Panix Domain Hijacking Demonstrates Vulnerabilities in Domain Naming System
January 21, 2005
The internet is a system that is governed on consensus and thus does not easily lend itself to top-down administration and with the number of domain registrars in existence the problem of differing protocols between registrars or different levels of stringency in applying those protocols guarantees that domain hijacking will continue to happen.
Panix's main domain name, panix.com, was temporarily hijacked over the weekend (January 15-16) by parties unknown. This caused mail to panix.com addresses to bounce and made it difficult to reach Panix's servers. They recovered their domain Sunday evening US-EST. The hijack occured because an Australian registrar, MelbourneIT, failed to do proper confirmation of a fraudulent domain transfer request they received. The normal process, which includes notifications to the original registrar and the current domain holder, did not occur.
ICANN- the Internet Corporation for Assigned Names and Numbers, the regulatory body that overseas responsibility for Internet Protocol (IP) address allocation, protocol identifier assignment, generic and country code Top-Level Domain name system management, and root server system management functions can issue a thousand regulations and new registrations steps but with the number of diverse internationally located domain registrars in existence there is little ICANN can do to enforce breaches. Its a little bit like when the UN issues a decision. It carries weight but if that decision is not to the liking of one of the member countries, great or small, the UN can do little about it except hope that the other members will, together, take action.
Unfortunately for Panix and the rest of those in cyberspace a technically savvy person with little or no resources can do damage on a disproportionate scale to legitimate and lawful users and providers of the internet. blog comments powered by Disqus