Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
The Internet Security Your Rights Online

New York's Oldest ISP Gets Domain-Jacked 447

Howard Roark writes "Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked by persons unknown. The main effect on users is that mail sent to panix's customers is being routed to a bogus mail server run by the hijackers."
This discussion has been archived. No new comments can be posted.

New York's Oldest ISP Gets Domain-Jacked

Comments Filter:
  • Panix (Score:5, Informative)

    by UnCivil Liberty ( 786163 ) * on Sunday January 16, 2005 @03:04AM (#11377707)
    One domain hijacked and another soon to be slashdotted, sucks to be them.

    Just in case:
    "Status as of Sat Jan 15 22:04:33 EST 2005

    Panix's main domain name, panix.com, has been hijacked by parties unknown. The ownership of panix.com was moved to a company in Australia, the actual DNS records were moved to a company in the United Kingdom, and panix.com's mail has been redirected to yet another company in Canada. Panix staff are currently working around the clock to recover our domain, but this may take until Monday, due to the time differences and difficulties in reaching responsible parties over the weekend.

    For most customers, accesses to Panix using the panix.com domain will not work or will end up at a false site."


    Their catch phrase "Your $HOME away from home" is quite cute.
    • by bani ( 467531 ) on Sunday January 16, 2005 @03:43AM (#11377817)
      ...melbourneit, the registrar responsible for the mess, basically told panix to take a flying leap. verisign wasnt any help either.

      what a sad state of affairs when it's trivial to hijack a domain, but it takes an act of god to return it to its rightful owner. apparently, even law enforcement can't get verisign or melbourneit to do squat:

      Date: Sun, 16 Jan 2005 07:04:46 +0000
      From: Thor Lancelot Simon
      To: nanog@merit.edu
      Subject: Re: panix.com hijacked (VeriSign refuses to help)

      Alexis Rosen tried to send this to NANOG earlier this evening but it
      looks like it never made it. Apologies if it's a duplicate; we're
      both reduced to reading the list via the web interface since the
      legitimate addresses for panix.com have now timed out of most folks'
      nameservers and been replaced with the hijacker's records.

      Note that we contacted VeriSign both directly and through intermediaries
      well known to their ops staff, in both cases explaining that we suspect
      a security compromise (technical or human) of the registration systems
      either at MelbourneIT or at VeriSign itself (we have reasons to suspect
      this that I won't go into here right now). We noted that after calling
      every publically available number for MelbourneIT and leaving polite
      messages, the only response we received was a rather rude brush-off from
      MelbourneIT's corporate counsel, who was evidently directed to call us
      by their CEO.

      We are also told that law enforcement separately contacted VeriSign on
      our behalf, to no avail.

      Below please find VeriSign's response to our plea for help. We're rather
      at a loss as to what to do now; MelbourneIT clearly are beyond reach,
      VeriSign won't help, and Dotster just claim they still own the domain and
      that as far as they can tell nothing's wrong. Panix may not survive this
      if the formal complaint and appeal procedure are the only way forward.

      > Date: Sun, 16 Jan 2005 00:21:33 -0500
      > To: , NOC Supervisor
      > Subject: Re: FW: [alexis@panix.com: Brief summary of panix.com hijacking incident]
      (KMM2294267V49480L0KM)
      > From: VeriSign Customer Service
      > X-Mailer: KANA Response 7.0.1.127
      >
      > Dear Alexis,
      >
      > Thank you for contacting VeriSign Customer Service.
      >
      > Unfortunately there is little that VeriSign, Inc. can do to rectify this
      > situation. If necessary, Dotster (or Melbourne) is more than welcome to
      > contact us to obtain the specific details as to when the notices were
      > sent and other historical information about the transfer itself.
      >
      > Dotster can file a Request for Enforcement if Melbourne IT contends that
      > the request was legitimate and we will review the dispute and respond
      > accordingly. Dotster can also contact Melbourne directly and if they
      > come to an agreement that the transfer was fraudulent they can file a
      > Request for Reinstatement and the domain would be reinstated to its
      > original Registrar. Dotster could submit a normal transfer request to
      > Melbourne IT for the domain name and hope that Melbourne IT agrees to
      > transfer the name back to them outside of a dispute having been filed.
      > In order to expedite processing the transfer or submitting a Request for
      > Reinstatement however Dotster will need to contact Melbourne IT
      > directly. If Dotster is unable to get in touch with anyone at Melbourne
      > IT we can assist them directly if necessary.
      >
      > Best Regards,
      >
      > Melissa Blythe
      > Customer Service
      > VeriSign, Inc.
      > www.verisign.com
      > info@verisign-grs.com
      • As an Aussie, I don't think I'll ever deal with Melbourne IT after hearing this. Their ridiculous high prices are meant to include top support... Seems they're letting everyone down.

        Anyone know if they could stand to lose their registrar license? I mean, you can't just pass fraudulent transfers like that....
        • Top support to _their paying customers_ I expect, not top support to foreign companies trying to inconvenience same customers ...
      • "Alexis Rosen tried to send this to NANOG earlier this evening but it looks like it never made it"

        Damn, that startled me!
      • by Anonymous Coward on Sunday January 16, 2005 @12:41PM (#11379340)
        I'm just a paralegal, so this isn't legal advice. But I've worked on these cases enough to know what that letter is telling you. First, you need to hire a lawyer to handle this. Second, the letter is telling you the precise steps to take. Follow them like you would command line instructions and you will get the best results.

        Only the new registrar can help. That is your target. Get Dotster to send the Request for Enforcement. Call up and get to know someone at Dotster (and Melbourne) and call and call and call. Be friendly and do all they ask, step by step. Give them all the info you can find about the new person claiming ownership. Look up in Betterwhois and find out who is the new owner. I'm betting dollars to doughnuts, you will find it isn't a real address. Try to contact the new owner by the address, email, phone listed. If you get no response, tell Dotster. Point that out. Find out if the new place is spamming, porn, whatever. That is almost certainly what is happening to your customers. Make clear to the new registrar that they got the domain through lying, trickery, however they got it. Details and proof.

        This is a standard hustle, and usually names change as well as registrars. They generally use more than one hop because it is harder to get it back, harder to trace. Verizon is the worst, in my experience, and they won't help you, but if you can get Dotster and Melbourne on this, they will have to. Make a note of who didn't help you and make future decisions about who you want as your registrar.

        You should be able to get it back, but it may take time.

