Slashdot Mirror
Study Reveals How ISPs Responded to SiteFinder
penciling_in writes "During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals the details and analysis, including specific networks disabling Site Finder during its operational period. For example, the study reports China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs have been slower to act, but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23." That link is a summary; or cut straight to the study itself.
I for one welcome our SiteFinding overlords.
CMDRTACO CHECK YOUR EMAIL!
here
I have over 70 freaks, do you?
My karma is getting terrible lately, and I don't understand why. It seems even my most challenging and witty comments get modded down.
So God, if you're up there, please let me have FP. It's the only thing I have left. PLEASE!
(-1, Raw and Uncut is the only way to read)
My diaper is full of feces! Will someone please change my dirty diaper?
IMO, that's equivalent to spam-blocking -- something most ISP's at least try to accomplish.
MakePassword.com Mp3 Blog
I can't believe how blatantly they would push to forward their own interest.
I guess my provider didn't use verisign in the first place? We are an Educational Institution though, so that could be the reason.
They who would give up an essential liberty for temporary security, deserve neither liberty nor security
The markets reacted as expected. I'm breathless.
Healthcare article at Kuro5hin
I wonder how many other small-network admins did... I guess they're harder to sample though.
what are the chances - using the search page that comes up at the verisign site to search for "register" we find at the top of the
list a link to networksolutions.com (a verisign company). we also note that searching for the same word at google does not result in that site being present in at least the first four pages of results.
yeah - thats a real useful search tool verisign has there - thanks so much.
while I'm not a general fan of censorship, I don't see this as censorship. This was simply sitefinder's overlords abusing their position. Freedom of speech does not mean that you're free to make everyone listen. Same goes for network traffic. This is no different from me adding doubleclick.net in my /etc/hosts pointing to 127.0.0.1 in that I don't want to hear what they have to say, same goes for sitefinder.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
To goatseeeeeeeecx???
was just to firewall off sitefinder. At least non-http connections dropped immediately (with a couldn't connect message), rather than waiting for them to time out.
I use Macs to up my productivity, so up yours Microsoft!
Most major ISPs and institutions successfully blocked a "service" which only resulted in widespread disruption in the way the Internet works. It didn't necessarily stay blocked, as in the case of Adelphia, but it was blocked rather quickly. I like the graphs showing SiteFinder traffic; they're very easy to read and they show the drops quite clearly.
Looking through the study, I found something interesting: most of the blockages of SiteFinder were outside the U.S. Interesting.....
SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
US ISP Adelphia disabled the service September 20-22
No, they did not, at least not nationwide. I was checking it literally everyday. It kept screwing with my DNS requests. Unless they mean those 4 hours I was offline on the 22nd, they did not disable sitefinder on my dns servers.
As of 10/06/03, I hate COBOL developers.
I know the biggest Danish ISP (TDC) blocked it pretty quickly. TDC have >80% of all DSL connections in DK.
I HATED THAT FUCKING THING. ANYTIME I MISTYPED A FUCKING URL, UP COMES THE GODDAMN SITEFINDER SHIZNIT TO FUCKING HELP ME FIND MY FUCKING WAY. I DON'T NEED THEIR HELP.
THOSE MOTHERFUCKERS NEED TO STAY THE FUCK OUT OF MY GODDAMN WAY. THE INTERNET IS FREE, LET'S KEEP IT THAT WAY, BROTHERS. FUCK VERISIGN.
Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal. Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) If you want replies to your comments sent to you, consider logging in or creating an account. Problems regarding accounts or comment posting should be sent to CowboyNeal.
I would like to conclude by converying that my disposeable "Huggies 6" diaper is now filled with urine also. I hope someone changes me.
I just heard some sad news on talk radio, the incompetent Lt Gov of California Cruz Bustamonde 54 was found dead in his East LA home. The cause of death was from a ruptured rectum from a greased up YODA doll. Even if you did not admire his work, their is no denying his contributions to the Mexican KKK. Truly a Chicano icon!
My 404 page redirects people to www.mavisbeacon.com if they mistype a URL.
Please read my Canon EOS tech blog at http://www.everyothershot.com
There's a company that's trying to help out (L)users! Oh no! Stop them!
