Thor Lancelot Simon tls at
Sun Jan 16 07:08:59 UTC 2005

Apologies for what may be another duplicate message, probably with broken
threading.  This is Alexis Rosen's original posting to this thread; we
think the mail chaos caused by the hijacking of kept it from
ever reaching the list (but, flying mostly-blind, we aren't sure).

> On Sat, Jan 15, 2005 at 10:27:31PM -0500, Steven M. Bellovin said:
> > has apparently been hijacked.  It's now associated with a 
> > different registrar -- melbourneit instead of dotster -- and a 
> > different owner.  Can anyone suggest appropriate people to contact to 
> > try to get this straightened out?
> Hi, all.
> I hate to pop my head up after years of lurking, only when things are
> going bad, but probably better that than remaining silent.
> First of all, I'm going to be bounced from this list once its cache of
> my DNS times out, which will probably be in about 2-3 hours, so if you have
> anything to say that you'd like me to see, please copy me. We're temporarily
> accepting mail at in addition to, so use alexis (at)
> A few points to respond to:
> First, Eric, thanks for contacting Bruce and Eric on my behalf. While
> nothing has happened so far, I hope that it will soon, and in any case
> I appreciate your efforts to help a total stranger.
> Someone asked if we had registrar-lock set. It's not clear to me what
> happened. Our understanding is that we had locks on all of our domains.
> However, when we looked, locks were off on and, which
> we own but don't normally use. It's not clear how that happened; dotster
> has yet to contact us with any information about, well, anything at all.
> They did answer a call this morning; they're apprently in the middle of
> an ice storm. All I was able to larn from them is that according to the
> person I talked to, they had no records of any transfer requests on our
> domain from today back through last October.
> Someone suggested invoking a dispute procedure. We'll do that, as soon as
> we can get someone to actually accept the dispute, but if it goes through
> that process to completion, many people will suffer, and Panix itself will
> be tremendously damaged. How long do you think even our customers will
> stay loyal? (Forever, for many of them, but that doesn't mean the won't be
> forced to start using a different service.)
> While it's true that MelbourneIT won't do anything before (their) Monday
> morning, I don't want to paint them as bad guys in this drama. I don't
> know how they're organized and I don't know how difficult it is for them
> logistically. Of course I want them to move faster. Much faster. But I'll
> take what I can get.
> And speaking of MIT,  I don't intend to send them "nastygrams" - nor NSI
> either. Neither of them owes me anything (at least directly) and being
> heavyhanded would not be a good way to get what I want (restoral of the
> domain to dotster) even if I thought they deserved it. I expect
> that there will be criminal prosecutions arising out of this, but the time
> for that sort of thing is later, when things are back to normal, and we've
> fixed any systemic vulnerabilities that can be fixed before they're used
> to wreak mass havoc. And it's anyone's guess who the target of those
> prosecutions will be, but I doubt MIT or NSI will be among them.
> Lastly, someone expressed surprise that I'd call MIT's lawyer directly.
> I didn't. I spent *hours* trying to find working contact info for MIT and
> Dotster. I didn't find useful 24-hour NOC-type info anywhere. (Someone
> obviously has this info; I expect it's restricted to a list of registrars.)
> I reached Dotster's customer support when they opened for business Saturday
> morning; the guy was polite, and did what he could, but I saw no evidence
> whatsoever of the promised attempt to assist me after he got off the phone.
> MIT apparently has no weekend support at all; I finally located their CEO's
> cellphone in an investor-relations web page. I caled him, and he had his
> lawyer call me back. That was his choice. FWIW, she's not "just" a lawyer;
> she's apparently the person who has to make decisions about reverting
> control of the domain. So she at least needs to be aware of our position.
> My impression is that she didn't fully grasp the gravity of the situation,
> and so treated us like she'd treat any other annoying customer who managed
> to track her down on her day off. This is somewhat understandable (though
> infuriating) which is why I'd hoped to talk to someone on their tech side
> first. No luck there, but if any of this reaches them, maybe that will
> start things going.
> Thanks again to everyone who has tried to help us today.
> /a

More information about the NANOG mailing list