Slashdot Mirror

← Back to Stories (view on slashdot.org)

US .gov WHOIS Info Restricted Over Attacker Fears

Posted by ryuzaki0 on from the paranoia-strikes-again dept.

An anonymous reader writes "VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."

9 of 178 comments (clear)

  1. Talk about a non-news item... by jea6 · · Score: 5, Informative

    If you need whois data for a ".gov" domain, go to the General Services Administration.

    --

    sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
  2. Re: and another by 56ker · · Score: 2, Informative

    Yet another place you can get whois data on .gov domains - Network Tools.

    --


    Video Game cheats, hints a
  3. Had to remove directions from website as well by ShaggusMacHaggis · · Score: 3, Informative

    I work for the government, and we had to remove the directions to our office from our website. Didn't quite understand this..since we have our address on our website and all you need is something like mapquest to get directions. Makes no sense.

  4. Structure of the .us domain by Nurgled · · Score: 2, Informative

    The .us country-code domain is not organised by entity type except in some special cases way down into the heirarchy.

    First, there's a state code which uses the standard two-letter abbreviations for the states, then there's a 'region code' which will either be a city, region or large town. Under that people are free to register whatever they like, with some special cases.

    The special cases are 'state' for special state-running bodies (are they called 'state government'?) and then a 'k-12' domain under which schools are organised by their respective school district.

    The .us domain, then, is a lot more organised and distributed than most other countries, which is probably a good thing given its size. The RFC which proposed the organisation of the .us domain (whose number escapes me now -- try looking on the .us registry site) explains that they did not create .gov.us and similar because it would cause confusion, and that the US Federal Government alone would use .gov while state governments use .state.tx.us (or similar). At this stage in the game, moving the .gov domain to .gov.us would just cause a lot of problems as invalidating that many URLs en-masse is never a good idea.

  5. Re:Why now? by zenyu · · Score: 3, Informative

    Actually, why do we have whois records for any domain?

    To catch hackers.

    When someone breaks into a a computer on your network, calling the owner of the domain can help you find the bastard. Or stop him in his tracks if he picks up the phone. You could probably get the same info by figuring out the ISP from their IP address or the route, then calling the ISP. This is probably even more accurate, but directness is good. Esp if the computer you see is just the first hop along the way to the bastard.

  6. .gov zone file available here by Anonymous Coward · · Score: 1, Informative
    You can still download the .gov zone file here

    (11:45am EDT Saturday 21-Sep-2002)

  7. Re:Are they going to... by Mike+Schiraldi · · Score: 3, Informative

    They're not hiding the whois information, they're hiding the zone file, which contains just two bits of information for each domain:

    What the names of their nameservers are
    What the IPs of their nameservers are

    You can still look this up via DNS, but it takes much, much longer.

    --

    --
    Mod up a post Rob doesn't like and you'll never mod again

  8. The **ZONEFILES** have been restricted, NOT WHOIS! by Anonymous Coward · · Score: 1, Informative

    This article is almost totally inaccurate. The
    whois data for .gov has not been managed by
    verisign for at least several years, it is maintained by nic.gov, and is still very much available on www.nic.gov.

    It's the actual DNS zonesfiles that have been taken offline. These used to be available via FTP from ftp.internic.net. The .com/.net/.org ones used to be available too, and I actually have copies of them from when they were available; but they were taken offline perhaps as long ago as 5 years? These are still available, but you have to enter into a contractual agreement with ICANN rather than them being available via FTP. It's a shame these were taken away as they made an excellent seed data for search engines and that was probably their most common use.

    The problem is that they also make great seed material for `bad' search engines such as spam collectors or security scanners.

    The .gov, and .edu and in-addr.arpa zones continued to be made available via FTP up until just now.

    Interestingly ftp.ripe.net (the european version of arin) still makes the in-addr.arpa zone available for all the IPs that they manage.

    This while issue has absolutly nothing to do with whois information or address/contact information. The zonesfiles that were removed do not contain anything other than domain names and the nameservers that control them.

    The only reason for doing this is to make it slightly harder for search engines/scanners to get good seed data.

    Personally I think this is a pointless thing to do. It raises the bar to finding information high enough to annoy legitimate information collection for use by good search engines but does little to stop a determinated attacker or in any way improve security.

    It's trivially easy to get seed data from search engines like google, just make a script that searches for .gov and then feed that into a security scanner instead.

  9. Re:I see no problem with this... by DragonMagic · · Score: 3, Informative

    I'd like to point out that the government's nic is still available, only Verisign, a non-government corporation, removed their database of .gov from public view.

    --

    Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield