North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DomainSiren.com Whois records alert service
Cute dude. OTOH, this probably has enough operational content to merit posting to NANOG. Now all we need is for some script-kiddee to figure it out <groan>. > Behalf Of domainiac > Sent: Saturday, May 06, 2000 4:08 PM > > I figured out a way to completely hijack a domain in less > than week under > the new shared system. And by hijack I do not mean simply > redirect the DNS, > etc. I mean completely change the whois record to a new > owner. I won't post > specific directions but I am sure others could do the same > trick as it is > not that complicated. I passed the specific directions onto > ICANN but who > knows if they are likely to do anything. The vulnerability > only applies to > NSI domains with MAIL-FROM (or when their CRYPT-PW system screws up). > > I set up an automated system that reads both the registry and > registrar > records, compares it the stored records, and automatically > e-mails contacts > with the changed info. It also can be used to track domains > about to be > released. > > http://DomainSiren.com > > Russ Smith > http://ChangeYourDomain.com
|