On Fri, Jan 14, 2000 at 10:26:44AM -0500, "BUGTRAQat_private" <BUGTRAQat_private> wrote: > > This confims what I always thought; that there was a unique number in > the response that was needed for the ACK. True. If the domain is setup to require ACK before transferring. Many (most?) are setup to send the confirm email after the modify request is processed - by the time the contact actually reads their mail the modify may have gone thru to the root servers, and the domain may be in the hands of someone else. I really don't know what happens if you can double-transfer a domain before NSI receives back a NAK response to a confirm email. Spoofing mail from a contact is something I've done regularly in the past when customers leave an ISP and can no longer send/receive mail from/to the contact address, but want to transfer their domain to my servers. It's fairly trivial, and I suspect common practice amongst ISPs who can be bothered - many just say "transfer it yourself, let us know when it's done", avoiding the whole issue. I haven't done it to maliciously transfer a domain, only for the actual domain owner, but there's nothing really stopping anyone from sending in a request. Which is why most of my personal domains use CRYPT-PW as their Guardian setting instead of MAIL-FROM. :) Admittedly trivial to find out if anyone got ahold of my sent-mail folder or intercepted a request, but it's a small step up. Bryan -- Bryan Fullerton http://www.samurai.com/ Core Competency Samurai Consulting Can you feel the Ohmu call?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:26 PDT