Security - eWeek

Home

Security

Page 2 - Whois Hijacking My Domain Research?

	LATEST STORIES
	- The Risks In Wildcard Certificates - FCC Likely to Recommend Unlicensed Spectrum ... - Enterprise 2.0 Software to Take Hard Hits Am... - Intel, AMD Earnings to Offer Guidance on PC,... - Apple Releases Mega Patch Security Update

	BEST OF THE BLOGOSPHERE
	iPhone's Mediocre Battery Life Still Beats Rivals The Android Developer Revolt Google Feels Developers' Pain Nokia Launches Location-Aware Chat Client Parallel Processing Transforming Enterprise Computing

	eWEEK EDITORIAL CALENDAR
	For a list of what eWEEK is covering this year, go to our editorial calendar.


	Killing Botnets: A View From the Trenches from McAfee Using Security Compliance Software to Improve Business Efficiency and Reduce Costs from Symantec Using Web Conferencing to Ensure Successful Enterprise Application Deployment from WebEx Communications See All White Papers >


	Security Solutions Build a Successful Security Strategy As enterprises enable remote workers, promote collaborative tools and increase interdependence on global business partners, security challenges grow. Get up to speed on effective strategies, best practices and tools to keep data, clients, servers and mobile devices safe from threats. Join us on Sept. 17 for this interactive Virtual Tradeshow as industry experts, authorities and your peers share the information you need to build a solid security foundation. Register Now!

Enterprise Uses of Social Networks

In and Off the Cloud

Benioff on Platform Development

Most Disruptive Companies Part 3

What Can Green Do For You?

Whois Hijacking My Domain Research?

By Larry Seltzer
2006-07-19

Article Views: 8992
Article Rating:

/ 4

Table of Contents:

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Whois Hijacking My Domain Research? - ' Whois Stealing My Whois'
( Page 2 of 2 )

?">

At this point, its worth saying a little about the process of checking a domain. There is a protocol and software called Whois, which is used for querying the databases of domain names, ultimately maintained for each top-level domain (or TLD, such as .com, .org, etc.) by the "registry" for that TLD. Verisign maintains the registry for the .com and .net TLDs.

Whois used to be exclusively a UNIX-based command-line affair, but these days most people get their whois information from web-based interfaces which perform the whois query on the back-end. My favorite service is Completewhois. When hosting services like web.com tell you that a domain is or is not available they first perform a whois query in order to determine if it is.

"Domain Tasting" is the hot new business for domain abusers. Click here to read more.

Theres a lot wrong with whois. For example, anyone can set up a whois server, theres no master list of them, and different servers return data in different formats.

And when a hosting service, APLus.net for example, performs a back-end whois, its impossible to tell exactly what they are doing and to whom they are talking.

Anyway, my next step in testing was to go to the four hosting services meta-searched by CNet and search them directly with new domain names also picked out of thin air. Two days later they havent been taken.

At this point I have to say I dont know exactly whats happening, but something fishy is going on. With a whole lot more testing, I think I could figure out the source of Chestertons domain name feed, but I decided it was time to get the story out first.

The reader who brought all this to my attention called aplus.net, which told her that Chesterton Holdings monitors whois requests, and thats how they learn which domains to register.

This would be a great explanation if it were possible, as a general matter. But its not generally possible to monitor whois requests.

Here is whats possible, based on what I know:

CNet, or someone at CNet, could be passing the requests on to Chesterton. I dont believe this for a second.
One of the hosting services that CNet is checking with (and there could be more than they indicate) could be passing data on to Chesterton. This seems unlikely to me.
Chesterton could have compromised one of the servers involved in the process, for instance the whois server used by one of the hosting services. This seems possible to me. There are a number of other hacking techniques, DNS cache poisoning for example, that could indirectly give Chesterton access to data from these queries.
Verisign could be passing the data on to Chesterton. I dont believe this, either.

Ive been in touch with CNet about this matter as I have investigated it. They dont really have an explanation, nor would I expect them to if their meta-search was doing what it was supposed to do. I also attempted to contact Chesterton, without success.

Even though Ive speculated on possibilities that are more or less likely than others, I dont think Im close to a definitive explanation. All I really know is that theres no legitimate way to do what Chesterton Holdings is doing, and I hope they finally get called for it.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at larryseltzer@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

	Discuss Whois Hijacking My Domain Research?

	It is really bad. How can networksolutions play this game??? now I understand why...

	I've spent close to a year building a large complex site in PHP/MYSQL. I had all my...

	How did you check for domain availability? It matters.

	>>> Post your comment now!



	>>> More Security Articles >>> More By Larry Seltzer

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM

Sep 8, 12 p.m. ET
Leveraging Information to Address the Challenges of Today's Unique Economic Environment with Joel Shore. Sponsored by IBM

Sep 9, 1 p.m. ET
Create an Effective SOA Quality Management Strategy with Web 2.0 with Joel Shore. Sponsored by HP

Sep 9, 2 p.m. ET
The New Age of Video Surveillance with Salvatore Salamone. Sponsored by Overland Storage

Sep 10, 12 p.m. ET
Virtualization, Automation and Databases with Joel Shore. Sponsored by Parallels

Sep 10, 1 p.m. ET
Disk-Based Data Protection: iSCSI SAN and Intelligent Data with Aaron Goldberg. Sponsored by Dell EqualLogic & Symantec

Sep 10, 2 p.m. ET
Top Ten Challenges with On-Premise Email Management with Michael Krieger. Sponsored by Dell MessageOne

Sep 11, 2 p.m. ET
Tracking IT Assets with RFID: Time, Money and Accuracy Savings with Aaron Goldberg. Sponsored by CDW

Sep 11, 4 p.m. ET
Reliable: What the True Meaning of Data Protection Should Be with Michael Krieger. Sponsored by InMage

More Upcoming Events!

FEATURED CONTENT

ALL MFPs SORT PAGES.
THIS ONE SORTS YOUR OFFICE.

Visit hp.com/go/6040 for more information!

MOST READ SECURITY STORIES
PAST 30 DAYS

1 - Sarah Palin Hack an Example of Password Recovery Backfire (47065)
2 - Security Hole in Adobe Flash Allows Free Amazon Movie Downloads (13860)
3 - Mark Russinovich on the Future of Security (11360)
4 - How to Really Delete Data for Absolutely Sure (11226)
5 - Sarah Palin's Private E-Mail Reportedly Hacked by Activists (9598)
6 - Still Overflowing After All These Years (9173)
7 - Malware Poses as iPhone Game (8749)
8 - HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data (8466)
9 - Former Intel Employee Accused of Stealing Corporate Data Points Up Insider Threat (8428)
10 - Microsoft Beefs Up Security Development Lifecycle (7708)

Videos Sponsored by:

EWEEK E-MAIL NEWSLETTERS bring you reliable, timely information to stay on top of the business of technology -- and technology in business -- and get more out of the Web. Make your choices and start your subscriptions today!

EWEEK RSS NEWS FEEDS contain a daily feed of our latest stories from over 30 different categories including Enterprise Apps, Business Intelligence, Security, VOIP and more!

Subscribe to our RSS feeds today for free...

	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Security Network Security Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos eWeek Magazine Subscriptions Enterprise Websites: ZDE Home Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 1 hosted by Hostway.