It looks like we picked up yet another /8... --asp@uunet.uu.net (Andrew Partan) * 4.0.0.0 192.41.177.180 10 0 3561 86 1 i *>i 198.32.136.14 10 100 0 1 i
I just got off the phone with Internic after a very disturbing discovery. I received a call from a client asking why their Administrative/Techinical/Zone contact was someone they had never seen before. When checking it, it seemed like somehow this person had been put on many of our registered domains. Upon closer inspection, I realized that the NIC Handle was the same; it was just who owned it that was different. Somehow, the Internic Handle was overwritten. This was our CEOs handle (MP122) and it was on EVERY single domain we owned. I was somewhat surprised that such a basic service as registering NIC Handles could be overwritten. Well, I just got another call from a client asking close to the same thing. This time, upon inspection, it seems our VPs handle was overwritten - and by our closest competitor! Everytime I've called the Internic about this matter (with the exception of one time) I have gotten excellent service, but no answer on how this happened or if they can ensure it won't happen again. Does anyone else out there have their NIC Handles overwritten? Does anyone know the security procedure they use to guard the Handles? I can understand the first time it happening to us, but the second time? I really need some statistics on how often this happens so I can determine if I should be paranoid or no. ;-) Regards, Barry Sr Internet Engineer Mikrotec Internet Services http://www.mis.net/
I just got off the phone with Internic after a very disturbing discovery. I received a call from a client asking why their Administrative/Techinical/Zone contact was someone they had never seen before. When checking it, it seemed like somehow this person had been put on many of our registered domains. Upon closer inspection, I realized that the NIC Handle was the same; it was just who owned it that was different. Somehow, the Internic Handle was overwritten. This was our CEOs handle (MP122) and it was on EVERY single domain we owned. I was somewhat surprised that such a basic service as registering NIC Handles could be overwritten. Well, I just got another call from a client asking close to the same thing. This time, upon inspection, it seems our VPs handle was overwritten - and by our closest competitor! Everytime I've called the Internic about this matter (with the exception of one time) I have gotten excellent service, but no answer on how this happened or if they can ensure it won't happen again. Does anyone else out there have their NIC Handles overwritten? Does anyone know the security procedure they use to guard the Handles? I can understand the first time it happening to us, but the second time? I really need some statistics on how often this happens so I can determine if I should be paranoid or no. ;-)
Yes, we've had this happen. If you have *ever* given out a pre-filled-out form with just the NIC handle entered in your tech contact field, and someone fills in specifics in that tech contact section, it'll CHANGE your/the tech contact's NIC record. We used to give people forms, but now we tell them to send requests to hostmaster@netaxs.com, and then we send them the form, review it when they send it back, and submit it to the NIC ourselves. The guardian project should be in place soon, and that will (hopefully) save us from these problems... It's even more fun when someone reprograms your name server IP entries...
Regards,
Barry
Sr Internet Engineer Mikrotec Internet Services http://www.mis.net/
Avi
participants (3)
-
asp@uunet.uu.net
-
Avi Freedman
-
Barry James