the panix hijacking and icann's transfer policy

Marc Schneiders marc at SCHNEIDERS.ORG
Tue Jan 18 17:31:49 CET 2005


I would suggest we wait a bit. As far as I understand it, panix.com
was not locked. I have my domains under "registrar lock", which means
you have to unlock it yourself before it can be transferred. I suggest
all domain name holders who read this, check whether their domain or
domains are under registrar lock. You can see this in whois.

For more recently registered domains registrar lock is usually
automatically applied, unless you undo it yourself. For older domains,
registered in the time before there were registrars, when there was
only NetSol, this is probably not true.

Again: Let us wait a bit. I think the the evaluation of the new
transfer policy is on the agenda of the Names Council soon.

Marc Schneiders
Council Rep

On Tue, 18 Jan 2005, at 10:56 [=GMT-0500], Harold Feld wrote:

> I would suggest that the Consticuency send a formal request to ICANN to
> make an inquiry into how this happened. We should circulate the request to
> the other consticuencies to see if they will join us in asking for such an
> inquiry.
>
> This is both intolerable and frightening.  Even if no one is at fault, it
> is imperative for ICANN, as the organization charged with technical
> stability of the Internet.  To investigate what happened and determine
> what, if anything, should be done to prevent recurrence.
>
> Harold Feld
>
> At 04:19 PM 1/17/2005, Frannie Wellings wrote:
> >[Important:  "...As Panix offers shell access from anywhere, the
> >person or people who hijacked could theoretically have collected the
> >usernames and passwords of those who logged in during the period when
> >the domain was hijacked..."  Still not a lot of news coverage about
> >the Panix incident, but I thought this was quite a good article.]
> >
> >New York ISP's domain hijacked
> >By Sam Varghese
> >January 17, 2005
> >http://www.theage.com.au/news/Breaking/New-York-ISPs-domain-hijacked/2005/01/17/1105810810053.html?oneclick=true
> >
> >The domain name of Panix, the oldest commercial internet service
> >provider in New York, was hijacked on Friday evening US time and the
> >company is in the process of recovering the same.
> >
> >In a statement on its website, the company said the ownership of
> >panix.com was moved to a company in Australia, the actual DNS records
> >were moved to a company in the United Kingdom, and panix.com's mail
> >has been redirected to yet another company in Canada.
> >
> >The Australian company, MelbourneIT, "has reverted the domain back to
> >us, and the global internet registry and domain name servers are now
> >showing the correct information," Panix said.
> >
> >"However, due to the distributed nature of the internet domain name
> >system, it will take four to 24 more hours before the false data from
> >the hijacking expires and is discarded by the various name servers."
> >
> >As Panix offers shell access from anywhere, the person or people who
> >hijacked could theoretically have collected the usernames and
> >passwords of those who logged in during the period when the domain
> >was hijacked, according to one post to the mailing list of the North
> >American Network Operators Group.
> >
> >The panix.com domain was registered with Dotster. According to
> >postings to the NANOG mailing list, Panix contacted Verisign which
> >serves as the definitive registry for .com and .net domain names.
> >
> >However, Verisign replied that there was little it could do to
> >rectify the situation. "If necessary, Dotster (or Melbourne) is more
> >than welcome to contact us to obtain the specific details as to when
> >the notices were sent and other historical information about the
> >transfer itself," a customer service representative replied to Panix.
> >
> >"Dotster can file a Request for Enforcement if Melbourne IT contends
> >that the request was legitimate and we will review the dispute and
> >respond accordingly. Dotster can also contact Melbourne directly and
> >if they come to an agreement that the transfer was fraudulent they
> >can file a Request for Reinstatement and the domain would be
> >reinstated to its original Registrar," the Verisign customer service
> >representative wrote.
> >
> >"Dotster could submit a normal transfer request to Melbourne IT for
> >the domain name and hope that Melbourne IT agrees to transfer the
> >name back to them outside of a dispute having been filed. In order to
> >expedite processing the transfer or submitting a Request for
> >Reinstatement however Dotster will need to contact Melbourne IT
> >directly. If Dotster is unable to get in touch with anyone at
> >Melbourne IT we can assist them directly if necessary."
> >
> >In the interim, Panix set up a panix.net domain for its subscribers
> >to utilise as a temporary solution.
> >
> >Several network admins who posted to the NANOG list were critical of
> >Melbourne IT, claiming that the company was slow to react to the
> >situation.
> >
> >However Theo Hnarakis, chief executive officer and managing director
> >of the company, denied Melbourne IT had been slow to act. "Alex Rosen
> >contacted me at midday Sunday and within 24 hours we ascertained that
> >his complaint was genuine and transferred the domain back," he said.
> >
> >"I indicated to Alex that it would take some time to ascertain the
> >autenticity of the charge and that we would act as soon as possible."
> >
> >Hnarakis said a transfer could not be done until procedures were gone
> >through to ascertain whether the complaint was genuine.
> >
> >"We ourselves were not involved in the transfer of panix.com; it was
> >done by one of our authorised resellers. We are now trying to
> >ascertain the how and why of things and as soon as we have a clear
> >picture we will be able to provide more details publicly if the other
> >parties involved have no objection," he said.
> >
> >In a posting to the NANOG list, Melbourne IT's chief technology
> >officer Bruce Tonkin said: "We are... investigating the chain of
> >events that led to the problem in the first place. This will take
> >longer, due to the various timezones and parties involved. In this
> >case one of the parties was an ISP in the United Kingdom, which is a
> >reseller of Melbourne IT."
> >
> >New rules for transferring domains came into effect on November 12
> >and under these rules requests for transferring a domain are
> >automatically approved in five days unless they are denied by the
> >owner of the domain.
> >
> >However in the case of Panix, this does not appear to be the case.
> >
> >According to the old rules, the ownership of a domain and the
> >nameservers allotted stayed as such if a request for a transfer
> >evoked no response.
> >
> >Shortly before the rules took effect, the network services provider
> >Netcraft had warned that domain owner who did not manage their
> >records carefully would face problems under the new regime.
> >
> >If the contact addresses given in the records were incorrect then a
> >request for transfer would go to a wrong address and after five days
> >of no response, the transfer would become effective, it said.
> >
> >No reply becomes the equivalent of saying "yes" to a transfer
> >request, according to the new ICANN policy. ICANN recently put up a
> >page seeking public comment on experiences with inter-registrar
> >transfer.
> >--
> >
> >~~~
> >Frannie Wellings
> >Policy Fellow, the Electronic Privacy Information Center   ~
> >http://www.epic.org
> >Director, The Public Voice    ~   http://www.thepublicvoice.org
> >
> >1718 Connecticut Ave. N.W., Suite 200
> >Washington, D.C.  20009
> >USA
> >
> >wellings at epic.org
> >
> >+1 202 483 1140 x 107 (telephone)
> >+1 202 483 1248 (fax)
> >~~~
>


More information about the Ncuc-discuss mailing list