Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

US .gov WHOIS Info Restricted Over Attacker Fears 178

An anonymous reader writes "VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
This discussion has been archived. No new comments can be posted.

US .gov WHOIS Info Restricted Over Attacker Fears

Comments Filter:
  • I see no problem with this since there are proper steps in place to ensure that only US Government facilities and institutions can get .gov addresses. The databases of normal .com/.net/.org and such are available as public info mainly to ensure you know what company or entity is behind the domain (at least, that's what we assume).

    So if they take them down, even to say it's for protection, are we losing a facility, really?
    • Yes - but this move just means they're getting paranoid - it's ineffective anyway. Either someone wants to reassure the general public that they'd doing something (however ineffectual) or Versign wants some press coverage on a slow news day.
      • Yes, it is insignificant, but the physical addresses of government facilities are available elsewhere, and simple lookups can get you the nameservers, etc.

        So just Verisign taking it offline isn't a problem, for whatever reason. We shouldn't be noting it as newsworthy, really.
    • So if they take them down, even to say it's for protection, are we losing a facility, really?

      Frankly, yes. It is an instance of the government taking away information that should be available to the public under the guise of "national security."

      And in the current climate, this is exactly the kind of thing we should be fighting against, with Ashcroft in power.

      Granted that this is a relatively minor instance, but it is one that is part of a much greater whole.

      The interests of "security" cannot supercede the interests of liberty.

      • It is an instance of the government taking away information that should be available to the public

        With all due respect, for what legitimate purpose would you need to know the IP address of a government computer? I understand that some people get scared when information that was once available is taken away, but let's not slide down the slippery slope.

      • I'd like to point out that the government's nic is still available, only Verisign, a non-government corporation, removed their database of .gov from public view.
    • by TobyWong ( 168498 ) on Saturday September 21, 2002 @12:49PM (#4303729)
      If you want to participare in a public network then they shouldn't be hiding whois information. Nobody is saying they can't run their own top secret nework (as I'm sure they already do to some degree) but participation in this giant public network involves some amount of conformance to standards.

      Any information that is so critical to national security shouldn't be on the internet in the first place.

    • "So if they take them down, even to say it's for protection, are we losing a facility, really?"

      So if you spot a network problem or have an issue with abuse(it's happened) comming from a .gov domain how do you contact the admims?
  • by DarkHelmet ( 120004 ) <mark@@@seventhcycle...net> on Saturday September 21, 2002 @08:06AM (#4302633) Homepage
    WhiteHouse.gov

    C/O George W. Bush
    1600 Pennsylvania Avenue
    Washington, DC.

    Yup, wouldn't want anyone to know where HE lives, do we?

  • by jea6 ( 117959 ) on Saturday September 21, 2002 @08:08AM (#4302639)
    If you need whois data for a ".gov" domain, go to the General Services Administration. [nic.gov]
  • Well (Score:5, Insightful)

    by Anonymous Coward on Saturday September 21, 2002 @08:10AM (#4302642)
    There shouldn't even be a .gov TLD.

    It should be .gov.us

    • I agree completely. .com has become an internationalized TLD but .gov shouldn't exist at all.
    • Re:Well (Score:5, Interesting)

      by IIRCAFAIKIANAL ( 572786 ) on Saturday September 21, 2002 @09:07AM (#4302763) Journal
      What, you mean the US should do it like the rest of us?

      www.theregister.co.uk [theregister.co.uk]

      www.hrdc-drhc.gc.ca [hrdc-drhc.gc.ca]

      But the USA is the Internet, right? That's why you have .gov, .com, and .net instead of .gov.us, .co.us, and .net.us

      It's always bugged me a bit, especially when companies in my country use .com instead of .ca - I always try .ca by default and many of them don't have the .ca even in use to point to the .com.

      I honestly don't know if there is even a TLD for the USA...
      • by BoomerSooner ( 308737 ) on Saturday September 21, 2002 @09:36AM (#4302852) Homepage Journal
        You damn pot smoking Californians need to realize CA is not a country (as much as you wish it were).

