domain hijacking - what do you do to prepared?
ge at linuxbox.org
Mon Jan 17 00:24:14 UTC 2005
Until today, I considered this to be a real and relevant threat,
although rather low in my matrix.
As someone I know said today, now that kiddies saw how much "fun" this
is, I am sure they will attempt this again.
The question that comes to mind is - what do you do to be prepared?
I suppose that other than setting registrar lock in place, there is
another thing one can do.
Whether it's checking the expiration date for your domain, establishing
contact with your up-in-line authority - registrar, tld, etc. depending
on who you are.
Having the relevant contact information at hand, establishing a set
policy on how to handle such an incident and who to contact, bugging
your next-in-chain about setting a policy on this with you, as well as
setting such a policy for those who are slaves to you.
That said, all that is left now is to see how this happened (so that it
won't happen again - just killing a fire doesn't mean it won't be
re-ignited) and perhaps think a bit on how we do things - which I am
sure many will now do.
Maybe this can be another discussion issue for the next NANOG
get-together as well?
More information about the NANOG