Re: panix.com recovery in progress
On Sun, Jan 16, 2005 at 06:01:35PM -0500, Henry Yen wrote: The latest shell host motd's: . Hijack recovery underway (elr) Sun Jan 16 17:43:28 2005 . .Recovery is underway from the panix.com domain hijack. . .The root name servers now have the correct information, as does the .WHOIS registry. Portions of the Internet will still not be able to .see panix.com until their name servers expire the false data. More .info soon. Yes, some folks with serious mojo got involved and things seem to be on the way to operationally fixed. AFAIK there is still no progress as to the question of how this kind of transfer can happen without notice to the transferred-from registrar (it's possible that there's progress I don't know about). I have just spoken to the tremendously tired and overworked ops staff at Panix again. They would appreciate it very much if network operators would reload their nameservers to help the good data for panix.com propagate over the bad. Some Panix customer email now seems to be being relayed to the actual Panix mail servers by the fake ones in the UK, which is not such a good thing for obvious reasons. Thor
Re: panix.com recovery in progress
On Sun, 16 Jan 2005 23:12:10 +, Thor Lancelot Simon wrote: I have just spoken to the tremendously tired and overworked ops staff at Panix again. They would appreciate it very much if network operators would reload their nameservers to help the good data for panix.com propagate over the bad. Some Panix customer email now seems to be being relayed to the actual Panix mail servers by the fake ones in the UK, which is not such a good thing for obvious reasons. It seems to be working for myself, however it appears as though SSH is listening on port 80 on that machine. message SSH-1.99-OpenSSH_3.9p1 Protocol mismatch. /message I can connect correctly via ssh on port 80. Ken
Re: panix.com recovery in progress
There is more sertious problem here. I can image 2 kinds of transfer: - (1) domain is transferred WITHOUT CHANGES to the new registrar. Notice - WITHOUT CHANGES. New registrar should not change diomain without explicit order from owner. - (2) Domain is expired and, after reasonable HOLD period, is transferred to the new owner (and more likely new registrar). I can happen with the unused domain only, or with domain which is expired. In no case can 2 events happen together; if it happen, it is 100% indication of hajacking. If someone want domain to be delegated to the new owner, he 91) change registrar if necessary, and (2) change donain owner. All other approaches are very dangerous. On Sun, Jan 16, 2005 at 06:01:35PM -0500, Henry Yen wrote: The latest shell host motd's: . Hijack recovery underway (elr) Sun Jan 16 17:43:28 2005 . .Recovery is underway from the panix.com domain hijack. . .The root name servers now have the correct information, as does the .WHOIS registry. Portions of the Internet will still not be able to .see panix.com until their name servers expire the false data. More .info soon. Yes, some folks with serious mojo got involved and things seem to be on the way to operationally fixed. AFAIK there is still no progress as to the question of how this kind of transfer can happen without notice to the transferred-from registrar (it's possible that there's progress I don't know about). I have just spoken to the tremendously tired and overworked ops staff at Panix again. They would appreciate it very much if network operators would reload their nameservers to help the good data for panix.com propagate over the bad. Some Panix customer email now seems to be being relayed to the actual Panix mail servers by the fake ones in the UK, which is not such a good thing for obvious reasons. Thor