        Just because you somehow tricked the powers that be into making a .ca domain YOU HAVEN'T WON YET. I'm looking forward to .TX for Texas to leave the Union (and take GW with them).
      • The .us country-code domain is not organised by entity type except in some special cases way down into the heirarchy.

        First, there's a state code which uses the standard two-letter abbreviations for the states, then there's a 'region code' which will either be a city, region or large town. Under that people are free to register whatever they like, with some special cases.

        The special cases are 'state' for special state-running bodies (are they called 'state government'?) and then a 'k-12' domain under which schools are organised by their respective school district.

        The .us domain, then, is a lot more organised and distributed than most other countries, which is probably a good thing given its size. The RFC which proposed the organisation of the .us domain (whose number escapes me now -- try looking on the .us registry site [www.nic.us]) explains that they did not create .gov.us and similar because it would cause confusion, and that the US Federal Government alone would use .gov while state governments use .state.tx.us (or similar). At this stage in the game, moving the .gov domain to .gov.us would just cause a lot of problems as invalidating that many URLs en-masse is never a good idea.

        • The .us domain, then, is a lot more organised and distributed than most other countries, which is probably a good thing given its size.

          Well, it used to be. Now Neustar (the bozos of .BIZ) are running it, and selling off every name they can. For example, random.us is already registered [whois.us].

          The .us domain used to be one of the last sections of the DNS that used an actual hierarchical scheme, instead of the usual "let's reinvent the flat namespace" of so many other TLDs. Now, it's just another land rush. Sigh.

      • Re:Well (Score:5, Insightful)

        by Our Man In Redmond ( 63094 ) on Saturday September 21, 2002 @11:16AM (#4303254)
        If "TLD" means "Two Level Domain" yes there is. :)

        I don't know if you ever noticed, but postage stamps in every country in the world carry the name of that country somewhere on the stamp, except for one. Which one? The UK. Why? Because they were first with adhesive postage stamps as we now know them and started the tradition.

        I don't have any more of a problem with the US not having to tag .us onto its domain names than I do with the UK not putting its name on its postage stamps.
    • I agree, however I am sure in a beginning when the TLD's where designed, they didnt expect internet becoming what is right now.
    • Re:Well (Score:3, Insightful)

      by swillden ( 191260 )
      Given that the .gov.us paid for the development of the internet protocols, including DNS, I think it's not too unreasonable that they get a meaningless perk like having their own TLD.
    • Why do we still have TLD's mapped to country names? Do they serve any essential technical purpose?

    • Re:Well (Score:2, Insightful)

      by angelo ( 21182 )
      It drives me nuts. .gov and .mil used to belong to the us... I've heard that .mil is going onto Internet2 and is leaving Internet. That takes care of .mil. Now it is the time to retire .gov. Move it to .gov.us, and there will be one address to worry about hiding from terrorists.

      www.gov.us could be the central directory to states and federal goverment agencies. That such a site doesn't exist (it sorta does in firstgov, and some news sites, but that's difficult to remember) is rather sad.

      The whole point of this heirarchy would be to have a website on anything and everything in the government, and have that site name be obvious.

      And another thing.. try going to http://state.pa.us ... can't do it without the 'www.' because the dns entry doesn't exist or else has been aliased improperly. The www. should be considered optional at this point. Hell, even eBay has a problem with this.

      this era of stupid web architecture must end.
    • The British invented postage stamps, so they're the only country in the world that doesn't have to put their name on their stamps. You don't hear anyone complaining about this. It's a fair deal; they were the first so they get dibs.

      The international telephone prefix for the USA is 1, because we invented the telephone. Same deal here.

      So if you'd like your country to be the default for the next wave of communication technology, write your government officals encouraging them to invest in this sort of research so your country can beat the rest of the world to the punch.
      • The international telephone prefix for the USA is 1, because we invented the telephone. Same deal here.