        Again, the key to it all is get a lawyer. They know exactly how this dance goes. A lawyer who does UDRP. That is what you ask for. It's called domain name hijacking.
      • what a sad state of affairs when it's trivial to hijack a domain, but it takes an act of god to return it to its rightful owner. apparently, even law enforcement can't get verisign or melbourneit to do squat:>/I>

        I think it's good that the response was what it was. After the lawsuits service providers like verisign will have learned an important lesson. Had they just put things back and said "opps" the chance to teach them them the importance of not letting this happen in the first place might have b

    • Re:Panix (Score:5, Informative)

      by wpanderson ( 67273 ) on Sunday January 16, 2005 @07:14AM (#11378233)

      Looks like their MX records are back under their own control ...

      intrepid:~> dnstracer -s . panix.com
      Tracing to panix.com[a] via A.ROOT-SERVERS.NET, maximum of 3 retries
      A.ROOT-SERVERS.NET [.] (198.41.0.4)
      |\___ M.GTLD-SERVERS.NET [com] (192.55.83.30)
      | |\___ ns2.ukdnsservers.co.uk [panix.com] (207.61.90.196) Got authoritative answer
      | \___ ns1.ukdnsservers.co.uk [panix.com] (142.46.200.67) Got authoritative answer
      [snip]
      intrepid:~> host -t mx panix.com
      panix.com MX 200 mailhost-l2.panix.com
      panix.com MX 150 mailhost.panix.com
      intrepid:~> host -t any mailhost.panix.com
      mailhost.panix.com does not exist, try again
      intrepid:~> host -t any mailhost-l2.panix.com
      mailhost-l2.panix.com A 166.84.1.75
      intrepid:~> whois 166.84.1.75

      OrgName: Panix Public Access Internet
      OrgID: PPAI
      Address: 15 West 18th St.
      Address: 5th Floor
      City: New York
      StateProv: NY
      PostalCode: 10011
      Country: US

      NetRange: 166.84.0.0 - 166.84.255.255
      CIDR: 166.84.0.0/16
      NetName: ACCESS-NET-B
      NetHandle: NET-166-84-0-0-1
      Parent: NET-166-0-0-0-0
      NetType: Direct Assignment
      NameServer: NS1.ACCESS.NET
      NameServer: NS2.ACCESS.NET
      Comment:
      RegDate: 1993-11-10
      Updated: 2000-08-21

      TechHandle: PANIX5-ARIN
      TechName: Panix Network Information Center
      TechPhone: +1-212-741-4400
      TechEmail: hostmaster@panix.com

      OrgTechHandle: PANIX5-ARIN
      OrgTechName: Panix Network Information Center
      OrgTechPhone: +1-212-741-4400
      OrgTechEmail: hostmaster@panix.com

      # ARIN WHOIS database, last updated 2005-01-15 19:10
      # Enter ? for additional hints on searching ARIN's WHOIS database.

      ... or did I miss something

      • Re:Panix (Score:3, Informative)

        I'm still getting the freeparking IP for the MX from my local servers, but network-tools.com is showing the right info.

        Presumably my stuff is cached; but at least the TTL on the hijacked domain is to 7200s. Nice and short.
      • Re:Panix (Score:5, Informative)

        by Simon Brooke ( 45012 ) * <stillyet@googlemail.com> on Sunday January 16, 2005 @12:06PM (#11379160) Homepage Journal
        As of 17:03 GMT, I am getting (via British Telecom's nameservers):

        Domain Name.......... panix.com
        Creation Date........ 1991-04-22
        Registration Date.... 2005-01-15
        Expiry Date.......... 2006-04-23
        Organisation Name.... vanessa Miranda
        Organisation Address. 1010 Grand Cerritos Ave
        Organisation Address.
        Organisation Address. Las Vegas
        Organisation Address. 89123
        Organisation Address. NV
        Organisation Address. UNITED STATES

        Admin Name........... na vanessa Miranda
        Admin Address........ 1010 Grand Cerritos Ave
        Admin Address........
        Admin Address........ Las Vegas
        Admin Address........ 89123
        Admin Address........ NV
        Admin Address........ UNITED STATES
        Admin Email.......... jzoh@yahoo.com
        Admin Phone.......... +44.702413697
        Admin Fax............ +44.7026413697

        Tech Name............ Domain Admin
        Tech Address......... Burnhill Business Centre
        Tech Address.........
        Tech Address......... Beckenham
        Tech Address......... BR3 3LA
        Tech Address......... Kent
        Tech Address......... GREAT BRITAIN (UK)
        Tech Email........... admin@powerhost.co.uk
        Tech Phone........... +44.2082496081
        Tech Fax............. +44.2082496076
        Name Server.......... ns1.ukdnsservers.co.uk
        Name Server.......... ns2.ukdnsservers.co.uk
    • Re:Panix (Score:3, Insightful)

      by canuck57 ( 662392 )

      but this may take until Monday, due to the time differences and difficulties in reaching responsible parties over the weekend.

      I smell a law suit a happening. But given the lack of response from this registrar their registration should be pulled if they don't have it fixed with 30 minutes notice.

      And maybe ISPs will lean on ICANN to remove the registrar. It is easy to protest. If the top ten ISPs blocked this registrars DNS servers this would in fact make it worth their while to get their act togethe

    • Re:Panix (Score:5, Interesting)

      by rs79 ( 71822 ) <hostmaster@open-rsc.org> on Sunday January 16, 2005 @11:34AM (#11378980) Homepage
      It's not like you folks wern't warned this would happen. The NSI-ICANN agreement took away any power NSI had to fix this.

      An in band solution altering DNS is probably not a solution, welcome to the modern internet and oddly, I don't see a peep out of ICANNs "Transfer Task Force".

      The proper geek way to fix this is with BGP. Why hasn't anybody had the cajones to do this yet?

      If somebody cares to contact me preferably by voice I can put the correct NS records for panix i the ORSC root zone and those of you sensible enough to not rely on other people to be in charge of the entire domain tree will be able to get to (alas) poor Panix normally.

      John Berryhill is in Deleware and is now aware of the problem. When he stopped laughing he said he'd make some calls, lawyer to lawyer. And he is in Deleware. The address in DE of the NS host to panix is a residence, FWIW. Wilmington is not a large place...

      I must say when I heard panix had been hijacked by something in Wilmington De and Canada my heart stopped till I found out is wasn't me and John.

      If you're not scared enough, JB suggests you go to any_domain.1bu.com and welcome to the Chinese global phishing site.

      • Re:Panix (Score:3, Interesting)

        Because BGP is a technical solution to a human problem, that of verifying users requests. And the BGP traffic is already a signifant amount of traffic to core routers: adding another layer of manipulation and complexity to them is asking for more brokenness, and many of the top-tier providers manipulate their BGP information to raise the "distance" of what are fiscally expensive routes, or to blackhole people they don't like.

        Take a look at the routing wars surrounding the various spam blackhole lists if yo
    • by maugt ( 3520 ) on Sunday January 16, 2005 @01:15PM (#11379506) Homepage
      This does happen a lot more than you think. I started a blog to document it at Orangelimey.blogs.com [blogs.com]

      NSI is currently claiming that the transfer was legitimate - somehow the hijacker got into the administrative contact's email and compromised the accounts - how we still don't know. However, the person that ended up with the domain seems to be willing to give it back.

