Re: Nike Site taken over

[aentoday () PUNKASS COM (Ballard, James)]

> 'Domain Hijacking: A step by step guide':
http://www.securiteam.com/securitynews/Domain_Hijacking__A_step-by-step_guid
e.html

You may want to add this to your paper.

NetworkSolutions NICs are generated by date(YY/MM/DD) follewed by ticket
number.

[NIC-000127.20b9e]
          ^date^  ^T#^

The date above is January 27, 2000 and the ticket number is 20b9e. Ticket
numbers can be up to six characters in length and may contain numeric or
alpha-numeric data. If you were to try this method you would most certianly
need to correspond your NICs with the appropriate date handle.

Also sending the message subject as a reply from the mailer requires
including all headers from the original mail. A sample of these headers is
listed below. Keeping your headers looking good is always important when
sending anonymous mail.

Message-Id: <200006261245.QAA14855 () rs internic net>
                year^   m^ d^  ^sid^  ^   uid   ^

Return-path: <hostmaster () networksolutions com>
Received: from opsmail.internic.net (unverified [198.41.0.91]) by
mail.yourhost.com
 (Rockliffe SMTPRA 4.2.2) with ESMTP id <B0001949513 () mail yourhost com> for
<you () yourhost com>;
 Mon, 26 Jun 2000 13:26:04 -0700
Received: from rs.internic.net (bipwww1.lb.internic.net [192.168.120.7])
 by opsmail.internic.net (8.9.3/8.9.1) with ESMTP id QAA28902
 for <you () yourhost com>; Mon, 26 Jun 2000 16:26:17 -0400 (EDT)
Received: (from nobody@localhost)
          by rs.internic.net (8.9.3/8.8.4)
   id QAA10285 for you () yourhost com; Mon, 26 Jun 2000 16:26:17 -0400 (EDT)
Date: Mon, 26 Jun 2000 16:26:17 -0400 (EDT)
From: hostmaster () internic net
Message-Id: <200006261245.QAA14855 () rs internic net>
Subject: CONTACT NICHANDLE Lastname, Firstname
Reply-To: <hostmaster () internic net>

... just a thought ...