Cute dude. OTOH, this probably has enough operational content to merit posting to NANOG. Now all we need is for some script-kiddee to figure it out <groan>.
Behalf Of domainiac Sent: Saturday, May 06, 2000 4:08 PM
I figured out a way to completely hijack a domain in less than week under the new shared system. And by hijack I do not mean simply redirect the DNS, etc. I mean completely change the whois record to a new owner. I won't post specific directions but I am sure others could do the same trick as it is not that complicated. I passed the specific directions onto ICANN but who knows if they are likely to do anything. The vulnerability only applies to NSI domains with MAIL-FROM (or when their CRYPT-PW system screws up).
I set up an automated system that reads both the registry and registrar records, compares it the stored records, and automatically e-mails contacts with the changed info. It also can be used to track domains about to be released.
Russ Smith http://ChangeYourDomain.com