I don't get the big deal with this. OK, Verisign isn't the best company on the planet (I can think of one Utah based one that's much worse, and don't get me started on Redmond...), but this is insane.
OK, so maybe they're taking a bit of traffic away from Google or someone like that. Big deal. They setup a "search engine" for people to use. People that are not like use geeks here (we know what a 404 means when we see it). I mean the other users.
Whatever.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
it is really revolting, why would someone do this to themselves?
2. That Site Finder pages are larger than ordinary error messages and therefore slower and more costly to transmit. "Cannot find server or DNS Error" is not a page that a server sends back since there is no server in the loop. Its clientside generated page.
Have you ever been to a turkish prison?
I just heard some sad news on talk radio, the incompetent Lt Gov of California Cruz Bustamonde 54 was found dead in his East LA home. Even if you did not admire his total stupidity and lack of morals, their is no denying his contributions to hardcore gangsta Mexican rap. Truly a Mexican-American icon!
Sitefinder did not seem to redirect images. I was trying to debug an image server I set up and keep getting a 404 when trying to load a test image. After spending about an hour looking at httpd.conf, I realized that I had mistyped the url. The 404s were coming from sitefinder. My server was set up correctly from the very start.
I just heard some sad news on talk radio. The Verisign SiteFinder service was found dead this morning in its 64.94.110.11 IP home. The cause of death was from an ICANN beatdown. Even if you did not admire its work, there is no denying its contributions to the speed and ease of use of the Internet. Truly an Internet icon.
ewwwwwwww you are right the fecal matter in your diapers really does smell
Sorry, I saw the subject and started laughing.
We already had enough problems as it is with spam and hacker-wannabe scriptkiddies.. and we were shoved with Veriscum's new invention.
Now that it is gone, lets hope it stays there. There is no reason to violate the RFCs as they did here.
!@#$% whole-grain cereal. When I want fiber, I eat some wicker furniture. - G. Carlin
It breaks infrastructure solutions that people have been using for years and work very well. That is reason enough for it to die, all other considerations aside.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
the problem here is the idea of a shared public asset in ".com" with VeriSign as the maintainer. This is a broken idea from the start. Instead there should be ".vs" for VeriSign and ".gd" for GoDaddy. Then it is clear that these companies wholly own these root domains and they can do anything they want with them.
--Brian
As far as I know, Alexa doesn't monitor for 'dns lookup failures.' If that's the case then I think this number is way off. About the 22nd or so a lot of people were deploying BIND patches to block this nonsense, and I'm not sure Alexa is registering that. I think their numbers reflect only the ISPs which actually null-routed the sitefinder IP, not ISPs that patched their nameservers.
Correct me if I'm wrong, though.
you can take the road that takes you to the stars...
What should I do about it? My boss with the boobs (Bryanna) has called me into her office in less than five minutes. If I walk in there with this tent pole I don't know what's going to happen! It doesn't help that I'm hung like a hoarse. I've tried several approaches in the past but they've all failed. Whenever I beat off in my cubicle someone almost always finds out. One more time and I'm out the door. I've also tried beating it down with a hammer, but all that does is make it harder and even more blue than usual. But I can't help it. Just the presence of Bryanna in this office makes me horny and I haven't "gotten any" in about 7 yeras. And even that time was with my pet dog Rover. So I don't know what to do. I'm sure you've all been in the same predicament. What do you do to resolve it?
This is a company that isn't exactly the most liked in Norway, but I was very pleased with their handling of the problem and the responses.
And it shows that most admins are not willing to tolerate absurd changes like this.
quit trying to stifle innovation.
People are still getting a "domain not found" error. They still know that the site they entered doesn't exist. While it may be very unfair business practice for Verisign to do this, we didn't see any reason to disable it. The bandwidth required is quite small and we had more pressing things to deal with.
I'm very glad to see it gone (for now), but SiteFinder was more hype than it was trouble.
-a
You could be my incontinent Tarzan. I will be your hairy ape...
Belgium! (European readers may be excused for not getting the joke...)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The study was trying it's best to explain why networks outside the US were blocking.