        Not the same deal .. 1 is still a prefix.
    • Our government over here in the U.S. is completely bought and paid for by corporattions.
      Ergo the .gov is just another .com TLD if you consider this.
  • by The Fanta Menace ( 607612 ) on Saturday September 21, 2002 @08:12AM (#4302650) Homepage

    ...hide the contents of the websites too?

    Not much point hiding the whois information of a domain if its accompanying website tells the whole world who and where they are...


    • Not much point hiding the whois information of a domain if its accompanying website tells the whole world who and where they are...

      Generally the contents of a website don't list the DNS servers for that domain. Verisign has restricted access to .gov whois records in order to protect government DNS servers from denial-of-service attacks. Please read the article next time, even if it is poorly written.
      • frodo:$ dig whitehouse.gov soa

        ; > DiG 8.3 > whitehouse.gov soa
        ;; res options: init recurs defnam dnsrch
        ;; got answer:
        ;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
        ;; QUERY SECTION:
        ;; whitehouse.gov, type = SOA, class = IN

        ;; ANSWER SECTION:
        whitehouse.gov. 1D IN SOA eopc.eop.gov. postmaster.whitehouse.gov. (
        2002072201 ; serial
        15M ; refresh
        5M ; retry
        1W ; expiry
        2H ) ; minimum


        ;; Total query time: 476 msec
        ;; FROM: frodo to SERVER: default -- 127.0.0.1
        ;; WHEN: Sat Sep 21 15:10:23 2002
        ;; MSG SIZE sent: 32 rcvd: 88
        You know, if you hide the root servers DNS stops working, don't you?!
    • Not much point hiding the whois information of a domain if its accompanying website tells the whole world who and where they are...

      Does the web site typically list the name, address and phone number of the individual responsible for the site?

      • It did say "internet attacks". There's not much point knowing the name and address of the person running a website if you're going to attack them over the net...

        Basically, it all sounds a little pointless to me. Security via obscurity.

    • They're not hiding the whois information, they're hiding the zone file, which contains just two bits of information for each domain:

      What the names of their nameservers are
      What the IPs of their nameservers are

      You can still look this up via DNS, but it takes much, much longer.
      • You can still look this up via DNS, but it takes much, much longer.

        Maybe I'm not understanding this correctly, but I think a script that does a dig on the domains would be a lot faster than manually looking each up in a whois.. Or the same amount of time as writing a script to run the whois. Someone please explain to me what I'm missing?
        • VeriSign used to release the actual zone file, on an ftp site. You sign a document basically saying, "I'm not a spammer or that sort of thing", and they give you an account on the ftp site. You can go there and download the entire zone file in bulk.

          Now, they've removed the .gov entries from that zone file.

          You can still get that information by querying each domain, either through DNS or whois. But that takes much, much longer.
  • by shri ( 17709 ) <shriramc@nOspam.gmail.com> on Saturday September 21, 2002 @08:20AM (#4302663) Homepage
    I think they should restrict access to the .gov DNS records also. Would go a long way in making the .gov net a whole lot more secure. :)
  • by Nijika ( 525558 ) on Saturday September 21, 2002 @08:21AM (#4302667) Homepage Journal
    It had to be a matter of public record anyway, right? I don't see what this solves. I think the old term "Security throught obscurity" applies here. That term has also been trampled on time and again because it just doesn't work. Hide information via one source, get all confident that you're safe, and then get surprised when you're actually not.

    Is there anyone out there who can explain what this accomplishes really? I'm seriously asking because I might be missing something.
    • The term security through obscurity is a pretty good maxim to use though. I used to connect to the internet using an Amiga - using yet another mailer as an e-mail client. As a result I was immune to all the PC and Mac viruses. In fact in a few years online - I never came across one Amiga virus. However you're right - this is just a token gesture and accomplishes nothing.
    • "Security through obscurity" applies here. That term has also been trampled on time and again because it just doesn't work.

      Well, it's better than spoon-feeding it to them isn't it? I'm sure any threat to our govt sites already has that information anyway. The only way to really make this even half work is for every govt agency to associate new IP address to their sites.