      Really, the whole domain security thing is ridiculous. For a domain (which is considered property under a ruling from the appeals court in the sex.com case) to be transfered with such lax legal proceedings is pathetic. Can I steal your car or your house by simply faking email and guessing passwords? Of course not.

      Maybe panix can make enough of a stink about this to get someone to stand up and take notice - although who can do this I don't know. ICANN is toothless and only cares about trademark disputes.

      Someone told me as a result of this that 40,000 domains were hijacked in the last year. I don't know where this data comes from, but really, obviously something is wrong.

      Feel sorry for panix, I used them when I lived in NYC
    • UPDATE (Score:3, Informative)

      by rs79 ( 71822 )
      Berryhill went to the house in Wilmington. The address is bogus.

      Or rather the address is real but the guy we're looking for doesn't live there any more and the poeple there get all "sorts of wierd things".

      This apparanly is not the first time this happened.

      The lawyer in question has moved to PA.

      John's gong home to check state corporate registration records to try to find him.
  • by Jewcatur ( 843263 ) * on Sunday January 16, 2005 @03:04AM (#11377708) Journal
    Wow, total irony here

    Do you realize how hypocritical that Michael is posting this story when Michael himself hijacked censorware.org from the people it belonged to? I reproduce the story here (you can read the original here [spectacle.org]:

    h2>Michael Sims, Domain Hijacking and Moral Equivalency by Jonathan Wallace jw@bway.net [mailto]

    How would you feel if your webmaster maliciously took your web-site offline, then, when you demanded its return, put up a site attacking your company at your old URL? It happened to a group I was involved in, the Censorware Project, currently at http://www.censorware.net [censorware.net]. The purpose of this essay is to put the behavior on record, and to give you some impressions and inferences about it.

    The Censorware Project was originally an informal collective of six people who collaborated online to fight censorware: Seth Finkelstein [sethf.com], Bennett Haselton [peacefire.org], Jamie McCarthy [mccarthy.vg], Mike Sims, Jim Tyre and myself. Several of us had never met or even spoken on the phone, yet for some time -- around two years as I recall -- we had a remarkably easy collaboration. There was no funding, no hierarchy, no titles, not even project managers. Someone would suggest a project and take the responsibility for a part of it, others would sign up for other elements, and proceeding this way we got a remarkable amount of work done, including reports on X-Stop, Cyberpatrol, Bess and other censorware products.

    Even though two of us were attorneys -- Jim and myself -- we never incorporated the group or wrote a charter or any contracts among ourselves. Mike Sims was obliging enough to register the domain, just as other members paid for press releases and the other incidental expenses which came along. Mike also served as webmaster of the censorware.org site and did substantial work [sethf.com] for the group, including writing contributions to several of the reports and lead authorship of at least one. Seth was the source [sethf.com] of our decrypted censorware blacklists [sethf.com] and managed many technical tasks, but later felt he had to leave the group because of the increasing prospects of a lawsuit [chillingeffects.org], particularly under the Digital Millennium Copyright Act (DMCA). After Seth left the group, the remaining five continued.

    Robert Frost said that "nothing gold can stay," and the Censorware Project was no exception. Over the summer of 2000, Mike Sims' reaction to a perceived slight from Jim Tyre was to take the site down for a week. He sent us mail at the time saying something like "The Censorware Project is now closed." [sethf.com] I replied to him that, given that the group was a collective and we all had an interest in its work product, the domain, and the goodwill it had achieved, the decision was not his to make. Sims did not reply.

    After Seth created a partial, text, mirror, Mike put the site back up a week later without explaining, let alone apologizing for, his actions. Given his continuing failure to answer any email from me (and I think from others) and the overall signs that Sims thought the group was exclusively his, I wrote him several emails requesting that he turn the domain over to Jamie or Bennett, as I felt we could no longer trust him to administer it. We also found out during that time that important email from people trying to contact us, including members of the press, was not being answered by Sims, nor being forwarded to other members.

    I ultimately became exasperated that my name was listed as a principal on what had now become a "rogue" site I had no control over. Over about

    • by Anonymous Coward on Sunday January 16, 2005 @03:07AM (#11377719)
      > Mike Sims was obliging enough to register the domain

      In other words he owned the name from the beginning, hence could not 'hijack it'.

      I'm going for a drive in my car. Can my neighbour report the car stolen? well sure, if they're stupid.

      That's what this is.
      • by gaspyy ( 514539 ) on Sunday January 16, 2005 @09:13AM (#11378489)
        As always, misleading analogy.

        It's more like this
        Gullible Buyer: "Hey friend, you are more knowledgeable with cars, will you buy me one? Here's the cash, go to the local deader, buy whatever seems good; I don't know all the tech-speak and I am sure the sales rep. will try to rip me off"
        Friend: "Sure. Count on me" ...
        Later:
        Friend: "I bought this great car, but I made the papers on my name. But don't worry, I'll let you drive it"
        Gullible Buyer: "Uhhh, thanks, I guess" ...
        Later:
        Friend: "You know, this car is mine, so fuck off!"

        Believe it or not, I've seen this happening more than once with regard to domain names. One example: The client is a newcomer and the contractor was SO helpful, they provided the internet connection, made and hosted the company website and even registered the domain name (on their name, not the client's name). The client doesn't even notice. A few years after that, the client realizes the mistake, tries to take ownership of the domain. The contractor asks for $50,000.

        Luckily, in that case the client also has a trademark on the name, so i advised them to threaten the contractor with a lawsuit and never give in. I don't know the latest status in this matter but I think the contractor will give the domain to the rightful owner.
    • by martinoforum ( 841942 ) on Sunday January 16, 2005 @03:25AM (#11377772)
      It's certainly ironic, I must say. But judging by most of my reading, the sole requirement of being an editor on a Linux or Open Source related news site is to be as insufferable an asshole as possible and refuse to resign, ever, regardless.

      If it wasn't for the fact that I read Slashdot purely to be reminded of the fact that being a geek does not make you smart - something I feel it is good to remind oneself of on a regular basis - I would probably have stopped reading in horror.

      But really, it would only matter if Michael had a good job. "He hijacked their domain! And now he's a success!" they cry. A success? Jesus, by what standards!? He reads hoax stories about fish washed up by tsunamis, doesn't bother to check any facts and just posts them regardless. And that doesn't even constitute doing a bad job, by Slashdot standards. So if that's the standards they require, I can't imagine it is too hard to get qualified "journalists" to work for them, and they doubtless pay a rate commensurate to his boundless skills.

      Just get back to your Neal Stephenson books and consider him Andrew Loeb, everybody. He'll doubtless get shot in the end anyway...
    • by Anonymous Coward on Sunday January 16, 2005 @03:26AM (#11377774)
      Mike Sims was obliging enough to register the domain

      Because you didn't have any formal orginazation, he screwed you.

      That's the problem with relying on donated resources, thay can go away at any time. Mike donated the domain name and webserver, then chose not to.

