From: Robert Lowe (robert.h.lowe@lawrence.edu)
Date: Fri Aug 30 2002 - 10:20:03 CDT
"King, Michael" wrote:
Mike,
CommonName didn't break DNS, it broke the browser. In addition to attempting
to lookup "common names", this application tracks your web usage. Verify with
a sniffer or tcpdump whether it attempts to go back to commonname.com to lookup
even the redirect, which in this case forces it into a never-ending loop. I'd
do it myself, but I'm not anxious to load scumware on my box, and I don't have
a spare lying around at the moment! ;-)
-Robert
> Ok, I've brought some more information. Since I had a hard time figuring
> this one out myself, I'd let everyone know what I did.
>
> Since I've been having trouble making myself understood today. (Been a very
> long day, can you guess when my students moved in?) I'm going to try to make
> my thoughts as clear as possible.
>
> Item 1: NetReg is working perfectly for Normal computers.
>
> Item 2: Certain computer that have a spyware program called CommonName
> installed on them.
>
> Item 3: Computers from Item 2 Do Not get the registration page. They get
> nothing. They do not even time out and get an error message. My test
> computer sitting next to me has been trying to open the page for about 5
> minutes.
>
> Item 4: I have the following message in my log:
> 192.168.132.181 - - [29/Aug/2002:17:50:41 -0400] "GET
> /find2.asp?cn=LQoECxcOSQoGSUwETFccVVRFAlteVFdUU20HGQAD&app=100&vs=3.54&rs=ht
> tp HTTP/1.1" 404 3239
>
> Item 5: The error 404 response was given, NetReg has done it's job, and
> should have given the registration page, but the clients do not get it. 3rd
> party program (See Item 2) has broken a relativity easy process.
>
> To test this yourself, goto http:\\www.commonname.com and hit the "Enable my
> browser for CommonName", it will install itself, and ask you to restart your
> browser. I did so, and noticed I got a popup ad when I visit my colleges
> homepage. Ok, so it's working.
> Unregister yourself, and see if you can get it to work.
>
> Workarounds:
> I created a file named find2.asp in my root htdocs directory. Instead of
> getting no response, I now get this file. I cut and pasted the file that I
> linked to earlier that had directions on how to remove the software.
>
> Synopsis: By default, NetReg did not appear to handle how CommonName was
> messing with the DNS System. With the addition of another file (find2.asp)
> in the document root, the problem can be corrected.
>
> Figured I'd share the wealth. Later all,
>
> Mike
>
> -----Original Message-----
> From: Peter Valian [mailto:valianp@southwestern.edu]
> Sent: Thursday, August 29, 2002 2:23 PM
> To: netreg@southwestern.edu
> Subject: Re: NetReg: CommonName
>
> Oh. Hmmm...NetReg should work fine...commonname.com will resolve to the
> netreg box and find2.asp will trigger the 404 redirect.
>
> It does look like it may interfere with other campus web services. In
> any case, we don't tollerate any spyware (passive or active) and will
> probably do the redirect that Radford Univ is doing.
>
> Thanks Mike.
> -p
>
> King, Michael wrote:
> > Very true, I should have been more specific. It's not intialiating a DNS
> > request on port 53, It's passing it via a ASP script hosted on the
> > http://www.commonname.com/find2.asp.
> >
> > I first noticed it when I troubleshot a students computer, whatever
> address
> > I typed in the address bar, it tried to contact www.commenname.com
> instead.
> > I ended up having to uninstall the program commonname to get it to work.
> > (Of course there is no easy uninstall program, you have to goto the
> program
> > files folder, into the commonname folder, and run the uninstall program
> from
> > there)
> >
> > Mike
> >
> > -----Original Message-----
> > From: Peter Valian [mailto:valianp@southwestern.edu]
> > Sent: Thursday, August 29, 2002 1:11 PM
> > To: netreg@southwestern.edu
> > Subject: Re: NetReg: CommonName
> >
> >
> > I would recommend not allowing users to use off-campus DNS, IMHO.
> > It's port 53...tcp and udp.
> >
> > We do not allow it and have not allowed it for serveral years. Have
> > never had a complaint. If a user asks if they can use an off-campus DNS
> > server, I'd be suspicious.
> >
> > Sometimes we become authoritative for domains we'd rather not have
> > students go to (i.e. napster.com)...those were the days before good
> > bandwidth management tools. That effectively broke any clients trying
> > to connect to whatever.napster.com.
> >
> > -p
> >
>
> --
> Peter Valian
> Network & Systems Administrator
> Southwestern University
> Georgetown, Texas
> 512.863.1586 office
> 512.863.1605 fax
> --
>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:38 CDT