Christopher X. Candreva wrote:
The domain of Panix, one of the first NY ISP's, has been hijacked by persons unknown. A whois of panix.net will show what the records should be, a whois of panix.com will show what they currently are.
How this exactly happened is not yet clear. However, this is the type of thing that scares me about the current transfer method. The fact that someone can flasify a transfer request, and if somehow I do not get the notification, the transfer will happen anyway is a BIG problem.
Let's assume that all the facts are in - what data did the gaining registrar rely on to start the transfer? The point that people tend to miss in these discussions is that someone must have given some level of authorization much earlier in the game. Designing a system to check for the existence of forgeries is much different than designing a system with an appropriate level of checks *and* balances - which I think we have today.
Yes, someone can get in trouble if it happens. That will be small comfort when I am out of business because my domain has been down.
Transfer Lock is your friend.
Ross -- a comment from you has been forwarded to Nanog. (see http://www.merit.edu/mail.archives/nanog/, specificly http://www.merit.edu/mail.archives/nanog/msg04275.html ) It isn't very flattering, hopefully you're just cranky in the morning ? :-)
There aren't enough facts out there to justify the kind of chatter thats happening on the NANOG list. They are usually a pretty clueful bunch and I expect more from them than this. It appears that slashdot-style ninnery is contagious. If that means that people think I'm cranky, then so be it ;-)
--
-rwr
Contact info: http://www.blogware.com/profiles/ross Skydasher: A great way to start your day My weblog: http://www.byte.org