      But whatever! Give them a break folks (not just this poster, but there is a lot of bashing going on here with this). Be glad they are doing something. We would all be bitching if they just sat around and did nothing. We are all well aware that the govt is trying to tighten up electronic security on every front. This is probably just a very tiny puzzle piece to homeland security. If all the techo-geeks here know better, then go ahead and right them your idea for a more digitally secure govt. They love white papers and case studies.
    • isnt there some logic to the idea that obscurity is a nice addition the great security?

      i mean, i can put on my bulletproof vest, make sure i have body guards... but what about the not eating at the same place every day. doesnt that help make it harder to kill me too?

      i think patterns make you predictable, and obvious ecurioty patterns dont help.... and its easy to implement isnt it?

  • I'm sure somewhere out on the Internet (Google.com comes to mind) the information is cached. How many times has information been available after lawsuits, infringements, and a range of other problems? How often are people able to get their email addresses of spam lists once it starts? I'm not going to be the one to post this information, but it's just something to think about...
  • by Anonymous Coward on Saturday September 21, 2002 @08:25AM (#4302673)
    While I think the intent is admirable, the net effect might be somewhat frustrating. For example, how are we supposed to get contact info if say a governement group's DNS goes south? Or maybe just a portions of it? what about entities that have been misapportioned? (Good example is the City of Albuquerque, NM [cabq.gov].)

    The quote that I found interesting is: "Also removed from the FTP site was the zone file for in-addr.arpa, which is used for reverse-DNS lookups (when somebody wants to find out what domain is associated with an IP address, rather than the other way around)." So is this a prelude for them to stop supporting rev. DNS? If it does stop, are they really aware of the potential consequences? (Stopped email, blocked access, etc.) What about who to contact and how to contact them about possible network outages?

    Things like this might seem like a good idea at the time, but can (and do) lead to other problems. I am in favor of security as much as the next guy, but half though-out moves like this don't help.

    -D.

    P.S. I wonder if they are going to stop publishing things like the white pages (online or even the print edition)? Hey they do have government entity addresses and phone numbers?
    • but if you cant rev. DNS how are you
      suposed to know whos DOSing you..
      hmmm wonder why theyed want to stop
      that..
      • No one is blocking PTR records, they're just not giving out the entire in-addr zone so you can see all of the NS delegations (which you could quickly grep for .gov, etc). Interesting thing is that there are no .GOV NS for in-addr zones, so it's a mute point, but there are plenty of .MIL.

        Futher, PTR records can be completely false, and the real useful data for finding a bad host is often found in ARIN/RIPE/APNIC local IP Registry database.

        However, the in-addr zone is still online (but .gov is not):
        ftp://ftp.rs.internic.net/domain/inaddr.zon e.gz
  • by Charles Dodgeson ( 248492 ) <jeffrey@goldmark.org> on Saturday September 21, 2002 @08:26AM (#4302678) Homepage Journal
    I wonder whether .gov will find itself listed in on rfc-ignorant [rfc-ignorant.org] for this.
    • They already should have benn listed there. From whois.rfc-ignorant.org listing policy :

      Domains are listed in the whois.rfc-ignorant.org zone based on meeting any of the following criteria:
      • a phone number of "555-1212";
      • an address of 1060 W. Addison, Chicago (for any organization other than the Chicago Cubs);
      • an address of 1600 Pennsylvania Ave, Washington DC;
  • The FAQ? (Score:3, Interesting)

    by Anonymous Coward on Saturday September 21, 2002 @08:33AM (#4302695)
    I guess the FAQ needs to be changed at whois.nic.gov:
    What is WHOIS?

    The .GOV WHOIS database is a tool that provides users with the ability to lookup records in the registrar database. Using WHOIS, you can search for people, name servers, and domains. From a UNIX system, you can use the -h option to point to the .GOV WHOIS server, nic.gov. For example, to find out about gsa.gov, use the following command: "WHOIS -h nic.gov gsa.gov".