      What he did next shows that he's not an honorable person, but then we knew that from his editorializing here on /..
    • by sexysciencegirl ( 829001 ) on Sunday January 16, 2005 @03:29AM (#11377781) Homepage
      Parent's post is at +5 at 12:30amPST, 1/16/05. Who wants to bet that it
      1) will be fixed at -1
      2) becomes another post of death [slashdot.org]
      before the day is over?
      It wouldn't be the first time when slashdot editors' actions go directly against their high-horse stance against censorship and try to hide any views that they personally don't like.
      I would like to remind Michael that you only support free speech if you support your enemies' rights to say things that you don't like and hope that you prove me wrong.
    • beat. to. death.
    • by bonch ( 38532 ) on Sunday January 16, 2005 @03:42AM (#11377813)
      People do not like him as an editor here. Michael constantly editorializes by sticking his opinions into the article submission instead of in a comment like the rest of us have to. He often modbombs threads and blacklists people who post in them from moderating. Even if you don't like Taco's endless dupes or typos, at least he lets the submission speak for itself (iPod launch comment excluded). Michael does very unprofessional things like the infamous all-caps attack toward Intel in the 64-bit chip article last year.

      No, this is not just a hobby site where those kinds of things fly. This is a highly-visited news site, considered a major source of tech news for geeks, and a corporate-owned entity of OSTG who employs Malda and company. There's an amount of responsibility you ethically must adopt when your site gets so popular that it's name alone becomes a verb due to the server-killing power of its readerbase.

      Michael also does things like edit the words of people's submissions, like adding quotation marks around the word "revealed" in this story [tinyurl.com] (now in my sig). Regardless of what you think of the story, that's just plain misleading and twisting the words and intent of the submitter, making it appear they meant something other than what they did. If it was an anonymous submitter, that would be different, but now Michael has stuffed a message into the submitter's mouth that was not there. At least show a little respect for the people who are providing your content.
    • This is a superb example of "irony," oft-misapplied on Slashdot, not hypocricy.
  • by eviljim ( 73860 ) on Sunday January 16, 2005 @03:09AM (#11377729) Homepage
    It's not surprising this has happened. Many, many companies do not take administrating their domain seriously, and several registrars -- Network Solutions especially -- make it very easy to steal domains.

    I know this from experience -- many years back one morning I woke up and Excite.com, Angelfire.com, and a few other domains were mysterically owned by me. The only thing the hijacker needed to do (it wasn't me, by the way) was send in a single email. Old Story at Wired [wired.com].
    • by John Seminal ( 698722 ) on Sunday January 16, 2005 @03:16AM (#11377746) Journal
      It's not surprising this has happened. Many, many companies do not take administrating their domain seriously

      How do you administer domain security??? All I can think of is a tough password for the registrar. Or do all the changes by telephone only.

      • First and foremost, choose a registrar that is secure. Under the old Network Solutions regime things were mostly done with email forms and the base method of security was verifying the "From" address an email was sent by. Yeah. That's not very secure, yet Exite was using it as opposed to at least the slightly better password or crypt-password options.

        Most registrars now use password protection and a web interface (Network Solutions does this now too). Yet like with everything else people will have stup
      • The surprise isn't that such a theft happened. The surprise is that it took this long. Verisign's willingness and ability to verify their customers' identity has been a joke for years, as thousands of throwaway domains registered by spammers and other frauds have demonstrated.

        Verisign doesn't want to verify and fully identify their customers. It's a lot of work, it doesn't create extra business, and it would make the fraud domains too traceable and cost them a significant revenue source, and would make the
    • Well, with a name like eviljim, I'm not surprised they wound up under your control [grin]
  • by EvilStein ( 414640 ) <`spam' `at' `pbp.net'> on Sunday January 16, 2005 @03:12AM (#11377733)
    *How did this happen?
    *Was it the registrar that was at fault?
    *Did they forget to renew the domain?
    *What is the registrar doing about the issue? (if anything)

    I'm kind of curious about this..
    • by Gendalia ( 241762 ) on Sunday January 16, 2005 @04:06AM (#11377856)
      Panix's registrar has no record of the transfer request. Dotster's whois shows that the domain needs to be renewed by April.
      Registrant:
      Public Access Networks Corp.
      15 West 18th Street, 5th floor
      New York, NY 10011
      US

      Registrar: DOTSTER
      Domain Name: PANIX.COM
      Created on: 22-APR-91
      Expires on: 23-APR-05
      Last Updated on: 15-JAN-05

      Administrative, Technical Contact:
      Hostmaster, Panix hostmaster@panix.com
      Public Access Networks Corp.
      15 West 18th Street, 5th floor
      New York, NY 10011
      US
      212-741-4400
      212-741-5311

      Domain servers in listed order:
      NS1.ACCESS.NET
      NS2.ACCESS.NET

      End of Whois Information
  • by John Seminal ( 698722 ) on Sunday January 16, 2005 @03:14AM (#11377739) Journal
    I am writing this as a webmaster of a smaller personal website.

    How can someone take my domain, that I paid for, and hijack it? And if you register for a domain, for a period of time, say 1 year, can someone at the end of that time come and take the domain away, or do you always get the first chance to renew?

    Does security of domains have anything to do with the company that registers??

    There are so many questions...

    • by PornMaster ( 749461 ) on Sunday January 16, 2005 @03:19AM (#11377755) Homepage
      Well, first thing to do is use the feature "REGISTRAR-LOCK" to make sure that for a domain transfer, not only does there need to be authorization from the listed contacts, but also you need to log in to your registrar and unlock it first.
    • How This Can Happen (Score:5, Informative)

      by ErichTheWebGuy ( 745925 ) on Sunday January 16, 2005 @03:42AM (#11377815) Homepage
      See this story [netcraft.com] on Netcraft, which details the recent policy change by ICANN.

      In short, if someone initiates a transfer request, you then have 5 calendar days to respond, or else the transfer happens unopposed. You can prevent this by activating the REGISTRAR-LOCK feature on your domain name. The procedure varies by registrar, but it's usually called "domain lock" or something similar. All registrars have to at least give you the option of requesting this feature.

      Some registrars (godaddy, I know for sure does) activate this lock by default, Some require you to activate it explicitly. Check with the support dept. at your registrar for further details.
  • PROFIT (Score:2, Funny)

    by killa62 ( 828317 )
    1 steal domain 2 sell it back 3 ??? 4 PROFIT!!!
  • Rogue registrars? (Score:5, Informative)

    by tjls ( 665309 ) on Sunday January 16, 2005 @03:31AM (#11377790)
    I tried to post about this about 10 hours ago, but no luck. Sigh.

    What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever (this violates all the relevant RFCs for the Shared Registration System and the current ICANN policy *and* seems to indicate a severe bug or security problem somewhere in the registration system).

    What's particularly scary is that melbourneIT.com isn't open on the weekends, period (though oddly enough they transferred the domain first thing on Saturday, hmmmm) and won't do anything to help. There are lots of ugly details in the NANOG mailing-list archive [merit.edu], particularly in this message from Perry Metzger [merit.edu], this message from Richard Cox [merit.edu], and this message from me, which includes a slimy note from some customer-service flack at Verisign [merit.edu].

    This has clearly happened to others in the past, and highlights a serious flaw in the current registry-registrar system. We are not 100% sure how the domain was transferred between registrars with no notice to anyone (though I have some hunches I won't go into here right now) but consider this: a rogue or penetrated registrar can effectively put you out of business for the duration of the ICANN complaint and appeals process, with no notice, and there may be nothing you or anyone else can do about it short of extremely expensive legal action, even if you get law enforcement involved. Yuck.

    • raises the suspicion melbourneit was a willing party to the hijacking. it's happend before and melbourneit was involved.

      lots of spammers and domain squatters like to park domains at mit too.

      makes you wonder.
    • Re:Rogue registrars? (Score:5, Interesting)

      by ErichTheWebGuy ( 745925 ) on Sunday January 16, 2005 @03:54AM (#11377840) Homepage
      What's particularly scary is that melbourneIT.com isn't open on the weekends, period ... and won't do anything to help.

      I can vouch for this. Melbourne IT is a horrible company to try to deal with. Many US registrars (including Yahoo! domains) are resellers of Melbourne IT's services. Now, if you have a problem with your domain, just try to get in touch with someone at Yahoo. The reply I got from Yahoo was: "there is no support from Yahoo for domain names purchased through Yahoo! domains."

      Then, try to get in touch with someone at Melbourne IT. "I'm sorry, only the reseller can help you with this problem, yes even though they refuse to help you, I can't help you."

      It took me two weeks to get a domain transferred out of Yahoo/Melbourne's control and into a sane registrar that gives a crap about their customers (register.com, you can actually talk to someone on the phone there, 24/7/365).

      Seems to me that they are snappy when it comes to theft of domains, yet sluggish when it comes to any form of customer service. My advice: Boycott Melbourne IT and all of its resellers until they get a clue.
      • Re:Rogue registrars? (Score:3, Interesting)

        by Cramer ( 69040 )
        Since when has register.com ever been a "sane registrar"? You do know they've been drug into court several times for fraud, predatory business practices, and yes, transfering domain registrations without authorization. Specificly, they were sending domain renewal notices (that looked almost exactly like netsol's notices) for domains that weren't their customers. And weren't expiring either.
        • I can't speak to that, I have no bad experiences to speak of with register.com at all. I can only speak to my own experience with them, which has been great. I have over 200 domains registered through them, and never had a problem at all.

          If what you say is true (and I will be looking at it), it might make me change my tune, but I don't think so. Even if they have been evil in the past, it's obvious to me that they have shaped up quite a bit.
    • by Aurix ( 610383 )

      What's particularly scary is that melbourneIT.com isn't open on the weekends, period

      Perhaps you might like to check their site before you make such comments. They have 24/7 support.
    • Re:Rogue registrars? (Score:5, Informative)

      by Anonymous Coward on Sunday January 16, 2005 @05:04AM (#11377981)
      I've worked for Melbourne IT, and can add a little here. I've got a little bit of info on the situation.

      It's currently about 9pm on Sunday night in Melbourne. People have been alerted. Things _are_ moving. People are most certainly aware of the situation and are working to get to the bottom of it.

      The tech contact address (admin@powerhost.co.uk) is that of one of Melb IT's UK resellers, Fibranet. Its presence would indicate the transfer was initiated under that reseller's account and their access to Melb IT's systems. Possibly (I'm speculating) someone may also have got access to the reseller's account other than the reseller.

      It wouldn't surprise me if whoever did this intentionally did this near midnight Saturday, Melbourne time, near the start of Melb IT's longest point of having the office closed (midday Saturday to 8am Monday, Melbourne time). During the week there are staff on 24 hours.

      I don't speak for Melb IT here, but I really think they're copping a lot of shit for something that's not their fault. I'm not claiming they're perfect, but hell - this was done when nobody was in the damned office. They're not _evil_ there (or perfect - just human) and would never initiate anything that'd bring down this much bad press.

      Someone's playing games and using Melb IT as a tool. It'll all get untangled before long and we'll find out who's really to blame for this.
      • Exsqueeze me? One of the biggest registrars that a lot of poeple have had trouble with is CLOSED for the weekend?

        I run a bunch of (free) mailing lists and DNS for a variety of stupid things like cars, tropical fish, dns etc. I'm open 24/7 and get calls at 4:30 am, not happily, but I do fix stuff. That MIT as a multimillion dollar organization thinks it's ok to take the weekend off critical internet infrastructure should be enough to get their precious ICANN accreditation yanked. But given how much money MI
    • MelbourneIT originates from the hallowed halls of Melbourne University [unimelb.edu.au]. You'd be lucky if they ever find the phone let alone pick it up. What a university is doing with their hand in domains is a question for their philosophy department.

      Oh, and we can blame Melbourne University for this cretin [dame-edna.com] among others.
    • Re:Rogue registrars? (Score:5, Interesting)

      by xlsior ( 524145 ) on Sunday January 16, 2005 @05:22AM (#11378030)
      What seems to have happened is that somehow the Australian registrar "melbourneIT.com" yanked the fully paid-up registration away from Dotster (where Panix had it) without any notice whatsoever

      Or so they say.

      What many people here may not be aware of, is that the domain registry system had a slight overhaul recently, after ICANN mandated a change in the registrar transfer procedures.

      More specifically: while in the past a domain transfer would automatically be rejected when the account holder did not approve it, recently this changed so now a transfer request get approved by default unless the account holder actively rejects it.

      Yes -- that means that if the owner to be on vacation, doesn't check his mail frequently enough, has a spamfilter that ate the transfer notice, or simply never received the message in the first place for whatever other reason, the domain transfer request will automatically be granted.

      ICANN's reasoning for this was alledgedly that it would prevent a defunct hosting provider or non-working administrative account from keeping a customer's domain hostage.

      The only way to change this behaviour and reject a domain transfer by default, is to lock the domain with the registrar. Many of the registrars responded to this policy change by proactively locking all domains hosted with them with little warning (Network Solutions, for example)

      Anyway, it's quite likely that this domain in question simply didn't get locked (or was actively unlocked by the administrator because it was deemed inconvenient?). Then if anyone sent a (bogus) transfer request and the administrator either didn't see the notice or didn't respond in a timely fashion to reject it, this would happen.

      This will happen to ANY domain that is not currently locked, and who's admin contacts aren't paying close enough attention to their mailbox. If you haven't already done so: MAKE SURE YOUR DOMAINS ARE LOCKED!!!

      Yet another example of how ICANN makes the world a better place, I guess.
      • Re:Rogue registrars? (Score:5, Interesting)

        by Anonymous Coward on Sunday January 16, 2005 @05:26AM (#11378040)
        I've been involved in investigating this for most of today. In fact, it's not just the admin and tech contacts at Panix who were never notified; the transferred-from registrar (Dotster) was never notified.


