Internic Security

Avi Freedman freedman at
Mon Mar 11 14:25:01 UTC 1996

> I just got off the phone with Internic after a very disturbing 
> discovery.  I received a call from a client asking why their 
> Administrative/Techinical/Zone contact was someone they had never seen 
> before.  When checking it, it seemed like somehow this person had been 
> put on many of our registered domains.  Upon closer inspection, I 
> realized that the NIC Handle was the same; it was just who owned it that 
> was different.
>    Somehow, the Internic Handle was overwritten.  This was our CEOs 
> handle (MP122) and it was on EVERY single domain we owned.  I was 
> somewhat surprised that such a basic service as registering NIC Handles 
> could be overwritten.  Well, I just got another call from a client asking 
> close to the same thing.  This time, upon inspection, it seems our VPs 
> handle was overwritten - and by our closest competitor!
>    Everytime I've called the Internic about this matter (with the 
> exception of one time) I have gotten excellent service, but no answer on 
> how this happened or if they can ensure it won't happen again.  Does 
> anyone else out there have their NIC Handles overwritten?  Does anyone 
> know the security procedure they use to guard the Handles?  I can 
> understand the first time it happening to us, but the second time?  I 
> really need some statistics on how often this happens so I can determine 
> if I should be paranoid or no. ;-)

Yes, we've had this happen.  If you have *ever* given out a pre-filled-out
form with just the NIC handle entered in your tech contact field, and someone
fills in specifics in that tech contact section, it'll CHANGE your/the tech
contact's NIC record.  

We used to give people forms, but now we tell them to send requests to
hostmaster at, and then we send them the form, review it when they
send it back, and submit it to the NIC ourselves.

The guardian project should be in place soon, and that will (hopefully) save
us from these problems...

It's even more fun when someone reprograms your name server IP entries...

> Regards,
> Barry
> Sr Internet Engineer
> Mikrotec Internet Services


More information about the NANOG mailing list