« Second Annual Lupulin Slam | Main | Panix is back (sorta) »
January 16, 2005
Panix.com Hijacked
It's been over a day now since one of the oldest ISPs in the nation has had its domain hijacked.
This thread on /. has the information, this particular comment from tjls is pretty damned eye-opening:
What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever (this violates all the relevant RFCs for the Shared Registration System and the current ICANN policy *and* seems to indicate a severe bug or security problem somewhere in the registration system).
What's particularly scary is that melbourneIT.com isn't open on the weekends, period (though oddly enough they transferred the domain first thing on Saturday, hmmmm) and won't do anything to help. There are lots of ugly details in the NANOG mailing-list archive [merit.edu], particularly in this message from Perry Metzger [merit.edu], this message from Richard Cox [merit.edu], and this message from me, which includes a slimy note from some customer-service flack at Verisign [merit.edu].
This has clearly happened to others in the past, and highlights a serious flaw in the current registry-registrar system. We are not 100% sure how the domain was transferred between registrars with no notice to anyone (though I have some hunches I won't go into here right now) but consider this: a rogue or penetrated registrar can effectively put you out of business for the duration of the ICANN complaint and appeals process, with no notice, and there may be nothing you or anyone else can do about it short of extremely expensive legal action, even if you get law enforcement involved. Yuck.
If this sort of thing can happen to Panix, it can happen to anyone. Clearly, from reading the NANOG list, this seems to have been a serious and well thought out attack intended to cripple Panix for some reason. I'm boggled by Verisign's lack of response, and boggled more that this has happened more than once with MelbourneIT.
If you do need Panix, reach them on Panix.net, instead.
UPDATE: This is Alexis' note to NANOG.
Posted by Samer at January 16, 2005 12:39 PM
Trackback Pings
TrackBack URL for this entry:
http://farha.com/cgi/mt/mt-tb.cgi/271