From: Roeland Meyer (E-mail) ("Roeland)
Date: Sat May 06 2000 - 20:09:57 EDT
Cute dude. OTOH, this probably has enough operational content to merit posting to NANOG. Now all we need is for some script-kiddee to figure it out <groan>.
> Behalf Of domainiac
> Sent: Saturday, May 06, 2000 4:08 PM
>
> I figured out a way to completely hijack a domain in less
> than week under
> the new shared system. And by hijack I do not mean simply
> redirect the DNS,
> etc. I mean completely change the whois record to a new
> owner. I won't post
> specific directions but I am sure others could do the same
> trick as it is
> not that complicated. I passed the specific directions onto
> ICANN but who
> knows if they are likely to do anything. The vulnerability
> only applies to
> NSI domains with MAIL-FROM (or when their CRYPT-PW system screws up).
>
> I set up an automated system that reads both the registry and
> registrar
> records, compares it the stored records, and automatically
> e-mails contacts
> with the changed info. It also can be used to track domains
> about to be
> released.
>
> http://DomainSiren.com
>
> Russ Smith
> http://ChangeYourDomain.com
|
|
|