Christopher X. Candreva wrote:
> The domain of Panix, one of the first NY ISP's, has been hijacked by
> persons unknown. A whois of panix.net will show what the records should be,
> a whois of panix.com will show what they currently are.
>
> How this exactly happened is not yet clear. However, this is the type of
> thing that scares me about the current transfer method. The fact that
> someone can flasify a transfer request, and if somehow I do not get the
> notification, the transfer will happen anyway is a BIG problem.
>
Let's assume that all the facts are in - what data did the gaining
registrar rely on to start the transfer? The point that people tend to
miss in these discussions is that someone must have given some level of
authorization much earlier in the game. Designing a system to check for
the existence of forgeries is much different than designing a system
with an appropriate level of checks *and* balances - which I think we
have today.
> Yes, someone can get in trouble if it happens. That will be small comfort
> when I am out of business because my domain has been down.
Transfer Lock is your friend.
>
> Ross -- a comment from you has been forwarded to Nanog. (see
> http://www.merit.edu/mail.archives/nanog/, specificly
> http://www.merit.edu/mail.archives/nanog/msg04275.html ) It isn't very
> flattering, hopefully you're just cranky in the morning ? :-)
There aren't enough facts out there to justify the kind of chatter thats
happening on the NANOG list. They are usually a pretty clueful bunch and
I expect more from them than this. It appears that slashdot-style
ninnery is contagious. If that means that people think I'm cranky, then
so be it ;-)
---rwr
Contact info: http://www.blogware.com/profiles/ross Skydasher: A great way to start your day My weblog: http://www.byte.org
This archive was generated by hypermail 2.1.3 : Mon Jan 31 2005 - 23:00:01 EST