North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: fwd: Re: [registrars] Re: panix.com hijacked
- From: william(at)elan.net
- Date: Mon Jan 17 00:35:28 2005
On Sun, 16 Jan 2005, Joe Maimon wrote:
> Thus justifying those who load their NS and corresponding NS's A records
> with nice long TTL
Although this wasn't a problem in this case (hijacker did not appear to
have been interested in controlling dns since it points to default domain
registration and under construction page), but long TTL trick could be
used by hijackers - i.e. he gets some very popular domain, changes dns to
the one he controls and purposely sets long TTL. Now even if registrars
are able to act quickly and change registration back, those who cached new
dns data would keep it for quite long in their cache.
P.S. Just in case I chose not to send this info until panix.com had been
restored, but we really do need to deal with how it occurred in the first
place - even short term damage is bad so we need to have policies at ICANN
that do no allow unauthorized transfers or else all domains can be "LOCKED"
by default by registrars which effectively does the same.