Whois data compromised?

Mark Andrews marka at isc.org
Tue Jun 26 16:53:25 CDT 2012


In message <CADfGf67aMjhr+bSDo4kLpfzcyZJZw5bx0uscW_9sgrQ7rz6nsQ at mail.gmail.com>
, Eric Rosenberry writes:
> Not sure where this data got injected into the system (or who knows,
> perhaps it's a DNS injection attack or something), but this certainly is
> not right.  :-(

It's perfectly NORMAL.  Just the owners of SWINGINGCOMMUNITY.COM,
BEYONDWHOIS.COM, SHQIPHOST.COM, NASHHOST.NET and UNIMUNDI.COM playing
games.

It would just be nice if "single out" actually worked. :-)

Mark

% whois -h whois.internic.net =facebook.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Server Name: FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   IP Address: 69.41.185.229
   Registrar: TUCOWS.COM CO.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net

   Server Name: FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
   IP Address: 203.36.226.2
   Registrar: INSTRA CORPORATION PTY, LTD.
   Whois Server: whois.instra.net
   Referral URL: http://www.instra.com

   Server Name: FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM
   IP Address: 46.4.210.254
   Registrar: ONLINENIC, INC.
   Whois Server: whois.onlinenic.com
   Referral URL: http://www.OnlineNIC.com

   Server Name: FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET
   IP Address: 78.47.16.44
   Registrar: HETZNER ONLINE AG
   Whois Server: whois.your-server.de
   Referral URL: http://www.hetzner.de

   Server Name: FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
   IP Address: 209.126.190.70
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.PublicDomainRegistry.com

   Domain Name: FACEBOOK.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS3.FACEBOOK.COM
   Name Server: NS4.FACEBOOK.COM
   Name Server: NS5.FACEBOOK.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Status: serverDeleteProhibited
   Status: serverTransferProhibited
   Status: serverUpdateProhibited
   Updated Date: 25-apr-2012
   Creation Date: 29-mar-1997
>>> Last update of whois database: Tue, 26 Jun 2012 21:48:03 UTC <<<
 
	[notice snipped]
%
> Erics-MacBook-Pro-2:~ erosenbe$ whois -h whois.internic.net facebook.com
> 
> Whois Server Version 2.0
> 
> Domain names in the .com and .net domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
> 
> FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
> FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM
> FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET
> FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
> FACEBOOK.COM
> 
> To single out one record, look it up with "xxx", where xxx is one of the
> of the records displayed above. If the records are the same, look them up
> with "=xxx" to receive a full display for each record.
> 
> >>> Last update of whois database: Tue, 26 Jun 2012 21:42:13 UTC <<<
> 
> NOTICE: The expiration date displayed in this record is the date the
> registrar's sponsorship of the domain name registration in the registry is
> currently set to expire. This date does not necessarily reflect the
> expiration
> date of the domain name registrant's agreement with the sponsoring
> registrar.  Users may consult the sponsoring registrar's Whois database to
> view the registrar's reported date of expiration for this registration.
> 
> TERMS OF USE: You are not authorized to access or query our Whois
> database through the use of electronic processes that are high-volume and
> automated except as reasonably necessary to register domain names or
> modify existing registrations; the Data in VeriSign Global Registry
> Services' ("VeriSign") Whois database is provided by VeriSign for
> information purposes only, and to assist persons in obtaining information
> about or related to a domain name registration record. VeriSign does not
> guarantee its accuracy. By submitting a Whois query, you agree to abide
> by the following terms of use: You agree that you may use this Data only
> for lawful purposes and that under no circumstances will you use this Data
> to: (1) allow, enable, or otherwise support the transmission of mass
> unsolicited, commercial advertising or solicitations via e-mail, telephone,
> or facsimile; or (2) enable high volume, automated, electronic processes
> that apply to VeriSign (or its computer systems). The compilation,
> repackaging, dissemination or other use of this Data is expressly
> prohibited without the prior written consent of VeriSign. You agree not to
> use electronic processes that are automated and high-volume to access or
> query the Whois database except as reasonably necessary to register
> domain names or modify existing registrations. VeriSign reserves the right
> to restrict your access to the Whois database in its sole discretion to
> ensure
> operational stability.  VeriSign may restrict or terminate your access to
> the
> Whois database for failure to abide by these terms of use. VeriSign
> reserves the right to modify these terms at any time.
> 
> The Registry database contains ONLY .COM, .NET, .EDU domains and
> Registrars.
> Erics-MacBook-Pro-2:~ erosenbe$
> 
> 
> -- 
> *Eric Rosenberry*
> Sr. Infrastructure Architect // Chief Bit Plumber
> 
> Direct: 503.943.6763
> Mobile: 503.348.3625 // XMPP: eric.rosenberry at iovation.com
> *www.iovation.com* <http://www.iovation.com>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list