Bill Stewart wrote:
When Verisign hijacked the wildcard DNS space for .com/.net, they
encoded the Evil Bit in the response by putting Sitefinder's IP
address as the IP address. In theory you could interpret that as
damage and route around it, or at least build ACLs to block any
traffic to that IP address except for TCP/80 and TCP/UDP/53. But if
random ISPs are going to do that at random locations in their IP
address space, and possibly serve their advertising from servers that
also have useful information, it's really difficult to block.
Does anybody know _which_ protocols Verizon's web-hijacker servers are
supporting? Do they at least reject ports 443, 22, 23, etc.?
In contrast, Microsoft's IE browser responds to DNS no-domain
responses by pointing to a search engine, and I think the last time I
used IE it let you pick your own search engine or turn it off if you
didn't like MS's default. That's reasonable behaviour for an
application, though it's a bit obsequious for my taste.
Hmmm. When using IE 7 on Windows Vista out of the box, and I give it
a non-existent domain, it prompts me to connect to a network (even if
I'm already connected to one). It also puts the browser in "work
offline" mode. (Very annoying.) I've never been pointed to a search
engine or prompted to select one. Perhaps this is something that is
controlled by the machine's initial setup.