nanog mailing list archives

Re: NSI's registrar db hacked

From: Steve Gibbard <scg () wwnet net>
Date: Thu, 13 Apr 2000 16:08:05 -0400 (EDT)


I modified my NSI contact handle last week.  I sent in the modification
template from an address other than what was listed on the contact record,
expecting to get something sent to the listed address asking me to ack the
change, but instead the change just went right through.  The mail from
authentication was never very secure, as it would accept whatever was on
the From: line as suitable authentication, but this seemed even worse than
usual.

I can't say this domain hijacking surprises me much.

-Steve

On Thu, 13 Apr 2000, Rodney Joffe wrote:


Looks like another hole in the NSI registrar (not registry) system has
been found and exploited. Apparently some 2,000 domains have been
hijacked, so if something weird has happened to a domain of yours, this
may explain it...

Whois lucasfilm.com

Query:     indianajones.com
Registry:  whois.networksolutions.com
Results:


Registrant:
Lucasfilm Ltd (INDIANAJONES5-DOM)
   senojanaidn 12
   Tirana, Albania 10000
   AL

   Domain Name: INDIANAJONES.COM

   Administrative Contact, Technical Contact, Zone Contact, Billing
Contact:
      indianajones, inetn  (IIO27)  justdoit () MEGAPOST NET
      indianajonesorgni
      senojanaidn 12
      Tirana, Albania 10000
      AL
      323432444 (FAX) 323432431

   Record last updated on 10-Apr-2000.
   Record expires on 02-Oct-2000.
   Record created on 01-Oct-1997.
   Database last updated on 12-Apr-2000 04:49:41 EDT.

   Domain servers in listed order:

   NS1.WEBPROVIDER.COM                209.143.154.70
   NS2.WEBPROVIDER.COM                207.226.255.71


Results brought to you by the GeekTools WHOIS Proxy v3.0
Server results may be copyrighted and are used with permission.
Your host (204.74.78.193) has visited 2 times today.


Story appears at http://filmforce.ign.com/news/781.html

pointer provided by jra :-)

The url does take you to the lucasfim website now, but earlier it took
you to Webprovider.com. The above story has a screencapture of the way
it looked.

-- 
Rodney Joffe
CenterGate Research Group, LLC.
http://www.centergate.com
"Technology so advanced, even we don't understand it!"(SM)


--
Steve Gibbard
WWNet System Administration
+1 734 513-7707 x 2009
http://www.wwnet.net

Current thread:

NSI's registrar db hacked Rodney Joffe (Apr 13)
- Re: NSI's registrar db hacked Steve Gibbard (Apr 13)
- <Possible follow-ups>
- Re: NSI's registrar db hacked Rodney Joffe (Apr 13)
  - Re: NSI's registrar db hacked Marc Slemko (Apr 13)
  - Re: NSI's registrar db hacked Majdi S. Abbas (Apr 13)
    - Re: NSI's registrar db hacked Rodney Joffe (Apr 13)
  - Re: NSI's registrar db hacked Michael P. Lucking (Apr 14)
    - Re: NSI's registrar db hacked Forrest W. Christian (Apr 14)