[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Domain hijacking, InterNIC loopholes

To: [email protected] (David Mazieres)
Subject: Re: Domain hijacking, InterNIC loopholes
From: Rishab Aiyer Ghosh <[email protected]>
Date: Fri, 2 Feb 1996 07:56:41 -0800 (PST)
Cc: [email protected], [email protected] (Rishab Aiyer Ghosh)
In-Reply-To: <[email protected]> from "David Mazieres" at Feb 1, 96 02:34:48 pm
Sender: [email protected]

David Mazieres wrote:
> How can you say there are no routers?  The verification process is a
> confirmation E-mail message.  To intercept this you must compromise a
> router, a nameserver, or the host on which the domain administrator
> reads mail.  Since there often are multiple domain administrators
> on different networks, I stand my my statement that it would require
> multiple active attacks, etc.

The confirmation message is sent to the address
requesting an update. This could be anyone. To take
a real example, my dxm.org domain was modified by
[email protected] - neither the existing admins,
nor [email protected] received any confirmation, as the request
was sent from another address. The InterNIC does NOT
require domain update requests to be sent by admins - 
that is, in fact, the simplest level of authentication
that will be introduced by the InterNIC Guardian Object.

Rishab

Prev by Date: Re: Domain registration
Next by Date: Police PR Mendacity
Prev by thread: Re: Domain hijacking, InterNIC loopholes
Next by thread: Re: Time codes for PCs (fromn German Banking)
Index(es):
- Date
- Thread