What is WHOIS?
WHOIS (who is) is the aptly named Internet function that allows one to query remote databases for domain registration information. By performing a simple search, you can discover when and by whom a domain was registered, contact information, and more. A search can also reveal the name or network mapped to a numerical IP address. Originally, WHOIS searches were performed in a command line environment and took the form, [drive]:\>whois domain.com. Searches can still be performed from the command line, but Web interface tools now make it convenient to visit a website and simply enter the IP address or domain name.
In the case of a privately owned domain, the WHOIS database contains the full name, address, telephone number, and email address of the registered owner of the domain. If the domain is owned by a business, the company name, address, email, and telephone number are listed. There are also fields for a domain administrator, technical administrator, and other contacts. The expiration date of the registration period is also listed.
While the original purpose of the WHOIS database was to provide a directory for domain owners, the publicly available information opened the doors to mass spam and other abuses. The terms and conditions of these databases include a provision that the information revealed shall not be used for such purposes, but this has proven to be a rather anemic solution. To further discourage data miners, most WHOIS sites have implemented a script with a random graphic display of numbers or letters which the requester has to manually enter into a field. "Bots" or data scouring programs cannot read these graphic displays, disabling results from automated queries. Beyond precautions such as these, there is no real mechanism in place to catch, identify, or punish abusers of the information.
In 2004, the Internet Engineering Task Force (IETF) proposed a new protocol for handling WHOIS information. The new proposed protocol is termed Cross Registry Information Service Protocol (CRISP). The information is currently stored by different schemes and on various servers. The technical aspects of the protocol are outlined in RFC 954.
how does the "whois" help the attackers to do
reconnaissance on an institution before launching an attack?
Post your comments