    (posted anonymously to avoid karma-whoring)

  • why do they even try? everything but the contact info must remain available to actually use the resources; and then there are a million sources out there for the contact info.

    Non-authoritative answer:
    Name: whitehouse.gov
    Address: 198.137.240.92

    whois -h whois.arin.net 198.137.240.92

    OrgName: Executive Office Of The President USA
    OrgID: EXOP

    NetRange: 198.137.240.0 - 198.137.241.255
    CIDR: 198.137.240.0/23
    NetName: NETBLK-EOPNET-C
    NetHandle: NET-198-137-240-0-1
    Parent: NET-198-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNSAUTH1.SYS.GTEI.NET
    NameServer: DNSAUTH2.SYS.GTEI.NET
    NameServer: DNSAUTH3.SYS.GTEI.NET
    Comment:
    RegDate: 1993-05-21
    Updated: 2000-12-27

    TechHandle: WDR1-ARIN
    TechName: Reynolds, William
    TechPhone: +1-202-395-6975
    TechEmail: william_d._reynolds@oa.eop.gov

    # ARIN Whois database, last updated 2002-09-20 19:05
    # Enter ? for additional hints on searching ARIN's Whois database.
  • by ShaggusMacHaggis ( 178339 ) on Saturday September 21, 2002 @08:36AM (#4302701) Homepage
    I work for the government, and we had to remove the directions to our office from our website. Didn't quite understand this..since we have our address on our website and all you need is something like mapquest to get directions. Makes no sense.
    • You know, I stopped trying to make sense out of state and federeal government rules, I just follow them. We have a federal law that says where I work (at college) has to have a paper copy of everything even though it's all on the college's database. We have HUGE files that hold all of that stuff, yet each record is probably only 2-5 meg max for each student.

  • Maybe they should restrict access to the .COM domain as well, to prevent spam attacks.

  • Exactly what it has to do to prevent attacks, hide.
    Its stupid.
  • Why now? (Score:3, Interesting)

    by Ctrl-Z ( 28806 ) <tim@timco l e m a n . c om> on Saturday September 21, 2002 @09:09AM (#4302775) Homepage Journal

    So, I read the attached article, and I understand what Verisign is doing. My question is: why? What is the motivation behind them blocking access to these whois records?

    I agree with the article in saying "It seems so logical to take that .gov WHOIS info offline that you have to wonder why it wasn't done last year. After all, who really needs to do WHOIS look ups on government sites except hackers, mail spammers that are harvesting government email addresses and fearful folks who like checking where the IP's of mysterious visitors to their web sites originate from...". But then why are they doing this now? Has Verisign been motivated by the government?

    Actually, why do we have whois records for any domain?
    • Re:Why now? (Score:3, Informative)

      by zenyu ( 248067 )
      Actually, why do we have whois records for any domain?

      To catch hackers.

      When someone breaks into a a computer on your network, calling the owner of the domain can help you find the bastard. Or stop him in his tracks if he picks up the phone. You could probably get the same info by figuring out the ISP from their IP address or the route, then calling the ISP. This is probably even more accurate, but directness is good. Esp if the computer you see is just the first hop along the way to the bastard.
      • When someone breaks into a a computer on your network, calling the owner of the domain can help you find the bastard.

        When someone breaks into a computer on your network, you can't tell what his domain name is, only his IP address.

        • It would have been better to say, "To find the owner of the netblock." That's the important info anyway, for tracking folks down. ARIN/RIPE/APNIC WHOIS hold this info.

