ARIN Database
Kim Hubbard
kimh at arin.net
Sun Feb 13 20:37:45 EST 2000
Over the last week, an individual faked mail headers and
successfully changed the email addresses on the POC records
associated with a handful of Class A records in ARIN's database.
After successfully modifying the POC records, he modified the
inverse mapping servers listed on those Class A network records.
Once identified, corrections were made to the records in question.
We have spoken with the individual who appeared to have made the
unauthorized changes, however, he claims to have been hacked himself
and is not responsible for submitting the bogus modification requests.
He said his mailboxes looked fake and utmp entries had been tampered
with on his machine.
Prior to this incident, the ARIN engineering staff had been looking
into adding security mechanisms to our database. We would like to
invite the community to discuss possible security mechanisms that may
be implemented using the following mailing list:
Database Implementation Working Group
dbwg at arin.net
To join this mailing list, visit http://www.arin.net/members/mailing.htm
This mailing list is open to the public.
Regards,
American Registry for Internet Numbers (ARIN)
More information about the ARIN-announce
mailing list