[28121] in North American Network Operators' Group
NSI's registrar db hacked
daemon@ATHENA.MIT.EDU (Rodney Joffe)
Thu Apr 13 15:41:02 2000
Message-ID: <38F62245.7F3395F1@centergate.com>
Date: Thu, 13 Apr 2000 12:38:45 -0700
From: Rodney Joffe <rjoffe@centergate.com>
MIME-Version: 1.0
To: NANOG <nanog@merit.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Looks like another hole in the NSI registrar (not registry) system has
been found and exploited. Apparently some 2,000 domains have been
hijacked, so if something weird has happened to a domain of yours, this
may explain it...
Whois lucasfilm.com
Query: indianajones.com
Registry: whois.networksolutions.com
Results:
Registrant:
Lucasfilm Ltd (INDIANAJONES5-DOM)
senojanaidn 12
Tirana, Albania 10000
AL
Domain Name: INDIANAJONES.COM
Administrative Contact, Technical Contact, Zone Contact, Billing
Contact:
indianajones, inetn (IIO27) justdoit@MEGAPOST.NET
indianajonesorgni
senojanaidn 12
Tirana, Albania 10000
AL
323432444 (FAX) 323432431
Record last updated on 10-Apr-2000.
Record expires on 02-Oct-2000.
Record created on 01-Oct-1997.
Database last updated on 12-Apr-2000 04:49:41 EDT.
Domain servers in listed order:
NS1.WEBPROVIDER.COM 209.143.154.70
NS2.WEBPROVIDER.COM 207.226.255.71
Results brought to you by the GeekTools WHOIS Proxy v3.0
Server results may be copyrighted and are used with permission.
Your host (204.74.78.193) has visited 2 times today.
Story appears at http://filmforce.ign.com/news/781.html
pointer provided by jra :-)
The url does take you to the lucasfim website now, but earlier it took
you to Webprovider.com. The above story has a screencapture of the way
it looked.
--
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(SM)
