David Mazieres wrote:
I don't think Domain hijacking is a terribly big threat. First of all, the modification process insn't fully automated. Second of all, it takes several weeks for the changes to go through. Before the
My new ISP got the domain modified in a day, or so. The proces _is_ automated, as long as you follow the template perfectly.
changes go through, the internic sends out mail to a bunch of people, including all previous administrators and administrators of all domains which contain old or new nameservers.
More to the point, the InterNIC informs all the major nameservers (such as ns.nasa.gov and all those that mirror ns.internic.net). Obviously. Without that, how would anyone know where to find your domain (even if 'hijacked')? But I never did say domain hijacking was a security threat - unlike spoofing, this can't in itself compromise your systems. But, as the InterNIC admits, it can have "serious consequences" on commercial organisations, for whom the loss of net presence for even a day could be considerable.
Thus, I'd say the domain modification process is slightly more secure than First Virtual :-) :-) :-). It relies on the security of the network routers and existing nameservers, and requires one or more active attacks or viruses to defeat. Probably your best is to wait
You obviously didn't get the point. There are no routers involved at all, or even nameservers. The Internet domain registry structure (unlike much else) is strictly hierarchic - the InterNIC is the source of all. Modify the InterNIC record, and the new record is official, and will be promptly accepted by all the nameservers that bother to track these things.
for as many as possible of the relevant sysadmins to go on vacation, and then mail-bomb them rest so hard they end up not reading all of their real E-mail. Then again, there's always the possibility that the domain administrator knows how to use procmail...
Again, whether the sysadmin eventually catches on is not the point. Unless the hijacker is exceptionally sophisticated (by, for example, not interrupting but only intercepting web and mail traffic) and the victim exceptionally stupid, the truth will be known soon. But perhaps not soon enough for, say, Hotwired or Yahoo who can't afford to go down. To drive my point home: suppose the owners of www.howtired.com (yes, it does exist) were to hijack hotwired. Further suppose that they mirrored (or otherwise replicated) hotwired's content, displaying it to users with some nasty changes, and filtering out all complaint mail. One assumes HotWired's admins are savvy enough to think of this, but you never know, and if they took a few days or more over fixing it, it would not be nice for them. Of course, their lawyers wouldn't make it nice for howtired either, if they had their address, and it wasn't in ... China! Rishab