[registrars] Re: panix.com hijacked
Mark Jeftovic
markjr at easydns.com
Sun Jan 16 16:18:59 UTC 2005
On Sun, 16 Jan 2005, Ross Wm. Rader wrote:
> I don't see what you are looking at - .net and .com point to the same
> place with no indication of anything awry...of course, I'm late to the
> game and the DNS probably tells a different story...
>
Have you had your coffee yet Ross? panix.com is pointing to
142.46.200.72 and the website says its a parked page on
freeparking.co.uk and is delegated to nameservers ns1 and
ns2.ukdnsservers.co.uk
panix.net round robins to 166.84.1.1, 166.84.1.2, 166.84.1.3
and is delegated to ns1 and ns2.access.net
> >
> > Looks like this may be among the first high-profile unauthorized
> > transfer under the new transfer policy.
>
> Looks like a bunch of guys on the NANOG list engaging in a lot of
> conjecture without the benefit of a lot of facts.
>
Panix.com looks to have been pretty obviously moved. However what
is confusing is that the panix.net webpage seems to be "back to normal",
that is the explanation that their .com has been hijacked is gone
(it was there last night)
> > Maybe there needs to some sort of emergency reversion where at least the
> > nameservers can be rolled back immediately while the contesting parties
> > sort it out.
>
> Might be interesting - what criteria would trigger the process?
>
It could be pretty simple.
A) Only available to domains who have transfered within the
last N hours or X days.
B) invoked by the losing Registrant directly who can supply
bona-fides matching the previous version of the whois record
and can launch the process directly with the Registry
C) Has effect of rolling nameservers back and placing the
domain under registry-lock status
D) The TDRP (or something like it ) then kicks in.
-mark
--
Mark Jeftovic <markjr at easydns.com>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237
More information about the registrars
mailing list