[28545] in North American Network Operators' Group
RE: DomainSiren.com Whois records alert service
daemon@ATHENA.MIT.EDU (Roeland Meyer (E-mail))
Sat May 6 20:12:41 2000
Reply-To: <rmeyer@mhsc.com>
From: "Roeland Meyer (E-mail)" <rmeyer@mhsc.com>
To: "'domainiac'" <domainiac@HOME.COM>,
<DOMAIN-POLICY@LISTS.INTERNIC.NET>
Cc: "LIST NANOG (E-mail)" <nanog@merit.edu>
Date: Sat, 6 May 2000 17:09:57 -0700
Message-ID: <000d01bfb7b8$94e0a900$eaaf6cc7@PEREGRIN>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <006601bfb7af$f3b098e0$b5e20a18@alex1.va.home.com>
Errors-To: owner-nanog-outgoing@merit.edu
Cute dude. OTOH, this probably has enough operational content to merit =
posting to NANOG. Now all we need is for some script-kiddee to figure it =
out <groan>.
> Behalf Of domainiac
> Sent: Saturday, May 06, 2000 4:08 PM
>=20
> I figured out a way to completely hijack a domain in less=20
> than week under
> the new shared system. And by hijack I do not mean simply=20
> redirect the DNS,
> etc. I mean completely change the whois record to a new=20
> owner. I won't post
> specific directions but I am sure others could do the same=20
> trick as it is
> not that complicated. I passed the specific directions onto=20
> ICANN but who
> knows if they are likely to do anything. The vulnerability=20
> only applies to
> NSI domains with MAIL-FROM (or when their CRYPT-PW system screws up).
>=20
> I set up an automated system that reads both the registry and=20
> registrar
> records, compares it the stored records, and automatically=20
> e-mails contacts
> with the changed info. It also can be used to track domains=20
> about to be
> released.
>=20
> http://DomainSiren.com
>=20
> Russ Smith
> http://ChangeYourDomain.com
