Security Incidents mailing list archives
Re: Nike Site taken over
From: aentoday () PUNKASS COM (Ballard, James)
Date: Tue, 27 Jun 2000 15:18:37 -0400
'Domain Hijacking: A step by step guide':
http://www.securiteam.com/securitynews/Domain_Hijacking__A_step-by-step_guid e.html You may want to add this to your paper. NetworkSolutions NICs are generated by date(YY/MM/DD) follewed by ticket number. [NIC-000127.20b9e] ^date^ ^T#^ The date above is January 27, 2000 and the ticket number is 20b9e. Ticket numbers can be up to six characters in length and may contain numeric or alpha-numeric data. If you were to try this method you would most certianly need to correspond your NICs with the appropriate date handle. Also sending the message subject as a reply from the mailer requires including all headers from the original mail. A sample of these headers is listed below. Keeping your headers looking good is always important when sending anonymous mail. Message-Id: <200006261245.QAA14855 () rs internic net> year^ m^ d^ ^sid^ ^ uid ^ Return-path: <hostmaster () networksolutions com> Received: from opsmail.internic.net (unverified [198.41.0.91]) by mail.yourhost.com (Rockliffe SMTPRA 4.2.2) with ESMTP id <B0001949513 () mail yourhost com> for <you () yourhost com>; Mon, 26 Jun 2000 13:26:04 -0700 Received: from rs.internic.net (bipwww1.lb.internic.net [192.168.120.7]) by opsmail.internic.net (8.9.3/8.9.1) with ESMTP id QAA28902 for <you () yourhost com>; Mon, 26 Jun 2000 16:26:17 -0400 (EDT) Received: (from nobody@localhost) by rs.internic.net (8.9.3/8.8.4) id QAA10285 for you () yourhost com; Mon, 26 Jun 2000 16:26:17 -0400 (EDT) Date: Mon, 26 Jun 2000 16:26:17 -0400 (EDT) From: hostmaster () internic net Message-Id: <200006261245.QAA14855 () rs internic net> Subject: CONTACT NICHANDLE Lastname, Firstname Reply-To: <hostmaster () internic net> ... just a thought ...
Current thread:
- Re: Permissions, (continued)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
- Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
- Port scan (106 and 389) Chris Laycock (Jun 28)
- Compromise and Bind Replacement Scott Brown (Jun 28)
- Re: Port scan (106 and 389) Fabio Pietrosanti (Jun 28)
- Re: Probes for MySQL under Linux? Al Huger - Mail Account (Jun 28)
- Was I exploited? Narins, Joshua (Jun 29)
- Re: Was I exploited? Russ Spooner (Jun 29)
- Re: Nike Site taken over Ballard, James (Jun 27)
- port 1433? Sir Scriptzalot (Jun 25)
- Re: port 1433? Jason Witty (Jun 27)
- Port 1433 Edwin Concepcion (Jun 26)
- Re: Port 7070? Ryan Russell (Jun 22)
- Re: Port 7070? Robert Graham (Jun 23)