From: Robert Lowe (Robert.H.Lowe@lawrence.edu)
Date: Wed Sep 10 2003 - 14:29:07 CDT
David Meuleman wrote:
David,
> Do you have some way that you are redirecting these requests? Or do you
> simply block outbound traffic on port 53 for all nodes except your name
> servers?
I do both, plus a third... they have to work in concert.
1. I block outbound tcp/udp traffic to destination port 53 for all hosts
except my nameservers. This means all internal clients have to use
our dns servers for name resolution.
2. On all nameservers, including netreg, I add a zone for the domain
in question, essentially hijacking requests for that domain, and
resolve all names to a local webserver.
3. The webserver is configured to recognize that domain (virtual host,
or whatever config is necessary for your brand of http server),
and re-directs all requests to a page explaining what's wrong,
etc.
The text of the webpage for commonname reads:
ERROR: CommonName software installed
It appears that your computer has a program called CommonName installed on it.
This program is bundled with certain applications, including several music
sharing programs, and is installed by default.
The newer variant CommonName/Agent periodically opens pop-under advertising as
well as highjacking search settings. It may also introduce browser stability
issues. Because of this, and privacy violation issues with CommonName/Agent,
which uses cookies to identify you when requests are made to CommonName, your
web usage may be tracked. Requests are made when advertising is opened and
when you visit a web address with a top-level-domain that the CommonName
software does not know about. This includes .edu and .mil sites.
Because of the above issues, and the fact that numerous campus web sites may
not work when you have this software installed, possibly including network
registration, we recommend that you uninstall this software from your
computer. Doing so will not effect the functionality of the application with
which CommonName was bundled, e.g. KaZaa, iMesh, etc.
To uninstall the CommonName software
Click Start-Settings-Control Panel.
From the Control Panel, click on "Add Remove Programs".
Click on the program named "CommonName" and then click "Change/Remove".
Click on the Uninstall button.
After the uninstallation finishes, click Close.
Reboot your computer.
If you are actually trying to connect to the CommonName web site then the
following link should allow you to access this site: CommonName Web Site
> We have had several problems with students using CommonName and
> new.net. Names do not resolve to our NetReg server because they are
> looking for the CommonName servers. But they cannot get to the those
> because outbound traffic from the temporary IP ranges are blocked at the
> gateway. Then, we get angry calls because "the Internet is not
> working." Point their browser to the IP of the NetReg server, and they
> go fine.
>
> Adaware and Spybot are fine to help remove them. But I'm not sure it is
> my place to force students to remove software that they chose to install
> on their own computers. The only reason I'm forcing them to clean and
> patch their computers of the Blaster and Nachi worms is because it
> shutdown one of my routers.
If it puts your institution in a position of violating federal law,
then I'd say you have plenty to stand on.
-Robert
> On Thu, 28 Aug 2003 16:42:59 -0500, Robert Lowe
> <Robert.H.Lowe@lawrence.edu> wrote:
>
>> Whether or not CommonName, or something like it is involved,
>> I'm strongly in favor of restricting outbound DNS requests to *your*
>> DNS servers. All on-campus resolvers should use your DNS service.
>> IIRC, even the contents of secure web forms were sent off to the
>> CommonName servers with web requests. Try explaining to a dean
>> how FERPA protections were so easily circumvented, when information
>> from your Banner/PeopleSoft/whatever online forms travels across the
>> public Internet.
>>
>> -Robert
>>
>
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
--
_/ _/ _/ Robert Lowe, Network Manager
_/ _/ _/ Computer Services
_/ _/ _/ Lawrence University / Appleton, WI 54912 / USA
_/ _/ _/ Voice: 920/832-6572 Fax: 920/832-7374
_/_/_/_/ _/_/_/_/ e-mail: Robert.H.Lowe@lawrence.edu
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:40 CDT