Subject: A brief report on the hijacking
Date: Mon, Jan 17 2005 -- 2:31 AM
Posted by: Alexis Rosen
This is a (relatively) brief statement about the hijacking and return of
the panix.com domain name. In the days and weeks to come, we'll have more
to say, but at the moment, we need to continue to work on finding the
perpetrators, or else catching up on missed sleep. (That's a lot of
catching up!)
The domain was transferred by parties unknown. It took effect around 4-4:30
AM EST Friday night/Saturday morning. The incorrect data was replaced by
correct data shortly after 6PM EST Sunday evening, by the new registrar.
The domain will be transferred back to the old registrar soon, but this is
no longer urgent.
Neither the hijacking or the return were under Panix's control. That is,
they involved the manipulation of third parties (Dotster, MelbourneIT, and
Verisign) that control the use of domain names on the Internet, and which
neither Panix nor any other ISP controls.
The effect of the transfer was simple: the name "panix.com", and any name
ending in ".panix.com", pointed to servers that did not belong to Panix.
That meant that all services provided using the panix.com name failed, and
mail to panix.com was accepted by the bogus servers, then bounced as
undeliverable. Sometime on Saturday, however, the bogus mail servers
became unavailable. So a lot of mail sent after that time will be (or has
already been) delivered.
Customers with their own domain names were generally unaffected by this
problem, with the notable exception of some web service customers. The
problems they experienced were due to use "behind the scenes" of the
panix.com name in the delivery of their service. This was fixed well
before the domain was returned to us, as we changed our service to use
"panix.net" instead.
The effects of the hijacking were not immediately apparent to everyone,
because of the effect of "DNS caching". It takes up to 24 hours for DNS
changes to become visible (depending on how recently, before the change,
that name was used). So the failure wasn't noticed by some people for up
to 24 hours after it started, and similarly, it will take until about
6:15PM EST on Monday for the fix to affect everyone.
This hijacking involved multiple felonies here and abroad. Many members of
law enforcement agencies in the US and at least three other countries have
already been involved. We hope to catch the perpetrators, just as we caught
the last person to attack Panix (several years ago). For obvious reasons,
we can't discuss the investigation.
Because of the scope of the problems caused by this hijacking, we may not
be able to respond to each individual customer query (either by email or
in the newsgroups) as well as we'd like to. We'll try to answer the
questions as best we can, but we may resort to mailing back a "FAQ"
(Frequently Asked Questions) sheet. I also recommend that Panix customers
refer to the "panix.questions" newsgroup, which contains lots of questions
and quite a few answers, though in a somewhat chaotic format.
Please be patient if we don't respond to your mail instantly. It's been
an incredibly difficult weekend, and the next few days are going to be only
marginally less so.
As always, I'd like to thank the many customers and friends who sent in
expressions of loyalty and support (even financial support!).
Alexis Rosen
| |