I think the argument that it brings up an English page only is reason enough to implement such a block, an insult added to injury of VeriSign abusing it's position.
Bandwidth may have been a factor too, but for a different reason: a negative response is preferable to a positive response because you have the same number of DNS packets either way, but the nasty part is the browser goes ahead and opens subsequently two HTTP connections (one for a location redirect, and one for the sitefinder page) into the US, which could be slower than the DNS error message timeout across a latent or slow link.
The guys in the study were parroting the 404 argument (without saying it explicitly), which is untrue. But they've got the right idea.
I was thinking about how the study could be improved, and I started wondering if there's some other way besides Alexa to get relevant data to analyze. It seemed a little sparse, which they acknowledged. Some ideas:
Perhaps google might be nice enough to provide sample data mined from google toolbar, which I think more people would voluntarily install than Alexa.
Or here's idea: contact owners of websites that are commonly accessed by name (slashdot, cnn, localized googles, weblogs, forums, etc.) and kindly request access_log data filtered by referer coming FROM sitefinder, along with requesting IP.
This way, you get inferential proof of when certain IP addresses hit sitefinder accidentally (and how they mispelled the site name), compatible with all but the most paranoid of webbrowser settings. I wonder if site destination correlates with number of sitefinder redirects vs. total traffic. (For example, slashdot might be quite low due to informed users taking local control of their machines via host files, etc.. while many CNN visitors are at the mercy of their ISP)
Fuck Beta. Fuck Dice
I don't work for an ISP but I do have about 1500 staff users, plus another 9-10 thousand K-12 students who use the network too. The day this happened, I added some IP-based blocks to our web proxies to deny all access to sitefinder, then made the deny info throw back something that essentially said "That domain does not exist. Check the spelling and try again". Then I filtered outgoing packets on the mail servers to prevent leakage there.
.com and .net, and my old deny page was no longer necessary.
When the first BIND patch with delegation-only rolled out, that went on our resolvers and the real problem went away. Now the spammers couldn't make up arbitrary crap in
Anyone in the organization who heard about the fuss and tried to play with sitefinder had a window of about 12 hours before the changes took effect. Since then, it's been walled off.
Chances are, the bigger the organization is, the slower they move on changes like this. There's just too much bureaucracy to go through before you can do something like replacing your resolvers with new code.
China blocked the traffic at its backbone
China blocks everything outside of it unless it feels there is a good reason to let it's people access it. Having a site show up on it's block list doesn't really say much.
The Aftermath: How ISPs Responded to Site Finder Around the World
.COM or .NET domain. More than half of this proportion results from China's apparent decision, effective beginning September 24-25, to block Site Finder, while the remainder reflects other network operators jointly. We reach these estimates using Alexa data as to web usage by network -- logs that tell us what proportion of web browsing (of sites generally) comes from which networks, allowing us to estimate the amount of web traffic likely to result from the networks we have identified. Of course, the accuracy of our ultimate estimate requires certain assumptions -- namely that Site Finder page request counts are proportional to ordinary web browsing traffic, and that Alexa users connect to the Internet via designated networks in proportion to the networks' overall web usage and user base.
By Benjamin Edelman
During the 2+ weeks for which Site Finder was operational, a number of ISPs took steps to disable the service. A study just released reveals details and analysis, including specific networks disabling Site Finder during its operational period. For example, China blocked the traffic at its backbone, and Taiwan's Chunghwa Telecom and Korea's DACOM also disabled the service. US ISPs seem to have been slower to act, in general -- but US ISP Adelphia disabled the service September 20-22 before re-enabling it on September 23.
As part of its discussion, the analysis further reveals:
"We find evidence that at least a handful of networks have disabled Site Finder, but that at least some of these networks are extremely large (e.g. China). From the majority of these networks, Site Finder traffic has dropped off significantly since the introduction of the service -- supporting the inference that Site Finder was blocked on these networks sometime subsequent to the service's introduction (typically during the week of September 22). In addition, at a few large networks, Site Finder never reached significant traffic -- supporting the inference that the corresponding ISPs blocked the Site Finder service quickly.