        Even under the new ICANN rules, that's not supposed to be possible. Someone is playing games with the system.

  • I blame it partially on the registrar for not verifying the identity of the person attempting to transfer the domain.

    Granted an ISP should have known to use REGISTRAR-LOCK, but what about Joe Shmoe with his domain to host family pictures?
  • You tawkin' ta ME? (Score:3, Interesting)

    by Doc Ruby ( 173196 ) on Sunday January 16, 2005 @04:06AM (#11377857) Homepage Journal
    Panix is an old haunt of lots of very savvy New York geeks, particularly security and OS hackers with lots of money and techniques. I'd hate to piss them off, especially with an attitude that merely a planet-width and a foreign law license protects me from my obligation not to screw them.
  • by Doc Ruby ( 173196 ) on Sunday January 16, 2005 @04:14AM (#11377871) Homepage Journal
    As this post [merit.edu] points out, having hijacked panix.com, MelbourneIT could be logging all userID/password logins to shell.panix.com . So Panix customers should all login to the "temporary" replacement, shell.panix.net , and change their passwords ASAP. Then fly to Melbourne with baseball bats.
  • by Doc Ruby ( 173196 ) on Sunday January 16, 2005 @04:19AM (#11377887) Homepage Journal
    Anyone in Melbourne with a baseball bat, who wants free drinks the next time they visit New York, want to go "knocking" on MelbourneIT's door?
  • by ZenJabba1 ( 472792 ) on Sunday January 16, 2005 @04:22AM (#11377899) Homepage Journal
    I know some people in MelbourneIT, and have already spoken to them. They are looking into the issue
  • frontier justice (Score:2, Insightful)

    by Anonymous Coward
    I have to post this as an AC but ....

    This is an issue like spam. Frankly, and I doupt Alexis Rosen et all will go this route, but what should happen now is gunshot wounds to the head. My guess is this is a scam to clean out the paypal accounts of panix customers and/or steal domains that are hosted by panix.
  • Checking the IP that panix.com is on shows several thousand domains, and all seem to have odd names. [webhosting.info]

    That Las Vegas address used for panix.com is also similar to some used by spammers registering domains, and using a Nevada address in the whois.

    Maybe a check of some of the blocklists will show the panix.com IP listed already. 142.46.200.72

    You could try this link [panix.com] and see if the server is still up. (hint, slashdot effect)
  • Why is panix offering 128Kbps ISDN for $50 a month? Who actually uses this?
  • Password Recovery (Score:5, Informative)

    by msaulters ( 130992 ) on Sunday January 16, 2005 @04:57AM (#11377969) Homepage
    FAILED
    The Melbourne IT Registry Key for Domain Name panix.com was not able to be retrieved. This could be due to the Domain Name being managed by a Melbourne IT Reseller. Please contact your Reseller for assistance. If this fails, please go to our help center.

    www.panix.com is coming up with a freeparking.co.uk web page. This means that SOMEONE is handling DNS for the domain. That is the one piece of useful information in the current whois record. ns1.ukdnsservers.co.uk
    OK, looks like ukdnsservers.co.uk belongs to:
    Domain Name:
    ukdnsservers.co.uk

    Registrant:
    ActiveBytes Software LLC

    Administrative Contact's Address:
    2530 Channin Drive
    Wilmington
    DE
    19810 US

    Registrant's Agent:
    Fibranet Services Ltd [Tag = FIBRANET]

    Relevant Dates:
    Registered on: 25-Mar-2000
    Renewal Date: 25-Mar-2006
    Last updated: 11-Dec-2004

    Registration Status:
    Registered until renewal date.

    Name servers listed in order:
    ns3.ukdnsservers.co.uk 142.46.200.68
    ns4.ukdnsservers.co.uk 207.61.90.197

    This is a company on US soil. If the authorities have been contacted, the FBI should be breaking down these guys' doors right about now, cause they're involved in what could be considered an act of international terrorism, and I'm not being sarcastic. Either ActiveBytes Software, or one of their representatives has knowingly set up DNS records for panix.com, or they have been hacked.

    Unfortunately, it appears that even though their offices may be in Delaware, their DNS is a little farther north:

    traceroute 142.46.200.67
    (Most of traceroute omitted to pass bullshit lameness filter)
    23 145 ms 75 ms 74 ms AL-7304-GigE2.telecomottawa.net [142.46.200.1]
    24 82 ms 85 ms 88 ms 142.46.200.67

    Trace complete.

    traceroute 207.61.90.197
    (Most of traceroute omitted to pass bullshit lameness filter)
    18 65 ms 75 ms 64 ms core1-ottawa23-pos2-2.in.bellnexxia.net [64.230.234.90]
    19 221 ms 204 ms 217 ms ottcorr01-pos5-0-0.in.bellnexxia.net [206.108.99.146]
    20 Request timed out.
    21 244 ms 183 ms 225 ms ns4.ukdnsservers.co.uk [207.61.90.197]

    Trace complete.

    Maybe someone at telecomottawa.net could be contacted to track these people down or help out in some small way. Here's their Customer Care Page [telecomottawa.net] They have a toll-free number! Let's see if enough of us call it, or perhaps if enough of Panix's unhappy customers call it, maybe TelecomOttawa will help out (wouldn't it suck if someone were to steal the telecomottawa.net domain name from them in a similar fashion?) Anyway, the TF# is 1-888-424-7771 (X3?)

    Man, this really pisses me off that someone was able to do this, and that these guys aren't having any luck getting the problem fixed.
    • Again, I refer to my earlier post [slashdot.org] about Melbourne IT being a crappy company to try to deal with. This is the exact problem I had. My domain was being "managed" by Yahoo domains (a Melbourne IT reseller), yet they refused to offer me any kind of support at all, whether via phone, email, or anything. Visting Melbourne's "help" center only offered lip service and run-around.

      I repeat my advice which was offered above: Boycott Melbourne IT and all of its resellers until they get their shit together!
    • by Legion303 ( 97901 ) on Sunday January 16, 2005 @06:03AM (#11378107) Homepage
      "cause they're involved in what could be considered an act of international terrorism, and I'm not being sarcastic."

      Maybe not, but you're sure diluting the living fuck out of the word "terrorism."
    • by dbIII ( 701233 ) on Sunday January 16, 2005 @08:09AM (#11378344)
      they're involved in what could be considered an act of international terrorism
      Terrorists kill people - lets keep some perspective here.
  • It's 9pm on a Sunday night for melbourneIT at the moment. At worst, they'll be open in twelve hours time from now.
  • First name server is ns1.ukdnsservers.co.uk, iP 142.46.200.67

    Connecting to whois.arin.net...

