Whois data compromised?
Mark Andrews
marka at isc.org
Tue Jun 26 21:53:25 UTC 2012
In message <CADfGf67aMjhr+bSDo4kLpfzcyZJZw5bx0uscW_9sgrQ7rz6nsQ at mail.gmail.com>
, Eric Rosenberry writes:
> Not sure where this data got injected into the system (or who knows,
> perhaps it's a DNS injection attack or something), but this certainly is
> not right. :-(
It's perfectly NORMAL. Just the owners of SWINGINGCOMMUNITY.COM,
BEYONDWHOIS.COM, SHQIPHOST.COM, NASHHOST.NET and UNIMUNDI.COM playing
games.
It would just be nice if "single out" actually worked. :-)
Mark
% whois -h whois.internic.net =facebook.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.229
Registrar: TUCOWS.COM CO.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Server Name: FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: INSTRA CORPORATION PTY, LTD.
Whois Server: whois.instra.net
Referral URL: http://www.instra.com
Server Name: FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM
IP Address: 46.4.210.254
Registrar: ONLINENIC, INC.
Whois Server: whois.onlinenic.com
Referral URL: http://www.OnlineNIC.com
Server Name: FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET
IP Address: 78.47.16.44
Registrar: HETZNER ONLINE AG
Whois Server: whois.your-server.de
Referral URL: http://www.hetzner.de
Server Name: FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
IP Address: 209.126.190.70
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Domain Name: FACEBOOK.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS3.FACEBOOK.COM
Name Server: NS4.FACEBOOK.COM
Name Server: NS5.FACEBOOK.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 25-apr-2012
Creation Date: 29-mar-1997
>>> Last update of whois database: Tue, 26 Jun 2012 21:48:03 UTC <<<
[notice snipped]
%
> Erics-MacBook-Pro-2:~ erosenbe$ whois -h whois.internic.net facebook.com
>
> Whois Server Version 2.0
>
> Domain names in the .com and .net domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
> FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM
> FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET
> FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
> FACEBOOK.COM
>
> To single out one record, look it up with "xxx", where xxx is one of the
> of the records displayed above. If the records are the same, look them up
> with "=xxx" to receive a full display for each record.
>
> >>> Last update of whois database: Tue, 26 Jun 2012 21:42:13 UTC <<<
>
> NOTICE: The expiration date displayed in this record is the date the
> registrar's sponsorship of the domain name registration in the registry is
> currently set to expire. This date does not necessarily reflect the
> expiration
> date of the domain name registrant's agreement with the sponsoring
> registrar. Users may consult the sponsoring registrar's Whois database to
> view the registrar's reported date of expiration for this registration.
>
> TERMS OF USE: You are not authorized to access or query our Whois
> database through the use of electronic processes that are high-volume and
> automated except as reasonably necessary to register domain names or
> modify existing registrations; the Data in VeriSign Global Registry
> Services' ("VeriSign") Whois database is provided by VeriSign for
> information purposes only, and to assist persons in obtaining information
> about or related to a domain name registration record. VeriSign does not
> guarantee its accuracy. By submitting a Whois query, you agree to abide
> by the following terms of use: You agree that you may use this Data only
> for lawful purposes and that under no circumstances will you use this Data
> to: (1) allow, enable, or otherwise support the transmission of mass
> unsolicited, commercial advertising or solicitations via e-mail, telephone,
> or facsimile; or (2) enable high volume, automated, electronic processes
> that apply to VeriSign (or its computer systems). The compilation,
> repackaging, dissemination or other use of this Data is expressly
> prohibited without the prior written consent of VeriSign. You agree not to
> use electronic processes that are automated and high-volume to access or
> query the Whois database except as reasonably necessary to register
> domain names or modify existing registrations. VeriSign reserves the right
> to restrict your access to the Whois database in its sole discretion to
> ensure
> operational stability. VeriSign may restrict or terminate your access to
> the
> Whois database for failure to abide by these terms of use. VeriSign
> reserves the right to modify these terms at any time.
>
> The Registry database contains ONLY .COM, .NET, .EDU domains and
> Registrars.
> Erics-MacBook-Pro-2:~ erosenbe$
>
>
> --
> *Eric Rosenberry*
> Sr. Infrastructure Architect // Chief Bit Plumber
>
> Direct: 503.943.6763
> Mobile: 503.348.3625 // XMPP: eric.rosenberry at iovation.com
> *www.iovation.com* <http://www.iovation.com>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list