Our analysis indicates that approximately 9% of Internet users at the time of the study did not receive Site Finder when they request a nonexistent
We observe that the majority of networks blocking access to Site Finder are located outside the United States. To some extent this result may reflect greater centralized coordination of networks in certain countries, e.g. China, allowing faster or more successful response to network changes deemed undesirable. We note, however, that Site Finder is blocked by networks in countries with no special experience at Internet filtering (e.g. Greece, Korea, Russia). We also note that relatively more intense blocking of Site Finder outside the US is precisely as anticipated by two distinct sets of concerns:
1. That Site Finder pages are always presented in English (notwithstanding users' language preferences)
2. That Site Finder pages are larger than ordinary error messages and therefore slower and more costly to transmit.
Both these concerns disproportionately affect non-US users -- for whom English web pages are less likely to be useful than pages in native languages, and for whom data transfer cost and speed constraints may be particularly acute. Meanwhile, we consider equally noteworthy our finding that relatively few large US ISPs have made efforts to block Site Finder."
I am glad that people didn't just sit idly by and let this happen... if I misspell a web address, that doesn't mean i want to, care to, or will ever click on any ads.
stuff |
In general, we look for a drop-off in Site Finder page views. So if Site Finder page views were high from a given ISP, then dropped off dramatically and suddenly, we notice this and classify the ISP as blocking Site Finder as of the corresponding date. It doesn't matter whether Alexa's other log data shows the dns-lookup-failure'd domains as msn logs, as dns lookup failures, as something else, or as nothing at all (so long as they don't show them as Site Finder, which they definitely would not) -- we'd still see the distinctive drop-off in Site Finder traffic.
Ben Edelman
Berkman Center for Internet & Society
Harvard Law School
You could try to stop posting to Slashdot.
Had to locate and compile the new bind (By the way, has anyone ever been to www.issc.org? I didn't even know they had those!) And then configure it to drop the delegations. Took a bit over an hour (Mainly because of the issc.org thing.) Can I bill Verisign for my time?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Copied from here
n dex.html?sl=060104
But there is(was) a solution, perhaps mail servers should check to see if the sender domain for a particular piece of email resolves to the Ip above.If it does, forward the email toVerisign, any of the email addresses on this page should do :
http://www.verisign.com/corporate/about/contact/i
If the email sender domain resolves to the bogus Verisign wildcard entry, then its only fair that the email gets forwarded back to them, as it?s obviously spam and it resolves to their address.
Just in case Verisign turns it back on, be ready.
I mean, what's the point of living...if you don't have a dick?
Hell freezes over...
We're like rats, in some experiment! -- George Costanza
http://www.root-servers.org/
It isn't like they were blocking it because the sitefinder page contained naughty words. They were censoring it because the damn service broke the Internet.
If I live next to a busy highway and decide to shine a mega-bright spotlight into oncoming traffic, that would completely mess up traffic and possibly kill a few people. If the cops come in and "censor" my spotlight, that's a good thing, right?
Censorship is removing objectionable, or unsuitable content. Preventing someone from shouting "Fire!" in a crowded theatre isn't censorship because it isn't that the words are objectionable, it's that the result of shouting them will cause chaos and damage. Likewise, Verisign's wildcard caused damage and so it was blocked.
My company uses SmartFilter. One day, it started blocking access to Site Finder. The reason code it returned indicated that sitefinder.verisign.com had been classified as "Criminal Skills". That sure seems appropriate to me.
My personal solution was to add it to my junkbuster config, so it would never show, and never register as a hit on their web page.
And how would this help me? I'd still have a hard on like an iron pipe even if I didn't post to Slashdot. What do YOU do to get rid of annoying hard ons?
Anyone notice that while the sitefinder service was up, typos were beginning to get into the browser history since they didn't error out? And the next time you wanted to goto the same site, autocomplete would pick up the typo instead.
*mumble*
I'm just glad that was the worst that happened to me before this "service" got blocked here. I feel for the grandparent.
Adelphia did block the service, meaning the site would not load when bonus addresses were entered into the browser, but when pinging bogus internet addresses, A pong came back from the numerical IP of the sitefinder. When going to sitefinder.verisign.com, it was not blocked.