          Domain WHOIS is really only useful for researching forward resolving information.
  • I bet this is just an excuse to get them off the radar to avoid the spammers snagging email addresses from the database.
  • however IIRC, when you do a whois for apple.com using the nettool (the program under utillities) in os X, it returns
    "apple.is.the.choice.for.every.self.respecing.te rrorist.com"

    At least it worked in 10.1

  • So what if they stop access to .gov. I want to know when I'm going to stop getting deceiving snail mail from places like Register.com who deceptively try to get me to swtich my domain over to them with a bogus "RENEW NOW" notice.
  • Only shows how dumb some in the U.S. government/VeriSign are. On an aside, read up on the SAIC (they own a stake in VeriSign last I checked). Interesting. Anyways, many U.S. government sites rely on .COM, .NET, .ORG, and other TLDs as well for their operation so not sure how restricting only .GOV zone access does much really...

    And anyways restricting zone file access doesn't work - domain speculators and others have for years basically compiled their own for other TLDs such as .COM - and since .GOV contains relatively few entries compared to the likes of .COM, the task of assembling much of the zone from the outside is quite trivial.

    I'm sure idiots already are trading the .GOV zone files on irc for porn, etc or maybe even trying to sell it like they do with email addresses.

    Off-topic ramble: It's sad to say, but it very much appears the terrorists are winning or some even argue already have won. Various people over the years used to warn that Americans could lose their freedoms quicker than they ever imagined - it's now happening; more detention camps are being constructed with vastly larger ones out on bid from my understanding - why would such large detention camps be needed? There aren't that many terrorists...unless the U.S. government now considers Americans terrorists...wait they already have...enemy combatants...and now the standard has been further lowered...query the .GOV zone without authorization and you too are a terrorist...better delete dig, whois, ping, right now!! :-;

    Ron
  • Doesnt matter, its probably all morrored on Google anyways.
  • This is pathetic... security through obscurity? If you live in constant fear of the infinite possibilities then the terrorists have already won. Besides, if the government would pay for decent systems and good sys admins, this wouldn't be a problem... well at least not to the extent where we would have to hide their IP's and stuff. That's just pathetic.
  • It is important that our government be even more unreachable with the citizens of this country. Who wants to hear from whiney citizens anyhow - besides they obviously are dangerous!

    I think we should move the fences further out from the white house so that you need binoculars to see it.

    I think we should close down streets around government buildings for a half mile around, and make security such an intrusion and frustrating experience no one will want to visit their lawmakers.

    I think they should make snail mail even slower and have it sitting around for weeks at a time in some postal facility and then simply ignore email sent to them.

    Then the lawmakers and executors of the law can live peacefully doing what ever they want irregardless of the citizens of the country.
  • by Tom ( 822 )
    After all, who really needs to do WHOIS look ups on government sites

    How every sysadmin on the globe who would like to tell you that there's a problem with your servers, routers or users? Whois tells me who to contact (and sometimes, if it's a live attack, abuse@whoever.tld just doesn't cut it).

    Maybe I should just firewall .gov - after all, if they are too afraid to post harmless whois info, everyone with a clear mind should stay out of the blast radius.
  • by Anonymous Coward
    You can still download the .gov zone file here [internic.net]

    (11:45am EDT Saturday 21-Sep-2002)

  • Bad headline (Score:3, Interesting)

    by Mike Schiraldi ( 18296 ) on Saturday September 21, 2002 @11:01AM (#4303192) Homepage Journal
    If you read the article, you'll see that this has nothing to do with WHOIS (which contains information on the name, address, etc of the person who owns the domain). It's about the DNS zone file, which looks something like this:
    slashdot.org. NS NS1.OSDN.COM.
    slashdot.org. NS NS2.OSDN.COM.
    slashdot.org. NS NS3.OSDN.COM.
    NS1.OSDN.COM. A 64.28.67.51
    NS2.OSDN.COM. A 209.192.217.106
    NS3.OSDN.COM. A 64.28.67.53
    That's all it contains for each domain -- the names and addresses of their DNS servers. Nothing more.
  • VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks.

    Meanwhile, the government is trying to pass a law [loc.gov] making it illegal for us to do the same thing.

