Details described in a public white paper – Extensive testing prior to launch Formation of Technical Review Panel – Ongoing monitoring program

6 Site Finder Protocol Connection Statistics 85%+ of all connection attempts are for HTTP or SMTP TCP reset returned for other TCP protocols ICMP port unreachable returned for UDP protocols Many different protocols make up the remaining 2.51%

7 Technical Questions Raised VeriSign is listening to the issues raised by the technical community –IAB commentary –SECSAC message –Technical discussion venues –Input to VeriSign support lines VeriSign is maintaining and updating a technical FAQ – VeriSign has prepared an extensive response to the issues raised by the IAB and SECSAC – Will speak to a few of those issues today

8 Improved stub mail server to bounce messages using a non-existent domain in the recipient address Considering a wildcard MX record to provide a name error response instead of Site Finder address –SMTP server can be eliminated if this works well

9Spam Dead RBLs –Dorkslayers.com – issue was resolved on 16 September Forward DNS lookup of sender domain –Many spam services have given up on this technique – spammers have moved on –Our empirical analysis shows this technique catches 3% of spam. We are looking for more empirically-based statistics

10Misconfigurations Misconfiguring software with a non-existent domain name –Used to return RCODE=3, which would provoke some terminal failure in whatever program Not if the misconfiguration used a wrong, but existing domain or the non-existent domain was later registered –Its hard to size this issue definitively MX misconfiguration is very rare in practice Of more than 20 million MX records for.com and.net, less than one tenth of one percent of these records (only 0.077% to be precise) are misconfigured

11Privacy Privacy –Not collecting or retaining data per these statements Single point of failure, attack –VeriSign has a proven track record for providing reliable, high-volume services VeriSign has operated the.com and.net name servers with 100% uptime over the past six years –VeriSign performs regular daily monitoring –Service outage produces timeout or other error message

12 Anything else? Will be happy to take questions at end Questions also answered via

13 Moving forward: DNS Wildcard Guidelines Wildcards exist in TLD zones, and we believe it is appropriate to document good technical practice Deployed or tested prior to Site Finder:.biz,.bz,.cc,.cn,.cx,.mp,.museum,.nu,.ph,.pw,.pd,.tk,.tv,.tw,.us,.va,.ws Public draft guidelines now available – –Guidelines describe strategies derived from extensive analysis –Incorporate ideas gleaned from comments received over the last year IAB, CENTR, public input –Further work anticipated; comments welcome Consistent behavior would be a Good Thing

14Questions? follow-up

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.