[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Domain hijacking, InterNIC loopholes



David Mazieres wrote:
> How can you say there are no routers?  The verification process is a
> confirmation E-mail message.  To intercept this you must compromise a
> router, a nameserver, or the host on which the domain administrator
> reads mail.  Since there often are multiple domain administrators
> on different networks, I stand my my statement that it would require
> multiple active attacks, etc.

The confirmation message is sent to the address
requesting an update. This could be anyone. To take
a real example, my dxm.org domain was modified by
[email protected] - neither the existing admins,
nor [email protected] received any confirmation, as the request
was sent from another address. The InterNIC does NOT
require domain update requests to be sent by admins - 
that is, in fact, the simplest level of authentication
that will be introduced by the InterNIC Guardian Object.

Rishab