From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 1 Feb 1996 22:18:51 +0800
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <9601301819.AA00964@toad.com>
Message-ID: <199602010926.EAA19923@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


I don't think Domain hijacking is a terribly big threat.  First of
all, the modification process insn't fully automated.  Second of all,
it takes several weeks for the changes to go through.  Before the
changes go through, the internic sends out mail to a bunch of people,
including all previous administrators and administrators of all
domains which contain old or new nameservers.

Thus, I'd say the domain modification process is slightly more secure
than First Virtual :-) :-) :-).  It relies on the security of the
network routers and existing nameservers, and requires one or more
active attacks or viruses to defeat.  Probably your best is to wait
for as many as possible of the relevant sysadmins to go on vacation,
and then mail-bomb them rest so hard they end up not reading all of
their real E-mail.  Then again, there's always the possibility that
the domain administrator knows how to use procmail...

David