  • So the government is worried about attacks. What about the rest of us who hate putting out personal information in the whois database? Although it's easy enough to falsify, why should I have to?
  • "Hey look at us, we're patriotic (idiots)!"
  • So we as individuals have to provide and have our info available but large goverments that represent the public and are more than able to defend themselfs unlike an individual who relies upon said goverments; are able to do this and hide. Security thru obscurity does not work and only goes to lend an air of arragance about the whole issue. If there is a problem fix the problem not hide it away - but there again this is the paracetamol/asprin generation and when the brain goes I'm tired or hungry or get this crap outa my system we go - naaaa go away pill time. So narrow minded that they seem to have a longterm goal of it :-/
  • Id love to have mine restricted. i had to get a sepreate PO box just to avoid the flood of spam US mail i got when i first registred my domain years and years ago..

    I asked and was told NO.. phfft.
    • It's as simple as listing a bogus address (real street and zip, tho, in case they cross reference it).

      Better yet, list your registry's address so they can see all the lovely spam you get.

      Standard thing I do at Rat Shack, etc., when they ask for my address. I just look at a business card on the desk and give them the info from there.
  • I don't know about the rest of you people, but what the heck does the government have online that's all that important to begin with? Tax forms?

    It would seen to me that if someone wanted to attack us, they'd try to hit Microsoft. The majority of the computers out there have their os loaded... so it would make sense to try something that could affect as many systems as possible.

    I also take offense to the fact that us "little people" are still left out the the open while the government saves its' own ass. If the whois info is so revealing, then they should just block it completely.

  • If anyone has a mirror of this data perhaps they could run a whowas server.

    -
  • by Anonymous Coward
    This article is almost totally inaccurate. The
    whois data for .gov has not been managed by
    verisign for at least several years, it is maintained by nic.gov, and is still very much available on www.nic.gov.

    It's the actual DNS zonesfiles that have been taken offline. These used to be available via FTP from ftp.internic.net. The .com/.net/.org ones used to be available too, and I actually have copies of them from when they were available; but they were taken offline perhaps as long ago as 5 years? These are still available, but you have to enter into a contractual agreement with ICANN rather than them being available via FTP. It's a shame these were taken away as they made an excellent seed data for search engines and that was probably their most common use.

    The problem is that they also make great seed material for `bad' search engines such as spam collectors or security scanners.

    The .gov, and .edu and in-addr.arpa zones continued to be made available via FTP up until just now.

    Interestingly ftp.ripe.net (the european version of arin) still makes the in-addr.arpa zone available for all the IPs that they manage.

    This while issue has absolutly nothing to do with whois information or address/contact information. The zonesfiles that were removed do not contain anything other than domain names and the nameservers that control them.

    The only reason for doing this is to make it slightly harder for search engines/scanners to get good seed data.

    Personally I think this is a pointless thing to do. It raises the bar to finding information high enough to annoy legitimate information collection for use by good search engines but does little to stop a determinated attacker or in any way improve security.

    It's trivially easy to get seed data from search engines like google, just make a script that searches for .gov and then feed that into a security scanner instead.
  • I would not need whois to find an address where to land hijacked jet. Maybe I can review local Yellow Pages (if its not against the U. S. law to export Yellow Pages) or use other useful tools [msn.com] .
  • Given the atrocious inaccuracy of VeriSign WHOIS info (have you ever tried to get them to change a phone number?), and the tendency of Goverment info to be even less accurate, on the average, than civilian counterparts, I'd say that this is a net gain for the hackers.

    They won't waste so much time on false leads.

  • US government being set to the moon, and having no connection to the outside world for security?

    Or, maybe, we should send 3 parties - the government, the terrorists, and then the rest of us?
  • As it is, myself and several others I know who handle domains have gotten emails from a company asking us to "renew" our domain. Further reading into this shows that the company sending the letter had no relation to the company from which the original domain was bought (though the word "renew" indicates a renew of the original "contract", scamming buggers). I figure that they go out looking for expiring domains and use WHOIS to find the billing contact to send their crapmail to. Being as there are many potentially more malicous uses for this, perhaps hiding the WHOIS isn't such a bad idea in some cases.

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN

Working...