    Telecom Ottawa Inc. HOT-TELECOMOTTAWA-9 (NET-142-46-199-0-1) 142.46.199.0 - 142.46.202.255
    Koallo Inc. TOL-142-46-200-64-95 (NET-142-46-200-64-1) 142.46.200.64 - 142.46.200.95
    # ARIN WHOIS database, last updated 2005-01-15 19:10

    So, IPs 64-95 belong to Koallo, Inc. A little Googling turns up the following:
    http://www.whois.sc/bellsquarry.info

    Which lists the Registrant as one Ann Street, 5 Calder Road, Bellsquarry
  • Melbourne IT, eh? (Score:4, Informative)

    by pwhysall ( 9225 ) on Sunday January 16, 2005 @07:40AM (#11378285)
    Funnily enough, they're the registrar for the scam site http://american-redcross.org/ [american-redcross.org].

    Coincidence? You decide.
  • panix rules (Score:5, Insightful)

    by Anonymous Coward on Sunday January 16, 2005 @09:46AM (#11378562)
    note how alexis keeps his cool in this message [merit.edu]:
    Hi, all.

    I hate to pop my head up after years of lurking, only when things are going bad, but probably better that than remaining silent.

    First of all, I'm going to be bounced from this list once its cache of my DNS times out, which will probably be in about 2-3 hours, so if you have anything to say that you'd like me to see, please copy me. We're temporarily accepting mail at panix.net in addition to panix.com, so use alexis (at) panix.net.

    A few points to respond to:

    First, Eric, thanks for contacting Bruce and Eric on my behalf. While nothing has happened so far, I hope that it will soon, and in any case I appreciate your efforts to help a total stranger.

    Someone asked if we had registrar-lock set. It's not clear to me what happened. Our understanding is that we had locks on all of our domains. However, when we looked, locks were off on panix.net and panix.org, which we own but don't normally use. It's not clear how that happened; dotster has yet to contact us with any information about, well, anything at all. They did answer a call this morning; they're apprently in the middle of an ice storm. All I was able to larn from them is that according to the person I talked to, they had no records of any transfer requests on our domain from today back through last October.

    Someone suggested invoking a dispute procedure. We'll do that, as soon as we can get someone to actually accept the dispute, but if it goes through that process to completion, many people will suffer, and Panix itself will be tremendously damaged. How long do you think even our customers will stay loyal? (Forever, for many of them, but that doesn't mean the won't be forced to start using a different service.)

    While it's true that MelbourneIT won't do anything before (their) Monday morning, I don't want to paint them as bad guys in this drama. I don't know how they're organized and I don't know how difficult it is for them logistically. Of course I want them to move faster. Much faster. But I'll take what I can get.

    And speaking of MIT, I don't intend to send them "nastygrams" - nor NSI either. Neither of them owes me anything (at least directly) and being heavyhanded would not be a good way to get what I want (restoral of the panix.com domain to dotster) even if I thought they deserved it. I expect that there will be criminal prosecutions arising out of this, but the time for that sort of thing is later, when things are back to normal, and we've fixed any systemic vulnerabilities that can be fixed before they're used to wreak mass havoc. And it's anyone's guess who the target of those prosecutions will be, but I doubt MIT or NSI will be among them.

    Lastly, someone expressed surprise that I'd call MIT's lawyer directly. I didn't. I spent *hours* trying to find working contact info for MIT and Dotster. I didn't find useful 24-hour NOC-type info anywhere. (Someone obviously has this info; I expect it's restricted to a list of registrars.) I reached Dotster's customer support when they opened for business Saturday morning; the guy was polite, and did what he could, but I saw no evidence whatsoever of the promised attempt to assist me after he got off the phone. MIT apparently has no weekend support at all; I finally located their CEO's cellphone in an investor-relations web page. I caled him, and he had his lawyer call me back. That was his choice. FWIW, she's not "just" a lawyer; she's apparently the person who has to make decisions about reverting control of the domain. So she at least needs to be aware of our position. My impression is that she didn't fully grasp the gravity of the situation, and so treated us like she'd treat any other annoying customer who managed to track her down on her day off. This is somewhat understandable (though infuriating) which is why I'd hoped to talk to someone on their tech side first. No luck there, but if any of this reaches them, maybe that will start things going.

    Thanks again to everyone who has tried to help us today.

    /a
  • Main effect = bad (Score:3, Insightful)

    by nurb432 ( 527695 ) on Sunday January 16, 2005 @09:52AM (#11378585) Homepage Journal
    Pretty bad when your mail doesnt come to you..

    Espcially if you are business taking orders.. or have the potential for confidential or personal info being in your emails..

    Good thing we all encrypt our mail.. right?
  • by philgross ( 23409 ) on Sunday January 16, 2005 @10:33AM (#11378727) Homepage
    Verisign has spent big $$$ to advertise its brand as the choice for heavyweight corporate customers. It boggles my mind that they're letting a high-visibility ISP twist in the wind. Talk about brand devaluation.

    Any slashdot reader in coroporate IT should be writing a memo on this and sending it to the CIO/CTO and Legal teams. What will *your* company's registrar do if someone jacks your domain on a weekend? If you're paying the bucks for Verisign, the answer seems to be nada, or maybe they'll write you an infuriating not-out-problem e-mail.

    I think the marketing/sales task for Verisign's competitors just got a notch easier too. Nothing like a good horror story...
  • very insightful (Score:5, Interesting)

    by r5t8i6y3 ( 574628 ) on Sunday January 16, 2005 @10:49AM (#11378776)
    Date: Sun, 16 Jan 2005 10:07:04 +0000
    From: Eric Brunner-Williams in Portland Maine
    To: nanog@merit.edu
    Cc: brunner@nic-naa.net, alexis@panix.net
    Subject: Re: panix.com hijacked (VeriSign refuses to help)

    Oki all,

    Its dawn in Maine, the caffine delivery system has only just started, but I'll comment on the overnight.

    You're welcome alexis@panix.net. If you'll send me the cell phone number for the MIT managment I will call wearing my registrar hat and inform whoever I end up speaking with that Bruce needs to call me urgently, on Registrar Constituency business.

    Next, put a call into the Washingtom Post. They lost the use of the name "washpost.com" which all their internal email used, to due to expiry, so their internal mail went "dark" for several hours. This was haha funny during the primary season (Feb 6). If they don't get it try the NYTimes. Put the problem on record. There is an elephant in the room.

    The elephant is that the existing regime is organized around protecting the IPR lobby from boogiemen of their own invention. They invented the theory that trademark.tld (and trademark.co.cctld) existence dilutes the value of trademark, hence names-are-marks, bringing many happy dollars (10^^6 buys) into the registrar/registry system ($29-or-less/$6, resp., per gtld and some cctlds), and retarding new "gTLD" introductions, as each costs the IPR interests an additional $35 million annually.

    To solve their division of spoils problem, is "united.com" UAL or is it UA?, we had DRPs, which is now a UDRP, and more DRPs for lots of cctlds.

