http://www.theage.com.au/articles/2005/01/17/1105810810053.html
http://www.smh.com.au/articles/2005/01/17/1105810810053.html
Gadi.
Hello All,
Melbourne IT restored the nameservers and contact details
associated with this name first thing this morning (Monday in
Melbourne, Australia).
We are arranging with the previous registrar (Dotster) to
have the name transferred back.
As an update, the transfer back has
However Theo Hnarakis, chief executive officer and managing
director of the company, denied Melbourne IT had been slow to
act. Alex Rosen contacted me at midday Sunday and within
24 hours we ascertained that his complaint was genuine and
transferred the domain back, he said.
- Forwarded message from Alexis Rosen [EMAIL PROTECTED] -
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Resent-Message-Id: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Date: Mon, 17 Jan 2005 01:42:04 -0500
From: Alexis Rosen [EMAIL
[...]
We are looking at our processes to ensure that incidents such as
occurred with panix.com can be addressed more quickly within Melbourne
IT, and also checking to ensure that an appropriate number of external
people have access to the right contacts at Melbourne IT to fast track
serious
We had to retrieve a domain from melbourneIT once, the kind of domain NO ONE
in the organisation would ever touch without asking me or the IT director
first!?! This was on the old ICANN transfer policy as well.
We bulk set register lock on all domains after that incident. But the whole
system
Cheung, Rick wrote:
Hi. Anyone notice an increase of TCP Syns to port 11768, and 445
across random internet IPs? I googled the port, and found a similar
posting here:
http://www.trustedmatrix.org/portal/forum_viewtopic.php?7.954
We located the source on our network, updated
Finally our main email server seems to be able to contact relay.verizon.net -
so only a month of email gone. No idea if this is Verizon smelling coffee, or
just them whitelisting us.
Similarly it seems this weekend Hotmail are also happy to get email from us
again. Seems hotmail.com problem
Simon Waters [EMAIL PROTECTED] wrote:
Finally our main email server seems to be able to contact
relay.verizon.net - so only a month of email gone. No idea if this
is Verizon smelling coffee, or just them whitelisting us.
Port 25 of relay.verizon.net is still a blackhole as far as
On Sun, 16 Jan 2005, John Palmer (NANOG Acct) wrote:
See http://www.public-root.com for an alternative to the ICANN monopoly.
Those folks are very concerned with security.
Whee, AlterNIC take 7!
In any case, these are *root* (.) servers, not gTLD (i.e., com.)
servers; they defer to ICANN for
[I first met Eric when I was a consultant helping put together the
NetBlazer for Telebit. With my ISP hat on, we used NetBlazers for
many years, very stable. I only wish that BellSouth had been as
stable. We eventually switched to PortMasters for the improved
diagnostics of BellSouth's
You may or may not think Verisign as registry is blameless / disreputable
and to blame for this incident.
There is causation for incoherence between the authoritative and
non-authoritative nameservers for a particular data set.
You may or may not think the gaining/losing registrars are
You win. I give. Uncle.
(And I was serious, not sarcastic, about the 'blazer. YMMV,)
-M
---
Martin Hannigan
[EMAIL PROTECTED]
Verisign, Inc.
-Original Message-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: North American Network Operators Group nanog@merit.edu
Sent: Mon Jan 17
(And I was serious, not sarcastic, about the 'blazer. YMMV,)
Martin,
That's OK, I never got work for a router vendor after that, a solution
that I've now completeley generalized, having discovered a trivial but
obscure and beautiful technique, as any good mathematician must.