The Television Wiki
... no-one knows you're a lamb.
I pay Verisign to register a .com domain. Sitefinder comes along and points people trying to find my domain to a variety of businesses, some of which are my competitors. I don't have access to their rankings, so I can't redirect people unless I buy the potential misspelled sites from Verisign; otherwise, they have effectively built a bypass around my domain (which I paid them for). Verisign took money from domain holders and then devalued what it sold for its own benefit. As a bonus, the means it used to devalue their property it also didn't own - the unregistered domain names are community property. Essentially, it charged domain holders for advertising, then put up signs on public property advertising competitors.
Had Verisign wanted to help users, it could have done so in other ways, some of which would not have broken a working RFC standard or the servers of lots of people. In addition, as stated in previous threads, the searcher is not even as good as Microsoft's similar feature; thus Verisign's "help" is worse than that most users were already receiving. That seems to indicate that help for users was not a priority for SiteFinder - rather the opportunity for free advertising (and the lack of tangible worth of the trust they violated) led Verisign to conclude that this was a good idea.
yes, that is what irritated me about it. By changing the failure modes of all existing network applications (Unknown Host -> ConnectionTimedOut) && (404 -> 200 + text/html + search), they went and made everyone's support costs worse. It is harder to track down problems, therefore more expensive.
Also they will have lit up the eyes on all the accountants of the big ISPs, who probably think "we should do that" -how long before earthlink and MSN copy? They would be able to do that -its their servers- but it would be a major inconsistency across the 'net. That would make support calls significantly harder to deal with...
Instead of an unknown host error, you get a 302 + text/html redirect that leads to a 200 + text/html page.
.net). Either way, the errors were not at all intuitive.
This plays havoc with Web Services, that expect 200+text/xml on a successful response. The SOAP Stacks either died on the 302 error code (Apache Axis), or the HTML body (MS
So, let me rephrase:
A number of ISPs took steps to disable the disservice.
or
A number of ISPs took steps to re-enable the service (of returning NXDOMAIN if the domain does not exist).
are listed on the sitefinder page. Presumably, the user would click the appropriate link rather than manually type the correct URL, unless they were trying to not feed Overture.
Fuck Beta. Fuck Dice
Like I said, we're a really small ISP, but it appears we caught 281 typo's (excluding anything that was referred from Slashdot).
It's pretty amazing to look at the common sites that folks typo.
If SiteFinder is restored, I wonder how long it will take before it's DDOSed out of existence.
Please join VeriSign for a one-hour, informative Web seminar -- "Internet Security Intelligence Briefing--Evolving Trends in Internet Usage" on Tuesday, October 14, 2003, 11 AM PT, 1 PM CT, 2 PM ET.
I couldn't stop laughing for ages!
Comment removed based on user account deletion
Don't know if Comcast (my ISP) ended up disabling it or not, nor do I know if my local mom'n'pop did, but I know I had it disabled within hours of hearing about it. Simple routing table rules in MacOSX and Linux, and an easy hostfile line for everything else took care of it. Glad to see it come down so soon after inception though.
The probability that someone is watching you is directly proportional to the stupidity of your actions.
A basic discussion of the situation: Site Finder allegedly creates technical problems with Internet protocols VeriSign Inc.'s Site Finder service has caused problems with the way some e-mail and other Web applications function and collected more information about Web surfers than some other services designed to redirect mistyped URLs (uniform resource locators), critics of the new Web search site said Tuesday.
-C...
From here (google cache):
"In book 3, at the flying party, Arthur meets an actor who won an award. In the British version, the award was for "The Most Gratuitous Use of the Word 'Fuck' in a Serious Screenplay". In the American edition, the word 'fuck' was replaced with 'Belgium', and about half a page was added explaining why Belgium was such a horribly taboo word everywhere except Earth. There are a few other differences too, mostly revolving around the difference between the American and British billion. "
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
censor not sensor
Please, do everybody a favor and spell correctly!loses not looses
speech not speach
censorship not cencorship
Here it is folks, express your opinion of Mr. Sclavos.
Vote Here!