From: David Mazieres <dm@amsterdam.lcs.mit.edu>
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Message Hash: 97e1e875d71afa3ba66bc780d07bdf33a89e9be351370501ee5fcdf2bd3f7a47
Message ID: <199602010926.EAA19923@amsterdam.lcs.mit.edu>
Reply To: <9601301819.AA00964@toad.com>
UTC Datetime: 1996-02-01 14:18:51 UTC
Raw Date: Thu, 1 Feb 1996 22:18:51 +0800
From: David Mazieres <dm@amsterdam.lcs.mit.edu>
Date: Thu, 1 Feb 1996 22:18:51 +0800
To: rishab@dxm.org (Rishab Aiyer Ghosh)
Subject: Re: Domain hijacking, InterNIC loopholes
In-Reply-To: <9601301819.AA00964@toad.com>
Message-ID: <199602010926.EAA19923@amsterdam.lcs.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
I don't think Domain hijacking is a terribly big threat. First of
all, the modification process insn't fully automated. Second of all,
it takes several weeks for the changes to go through. Before the
changes go through, the internic sends out mail to a bunch of people,
including all previous administrators and administrators of all
domains which contain old or new nameservers.
Thus, I'd say the domain modification process is slightly more secure
than First Virtual :-) :-) :-). It relies on the security of the
network routers and existing nameservers, and requires one or more
active attacks or viruses to defeat. Probably your best is to wait
for as many as possible of the relevant sysadmins to go on vacation,
and then mail-bomb them rest so hard they end up not reading all of
their real E-mail. Then again, there's always the possibility that
the domain administrator knows how to use procmail...
David
Return to February 1996
Return to “rishab@dxm.org (Rishab Aiyer Ghosh)”