Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: recovery in progress

  • From: Alexei Roudnev
  • Date: Mon Jan 17 01:49:40 2005

There is more sertious problem here.

I can image 2 kinds of transfer:
- (1) domain is transferred WITHOUT CHANGES to the new registrar. Notice -
WITHOUT CHANGES. New registrar
should not change diomain without explicit order from owner.

- (2) Domain is expired and, after reasonable HOLD period, is transferred to
the new owner (and more likely new registrar). I can happen with the unused
domain only, or with domain which is expired.

In no case can 2 events happen together; if it happen, it is 100% indication
of hajacking. If someone want domain to be delegated to the new owner, he
91) change registrar if necessary, and (2) change donain owner.

All other approaches are very dangerous.

> On Sun, Jan 16, 2005 at 06:01:35PM -0500, Henry Yen wrote:
> >
> > The latest shell host motd's:
> >
> > . Hijack recovery underway (elr) Sun Jan 16 17:43:28 2005
> > .
> > .    Recovery is underway from the domain hijack.
> > .
> > .    The root name servers now have the correct information, as does the
> > .    WHOIS registry.  Portions of the Internet will still not be able to
> > .    see until their name servers expire the false data.  More
> > .    info soon.
> Yes, some folks with serious mojo got involved and things seem to be
> on the way to "operationally fixed".  AFAIK there is still no progress as
> to the question of how this kind of transfer can happen without notice
> to the transferred-from registrar (it's possible that there's progress
> I don't know about).
> I have just spoken to the tremendously tired and overworked ops staff at
> Panix again.  They would appreciate it very much if network operators
> would reload their nameservers to help the good data for
> propagate over the bad.  Some Panix customer email now seems to be being
> relayed to the actual Panix mail servers by the fake ones in the UK, which
> is not such a good thing for obvious reasons.
> Thor

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.