RE: [nznog] Re:Domain Name Scams
It is to be fair, incredibly simple to find out most of the information regarding the allocation of a domain. Just go to the main DomaiNZ page: www.domainz.net.nz and enter your (NZ) domain name into the search box on the left. After selecting OK, then a warning about not being able to use this information for any other purpose appears - and this warning automatically disappears after a few seconds anyway. After this, then all of the details for the queried domain appear! As the warning message automatically disappears, then the content of the warning is probably not legally enforceable anyway - you could have been looking away from your screen at that point! They should have a "Yes I've read the above agreement" checkbox before you can proceed... Possible ways that the scam has found out the contact info: - if you knew enough about HTML, ASP and VB, it would be simple enough to write a program that once every five seconds sent a request to the DomaiNZ webserver starting at "a.co.nz" and finishing at "zzzzzzz999.net.nz", to find out the information for the various domains - it would take a while though; - you could use an 'electronic dictionary' of words in order to cut down on the unlikely examples; - there is also probably an online listing somewhere, of all of the currently active companies in New Zealand, you could then just try "<company name>.co.nz" and "<company name>.net.nz". There are far too many ways that people could have done it. I'm not condoning what has happened and have not done so myself, I'm just trying to explain how easy it is to do so. I was hit with three renewals too... Paul Adshead Network and Systems Manager OTL Software Ltd www.otl.co.nz -----Original Message----- From: Juha Saarinen [mailto:juha(a)saarinen.org] Sent: Friday, 8 August 2003 13:04 To: PhoneNet Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Re:Domain Name Scams On Fri, 8 Aug 2003, PhoneNet wrote:
I have today received 5 letters from The Domain Registry of America, Melbourne (posted in UK) asking me to re-register some of my domains as they are due to expire - so they are at it also.
Got one here as well, and what bothers me is that although the domain in question is registered under my own name, the letter was addressed to my company, which doesn't appear in whois data anywhere. Somebody's been trawling... -- Juha Saarinen _______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Fri, 8 Aug 2003 18:18:43 +1200 , Paul Adshead <paul.adshead(a)otl.co.nz> wrote:
Possible ways that the scam has found out the contact info: - if you knew enough about HTML, ASP and VB, it would be simple enough to write a program that once every five seconds sent a request to the DomaiNZ webserver starting at "a.co.nz" and finishing at "zzzzzzz999.net.nz", to find out the information for the various domains - it would take a while though;
There are rate limiters on the whois to stop or minimise this. DPF -- Blog: http://www.kiwiblog.co.nz E-mail: david(a)farrar.com ICQ: 29964527 MSN: dpf666(a)hotmail.com
On Friday, August 08, 2003 7:40 PM [GMT+1200=NZT], DPF <david(a)farrar.com> wrote:
On Fri, 8 Aug 2003 18:18:43 +1200 , Paul Adshead <paul.adshead(a)otl.co.nz> wrote:
Possible ways that the scam has found out the contact info: - if you knew enough about HTML, ASP and VB, it would be simple enough to write a program that once every five seconds sent a request to the DomaiNZ webserver starting at "a.co.nz" and finishing at "zzzzzzz999.net.nz", to find out the information for the various domains - it would take a while though;
There are rate limiters on the whois to stop or minimise this.
That's lucky, because by my reckoning it would take about 762 million years to go through all the possible (37^10) permutations at one query every 5 seconds (and that's just for .co.nz!). I can't imagine a dictionary "attack" would be much more successful, as many domains aren't dictionary words to begin with, and rate limiting would make that slow as well (you could just query the name in DNS first to see if it is delegated and then get whois data later to bypass that somewhat though).
- there is also probably an online listing somewhere, of all of the currently active companies in New Zealand, you could then just try "<company name>.co.nz" and "<company name>.net.nz".
I am not sure if such a list exists, at least not in the public domain. The Companies Office allows you to search for a company, but that would be no more useful than the whois itself (except that it returns multiple results). In any case, I am sure there are examples out there where people are receiving these letters for domains with no relation to any company name. All of which begs the question, where is the list coming from? There must be a leak somewhere. -Simon
On Fri, 8 Aug 2003 20:42:28 +1200, "Simon Garner" <sgarner(a)expio.co.nz> wrote:
All of which begs the question, where is the list coming from? There must be a leak somewhere.
It may be multiple sources. Some may come from the old zone file from around 18 months ago before access was restricted, Some since then may have come from Mark Davies (very interesting) monthly listing of new domains, until he restricted access recently. DPF -- Blog: http://www.kiwiblog.co.nz E-mail: david(a)farrar.com ICQ: 29964527 MSN: dpf666(a)hotmail.com
Simon Garner wrote:
All of which begs the question, where is the list coming from? There must be a leak somewhere.
-Simon
Given the amount these people would be making on each transaction, half a dozen folk doing it manually will give enough grist for a good earner...
Adrian Stacey wrote:
Simon Garner wrote:
All of which begs the question, where is the list coming from? There must be a leak somewhere.
Given the amount these people would be making on each transaction, half a dozen folk doing it manually will give enough grist for a good earner...
Given the cost of snail mail delivery is about 50 cents per letter, they'd have to be getting a success rate of better than 1 per 500 letters sent, just to cover the printing and postage costs... Keith Davidson
participants (5)
-
Adrian Stacey -
DPF -
Keith Davidson -
Paul Adshead -
Simon Garner