fwd: Re: [registrars] Re: panix.com hijacked

william(at)elan.net william at elan.net
Mon Jan 17 05:35:26 UTC 2005

On Sun, 16 Jan 2005, Joe Maimon wrote:

> Thus justifying those who load their NS and corresponding NS's A records 
> with nice long TTL

Although this wasn't a problem in this case (hijacker did not appear to 
have been interested in controlling dns since it points to default domain
registration and under construction page), but long TTL trick could be 
used by hijackers - i.e. he gets some very popular domain, changes dns to 
the one he controls and purposely sets long TTL. Now even if registrars 
are able to act quickly and change registration back, those who cached new
dns data would keep it for quite long in their cache.

P.S. Just in case I chose not to send this info until panix.com had been
restored, but we really do need to deal with how it occurred in the first
place - even short term damage is bad so we need to have policies at ICANN 
that do no allow unauthorized transfers or else all domains can be "LOCKED"
by default by registrars which effectively does the same.

William Leibzon
Elan Networks
william at elan.net

More information about the NANOG mailing list