I addition, there is a good rule for such situations: - first, return everything to _previous_ state; - having it fixed in previous state, allow time for laywers, disputes and so on to resolve a problem. It makes VeriSign position very strange (of course, it is dumb clueless behemot as it was all the time around) - instead of saying _OK, let's return last transactions and then you can object this change_, they just step out. Problem is much more serious than just one stolen domain - it shows 100% that VeriSign is not able to manage domain system properly. What happen if someone stole 'aol.com'domain tomorrow? Or 'microsoft.com'? How much damage will be done until this sleeping behemots wake up, set up a meeting (in Tuesday I believe - because Monday is a holiday), make any decision, open a toicket, pass thru change control and restore domain? 5 days? ----- Original Message ----- From: "William Allen Simpson" <wsimpson@greendragon.com> To: <nanog@merit.edu> Sent: Sunday, January 16, 2005 12:38 AM Subject: Re: panix.com hijacked (VeriSign refuses to help)
Since folks have been working on this for hours, and according to posts on NANOG, both MelbourneIT and Verisign refuse to do anything for days or weeks, would it be a good time to take drastic action?
Think of what we'd do about a larger ISP, or the Well, or really any serious financial target.
Think of the damage from harvesting <>logins and mail passwords of panix users.
===
Does somebody have a fast DNS server that can AXFR the records from those 2 name servers, then fix the panix.com entries?
Are people willing to announce some replacement servers as /32 BGP? Sort of an emergency anycast?
===
Alternatively, are people willing to block those name servers and/or the entire blocks they are located in, to prevent the distribution of the false panix.com addresses?
-- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32