Internic Security

I just got off the phone with Internic after a very disturbing
discovery. I received a call from a client asking why their
Administrative/Techinical/Zone contact was someone they had never seen
before. When checking it, it seemed like somehow this person had been
put on many of our registered domains. Upon closer inspection, I
realized that the NIC Handle was the same; it was just who owned it that
was different.
   Somehow, the Internic Handle was overwritten. This was our CEOs
handle (MP122) and it was on EVERY single domain we owned. I was
somewhat surprised that such a basic service as registering NIC Handles
could be overwritten. Well, I just got another call from a client asking
close to the same thing. This time, upon inspection, it seems our VPs
handle was overwritten - and by our closest competitor!
   Everytime I've called the Internic about this matter (with the
exception of one time) I have gotten excellent service, but no answer on
how this happened or if they can ensure it won't happen again. Does
anyone else out there have their NIC Handles overwritten? Does anyone
know the security procedure they use to guard the Handles? I can
understand the first time it happening to us, but the second time? I
really need some statistics on how often this happens so I can determine
if I should be paranoid or no. :wink:

Yes, we've had this happen. If you have *ever* given out a pre-filled-out
form with just the NIC handle entered in your tech contact field, and someone
fills in specifics in that tech contact section, it'll CHANGE your/the tech
contact's NIC record.

We used to give people forms, but now we tell them to send requests to, and then we send them the form, review it when they
send it back, and submit it to the NIC ourselves.

The guardian project should be in place soon, and that will (hopefully) save
us from these problems...

It's even more fun when someone reprograms your name server IP entries...



Sr Internet Engineer
Mikrotec Internet Services