    These [U]DRPs take many,many,many,many units of 24x7. They were invented for the happy IPR campers, who care about _title_, not _function_. If the net went dark that would be fine with them to, so long as the right owners owned the right names.

    Restated, there is no applicable (as in "useful for a 24x7 no downtime claimant") law in the ICANN jurisdiction.

    And it is your own damn fault. Cooking up the DRPs took years of work by the concerned interests, and they were more concerned with enduring legal title then momentary loss of possession. During those years, interest in the DNSO side of ICANN by network operators went from some to zero, and at the Montevideo meeting the ISP and Business constituencies were so small they meet in a small room and only half the seats were taken. After that point they were effectively merged. IMHO, Marilyn Cade and Phillipe Shepard are the ISP/B Constituency, and they can't hear you (for all 24x7 operational values of "you").

    In case it isn't obvious, the "your own damn fault" refers to a much larger class of "you" than Alexis Rosen.

    [Oh, the same happy campers are why :43 is broken. They want perfect data at no cost and w/o restriction. Registrars don't want slamming, today's owie, and registrants don't want spam (which some ISPs do), so the whole :43 issue is a trainwreck of non-operational interests overriding operational interests. Registrars would be happy to pump :43 data to operators, if we could manage the abuse, instead we get knuckleheads who insist that spam would be solved forever if ...]

    There is a fundamental choice of jurisdictions question. Is ICANN the correct venue for ajudication, or is there another venue? This is what recourse to the "ask a real person" mechanism assumes, that talking to a human being is the better choice.

    Bill made this comment:

    > Since folks have been working on this for hours, and
    > according to posts on NANOG, both MelbourneIT and
    > Verisign refuse to do anything for days or weeks,
    > would it be a good time to take drastic action?
    >
    > Think of what we'd do about a larger ISP, or the
    > Well, or really any serious financial target.
    >
    > Think of the damage from harvesting logins and
    > mail passwords of panix users.

    You (collectively) are
    • Re:very insightful (Score:4, Informative)

      by rs79 ( 71822 ) <hostmaster@open-rsc.org> on Sunday January 16, 2005 @02:00PM (#11379747) Homepage
      "And it is your own damn fault. Cooking up the DRPs took years of work by the concerned interests, and they were more concerned with enduring legal title then momentary loss of possession. During those years, interest in the DNSO side of ICANN by network operators went from some to zero, and at the Montevideo meeting the ISP and Business constituencies were so small they meet in a small room and only half the seats were taken. After that point they were effectively merged. IMHO, Marilyn Cade and Phillipe Shepard are the ISP/B Constituency, and they can't hear you (for all 24x7 operational values of "you")."

      It's *our* fault? Nice try, Eric. I should fly halfway around the world 4X a year at 5 grand a pop to stay in the ICANN 4 or 5 star host-hotel so I get my 15 minutes of being ignored at the mcirophone? BTDT for a couple of years. Even if you think you scored a minor victory ICANN will, and has, quietly chaged the bylaws to circumvent that. Oh, but don't worry, as a membership organization, as dictated by the USG we can all vote on this. Oh that's right, that bit never happened even though ICANN's initial purpose was to only define the organizaion, get members then pass it off to the duly elected board. We still have the current IBM/Magaziner appointed board and the "members" don't exists.

      Lesse here, on one side we have the Intellectual Property wonks who ARE funded to fly to every meeting and are paid full time to lobby ICANN. Those buggers are everywhere, do not operate in the open and are anything but transparent. They work for companies with 3 letter names.

      On the other side we have "us" and "our funding" (hahahahah). We lose. Thanks for playing; tragedy of the commons.

      Interest in the DNSO and ICANN has waned because people are tired of beating their head against a brick wall till it's a bloody pulp; you can't begin to fight the behind the scenes back channel closed shenanigans the IP folks play, you don't even find out what they are till years later (cf the secret, thou shall not disclose meeting that IBM arranged with ICANN and NSI that Farber and Cerf attended that set this all in motion). They and they alone, as correctly pointed out, are and have always been the boogeymen behind virtually all troubles in the DNS today and have been since long before ICANN was a glint in Joe's eye.

      To paraphrase Mark Twain, "It's a good thing we don't get all the ICANN we pay for"

      Look what happened to Aurbach. ICANN see's openness as a fault and routes around it.
  • preventable (Score:3, Insightful)

    by john_uy ( 187459 ) on Sunday January 16, 2005 @10:49AM (#11378777)
    if we use dnssec. i read an article just this week about the integrity of the dns. initially, i thought that why would you need this type of implementation - here comes the reason. we can see it happen more. by using dnssec, in theory it should be able to "legitimize" dns requests and verify their authenticity before changes are being made to dns records. in this case, 3rd party will not be able to change the records because they will not have the private key from panix, for example.


    this technology is new but this type of scenarios should speed things up in making it a requirement for dns deployments.

  • Hello, NY Times? (Score:5, Interesting)

    by wytcld ( 179112 ) on Sunday January 16, 2005 @10:56AM (#11378806) Homepage
    Panix at least used to have a lot of users with jobs like "NY Times reporter" and "Wall Street technology analyst." This story needs to be amplified to the point where there's a total restructuring of the domain registration system, one which removes Network Solutions entirely from the business. Can we assume that Panix users will be doing their part to play this up in the mainstream media capital of America?
  • by Burdell ( 228580 ) on Sunday January 16, 2005 @11:49AM (#11379058)
    Panix thought that they had all of their domains in registrar-lock status. When they checked panix.net and panix.org after panix.com got swiped, they were no longer locked.

    However, this has nothing to do with them being locked or not. The registrar Panix uses is Dotster, and they show no record of panix.com being transferred. In other words, Verisign (who is in charge of all .com registrations) allowed a domain to be transferred to a different regsitrar without following the published procedures. Even if a domain is not locked, there is a notification and waiting period that was ignored. Somehow MelbourneIT and Verisign short-circuited the system (quite possibly an inside job at both).

    IIRC the .net control is up for renewal soon and other companies may bid to take it away from Verisign; let's hope that happens (my main domains are all .net).
  • by howardcohen ( 244367 ) on Sunday January 16, 2005 @01:31PM (#11379590)

    I *am* getting my panix.com mail by going to mail.panix.NET, and using their web-based mail client.

    By way of background, I've been a Panix user for more than a decade. They are classy, intelligent people, which sets them apart from most folks in their line of work.

  • This just in!!! (Score:5, Informative)

    by Anonymous Coward on Sunday January 16, 2005 @05:49PM (#11381166)
    (Posted by Ed Ravin [staff]) Sun, Jan 16 2005 -- 5:41 PM
    ----------------
    Recovery is underway from the panix.com domain hijack.

    The root name servers now have the correct information, as does the WHOIS registry. Portions of the Internet will still not be able to see panix.com until their name servers expire the false data. More info soon.

    -- Ed

One good suit is worth a thousand resumes.

Working...