funsec mailing list archives
"domain name front running"
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Wed, 24 Oct 2007 16:50:59 -0400
It's when you check the availability of a domain, find it's not taken, go back in a day or two to register it, and it's taken. Probably by some shady outfit like (in the case of my tests) Chesterton Holdings. ICANN calls it "domain name front running" (http://www.icann.org/committees/security/sac022.pdf). Last year when I wrote about it (http://www.eweek.com/article2/0,1759,1991365,00.asp) I called it "whois hijacking" ICANN has heard reports of it, and while they're not sure there's anything there, they agree that there is a perception there. Got that? I know what I saw, so I know it can happen. I'm still not sure how this is being done, but I think it's in small enough numbers that it's probably being done through pinpoint compromises of servers here and there involved in "Is this domain name available" web form. Could be the web server, could be the DNS, could be some app server. Either that or someone is selling the whois logs under the table. I should also say I've gotten reports of this phenomenon from lots of people who used many different services to check domain availability. I never spoke to anyone who uses a command line whois talking to internic.net, but that's not what most people do. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blogs.eweek.com/cheap_hack/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "domain name front running" Larry Seltzer (Oct 24)
- Re: "domain name front running" crazy frog crazy frog (Oct 24)
- Re: "domain name front running" silky (Oct 24)
- Re: "domain name front running" crazy frog crazy frog (Oct 24)