IP: More about NSI Servers Attack(?) - intriguing short analysis

[Dave Farber <farber () cis upenn edu>]

From: "Robert Raisch" <raisch () internautics com>
To: "Dave Farber" <farber () cis upenn edu>

(To me, this is fascinating, as it is just one more way users have identified
and exploited yet another loophole in a critical service.  And NSI's response
seems amazingly ill considered. /rr)

> From Need To Know - <*the* weekly high-tech sarcastic update for the uk>
http:www.ntk.net

The .com artists, NETWORK SOLUTIONS, got hit with more nasty
         hacks by domain name speculators. People are now reserving
         .com addresses, sitting out the thirty days before you have
         to pay up, and then - just before NSI's automated system
         releases the domain again - bludgeoning the Internic servers
         with thousands of new reservation requests. That lets the
         speculators hold domain names indefinitely without paying a
         penny. It also crashes NSI's servers, as the more worthy (or
         less sneaky) domain masters have discovered. Network
         Solution's answer has been intriguing: instead of devising a
         more sophisticated reservation system (genuine name &
         address authentication? PGP registration? actually holding
         people to the requirement that they have valid DNS
         servers?), they've simply deleted the "Status" and "Last
         changed" fields from the whois database without telling
         anyone. You'll note that this a) potentially busts other
         programs, b) doesn't solve the problem, since the domain
         name speculators already *know* when they reserved the
         domain. Network Solutions - placing the emphasis on neither.

--
Rob Raisch, Internet Hired Gun <http://www.raisch.com/>