However, since I
We see a lot of requests of the following format in our proxy logs:
1105979310.010 240001 10.3.12.211 TCP_MISS/504
1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
1105979314.020 240009 10.3.12.211 TCP_MISS/504
1458 GET http://67.171.84.104:25238/2005/1/17/11/23/41/ -
On Mon, 17 Jan 2005 07:12:58 + (GMT)
Christopher L. Morrow [EMAIL PROTECTED] wrote:
provided their contract requires some form of 24/7 support, and
there is an SLA to manage that requirement. If there isn't then
there is no need for 24/7 support (no contractual reason), it
just becomes
Nils Ketelsen wrote:
We see a lot of requests of the following format in our proxy logs:
1105979310.010 240001 10.3.12.211 TCP_MISS/504
1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
1105979314.020 240009 10.3.12.211 TCP_MISS/504
1458 GET
In message [EMAIL PROTECTED], william(
at)elan.net writes:
On Sun, 16 Jan 2005, Joe Maimon wrote:
Thus justifying those who load their NS and corresponding NS's A records
with nice long TTL
Although this wasn't a problem in this case (hijacker did not appear to
have been interested in
On 17 Jan 2005, at 13:08, Steven M. Bellovin wrote:
The suggestion that someone made the other day -- that the TTL on zones
be ramped up gradually by the registries after creation or transfer --
is, I think, a good one.
Records in the control of the registry are the NS records in the parent
zone
At 13:54 -0500 1/17/05, Joe Abley wrote:
So the TTLs of records in the registry-operated zones will likely have no
impact on how long NS records for delegated zones remain in caches.
If panix (or anybody else) wants to increase the time that their NS records
stay in caches, the way to do it is to
On Mon, Jan 17, 2005 at 07:44:37PM +0200, Gadi Evron wrote:
Nils Ketelsen wrote:
We see a lot of requests of the following format in our proxy logs:
1105979310.010 240001 10.3.12.211 TCP_MISS/504
1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
1105979314.020
I still have no clue what is causing this, but I am pretty clueless when
it comes to Windows PCs anyway, and as you might have guessed: The PCs
making these connections are windows machines.
Continuing our off-list discussion for this on-list comment...
Without a reboot, try to connect the
Nevertheless the total number of accessed addresses was still
1000 (over all hosts). So I think we might have in fact 1000 Addresses
that are contacted/attacked. The complete list of contacted addresses can
be found here:
http://steering-group.net/~nils/ips.txt
More to the point - how about the
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], william(
at)elan.net writes:
On Sun, 16 Jan 2005, Joe Maimon wrote:
Thus justifying those who load their NS and corresponding NS's A records
with nice long TTL
Although this wasn't a problem in this case (hijacker did not
Richard Cox wrote:
...
there were an obligation for every accredited registrar to guarantee
a response within a given timescale and on a 24/7 basis, to any
emergency request received from any other accredited registrar.
That given timescale is often called a standard of promptness in
http://www.theregister.co.uk/2005/01/17/panix_domain_hijack/
Gadi.
Bill,
The Registry is the party that must revert the data to the previous
state. For the stability of the Internet, it must be done as quickly
as possible before old correct caches time out. Therefore, that's
where the penalties should apply.
Agree. This is a solution to the publication
I think, briefly, that we need to force Verisign and the registrars to be
FAR more public about the backend process for WHOIS data and for the TLD
zone data. Especially with .com, .net, and probably .org, and this latest
failure of 'the system' and the obvious lack of information on 'the
[second posting attempt, apologies if the first
identical post ever arrives]
On Mon, 17 Jan 2005 15:47:50 -0700, Michael Loftis
[EMAIL PROTECTED] wrote:
It's clearly broken, and needs to be put up for
public review by 'the powers that be' so that it can
be fixed. What's happening now feels
At 3:03 PM -0500 1/17/05, William Allen Simpson wrote:
...
This will work even in the cases where the bogus domain registrant
submits false contacts, such as happened in panix.com. There
shouldn't be any reason to delay reversion to a known former state.
Bill,
You indicate a known former
On Mon, Jan 17, 2005 at 06:16:25PM -0800, [EMAIL PROTECTED] wrote:
P.S.
can anyone comment on the reputations of the .net registry
administration contenders (no need to comment on verisign)?
A nonprofit firm in Frankfurt, Denic eG, which manages Germany's
eight million registered .de
Bill,
I'm not speaking for Bill. These are my views.
You indicate a known former state, which implies that you'd allow
reverting back multiple changes under your proposed scheme...
You would have to. Otherwise, two quick transfers would defeat the
scheme.
An
32 matches
Mail list logo
