Slashdot Mirror
US .gov WHOIS Info Restricted Over Attacker Fears
An anonymous reader writes "VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
I see no problem with this since there are proper steps in place to ensure that only US Government facilities and institutions can get .gov addresses. The databases of normal .com/.net/.org and such are available as public info mainly to ensure you know what company or entity is behind the domain (at least, that's what we assume).
So if they take them down, even to say it's for protection, are we losing a facility, really?
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
C/O George W. Bush
1600 Pennsylvania Avenue
Washington, DC.
Yup, wouldn't want anyone to know where HE lives, do we?
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
If you need whois data for a ".gov" domain, go to the General Services Administration.
sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
There shouldn't even be a .gov TLD.
.gov.us
It should be
...hide the contents of the websites too?
Not much point hiding the whois information of a domain if its accompanying website tells the whole world who and where they are...
-- Even if a god did exist, why the fsck should I worship it?
Don't say that too loudly - the *terrorists* might hear you! ;o)
Video Game cheats, hints a
Yet another place you can get whois data on .gov domains - Network Tools.
Video Game cheats, hints a
I think they should restrict access to the .gov DNS records also. Would go a long way in making the .gov net a whole lot more secure. :)
It had to be a matter of public record anyway, right? I don't see what this solves. I think the old term "Security throught obscurity" applies here. That term has also been trampled on time and again because it just doesn't work. Hide information via one source, get all confident that you're safe, and then get surprised when you're actually not.
Is there anyone out there who can explain what this accomplishes really? I'm seriously asking because I might be missing something.
Luck favors the prepared, darling.
I'm sure somewhere out on the Internet (Google.com comes to mind) the information is cached. How many times has information been available after lawsuits, infringements, and a range of other problems? How often are people able to get their email addresses of spam lists once it starts? I'm not going to be the one to post this information, but it's just something to think about...
While I think the intent is admirable, the net effect might be somewhat frustrating. For example, how are we supposed to get contact info if say a governement group's DNS goes south? Or maybe just a portions of it? what about entities that have been misapportioned? (Good example is the City of Albuquerque, NM.)
The quote that I found interesting is: "Also removed from the FTP site was the zone file for in-addr.arpa, which is used for reverse-DNS lookups (when somebody wants to find out what domain is associated with an IP address, rather than the other way around)." So is this a prelude for them to stop supporting rev. DNS? If it does stop, are they really aware of the potential consequences? (Stopped email, blocked access, etc.) What about who to contact and how to contact them about possible network outages?
Things like this might seem like a good idea at the time, but can (and do) lead to other problems. I am in favor of security as much as the next guy, but half though-out moves like this don't help.
-D.
P.S. I wonder if they are going to stop publishing things like the white pages (online or even the print edition)? Hey they do have government entity addresses and phone numbers?
I wonder whether .gov will find itself listed in
on rfc-ignorant
for this.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
The term security through obscurity is a pretty good maxim to use though. I used to connect to the internet using an Amiga - using yet another mailer as an e-mail client. As a result I was immune to all the PC and Mac viruses. In fact in a few years online - I never came across one Amiga virus. However you're right - this is just a token gesture and accomplishes nothing.
Video Game cheats, hints a
Believe me, if there was some way to get Bush to STFU about his stupid Iraq-invading obsession, we would.
Does anyone in the US have the slightest interest in (a) invading Iraq or (b) using the "War on Terror" momentum up on Iraq, which had nothing the hell to do with Sept. 11th at all?
May we never see th
What is WHOIS?
The .GOV WHOIS database is a tool that provides users with the ability to lookup records in the registrar database. Using WHOIS, you can search for people, name servers, and domains. From a UNIX system, you can use the -h option to point to the .GOV WHOIS server, nic.gov. For example, to find out about gsa.gov, use the following command: "WHOIS -h nic.gov gsa.gov".
(posted anonymously to avoid karma-whoring)
why do they even try? everything but the contact info must remain available to actually use the resources; and then there are a million sources out there for the contact info.
Non-authoritative answer:
Name: whitehouse.gov
Address: 198.137.240.92
whois -h whois.arin.net 198.137.240.92
OrgName: Executive Office Of The President USA
OrgID: EXOP
NetRange: 198.137.240.0 - 198.137.241.255
CIDR: 198.137.240.0/23
NetName: NETBLK-EOPNET-C
NetHandle: NET-198-137-240-0-1
Parent: NET-198-0-0-0-0
NetType: Direct Allocation
NameServer: DNSAUTH1.SYS.GTEI.NET
NameServer: DNSAUTH2.SYS.GTEI.NET
NameServer: DNSAUTH3.SYS.GTEI.NET
Comment:
RegDate: 1993-05-21
Updated: 2000-12-27
TechHandle: WDR1-ARIN
TechName: Reynolds, William
TechPhone: +1-202-395-6975
TechEmail: william_d._reynolds@oa.eop.gov
# ARIN Whois database, last updated 2002-09-20 19:05
# Enter ? for additional hints on searching ARIN's Whois database.
May this post be indexed by spiders, and archived for all to see as my Internet epitaph.
I work for the government, and we had to remove the directions to our office from our website. Didn't quite understand this..since we have our address on our website and all you need is something like mapquest to get directions. Makes no sense.
"Security through obscurity" applies here. That term has also been trampled on time and again because it just doesn't work.
Well, it's better than spoon-feeding it to them isn't it? I'm sure any threat to our govt sites already has that information anyway. The only way to really make this even half work is for every govt agency to associate new IP address to their sites.
But whatever! Give them a break folks (not just this poster, but there is a lot of bashing going on here with this). Be glad they are doing something. We would all be bitching if they just sat around and did nothing. We are all well aware that the govt is trying to tighten up electronic security on every front. This is probably just a very tiny puzzle piece to homeland security. If all the techo-geeks here know better, then go ahead and right them your idea for a more digitally secure govt. They love white papers and case studies.
I'd be more glad if they were doing something that had some hope of being effective.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
Maybe they should restrict access to the
Eric Sink
Software Craftsman
Exactly what it has to do to prevent attacks, hide.
Its stupid.
So, I read the attached article, and I understand what Verisign is doing. My question is: why? What is the motivation behind them blocking access to these whois records?
I agree with the article in saying "It seems so logical to take that
Actually, why do we have whois records for any domain?
www.timcoleman.com is a total waste of your time. Never go there.
frodo:$ dig whitehouse.gov soa
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; whitehouse.gov, type = SOA, class = IN
;; ANSWER SECTION:
;; Total query time: 476 msec
;; FROM: frodo to SERVER: default -- 127.0.0.1
;; WHEN: Sat Sep 21 15:10:23 2002
;; MSG SIZE sent: 32 rcvd: 88
; > DiG 8.3 > whitehouse.gov soa
whitehouse.gov. 1D IN SOA eopc.eop.gov. postmaster.whitehouse.gov. (
2002072201 ; serial
15M ; refresh
5M ; retry
1W ; expiry
2H ) ; minimum
You know, if you hide the root servers DNS stops working, don't you?!
If at first you don't succeed, skydiving is not for you
I don't think that's "security through obscurity", rather "security through incompatibility".
I bet this is just an excuse to get them off the radar to avoid the spammers snagging email addresses from the database.
You damn pot smoking Californians need to realize CA is not a country (as much as you wish it were).
.ca domain YOU HAVEN'T WON YET. I'm looking forward to .TX for Texas to leave the Union (and take GW with them).
Just because you somehow tricked the powers that be into making a
The .us country-code domain is not organised by entity type except in some special cases way down into the heirarchy.
First, there's a state code which uses the standard two-letter abbreviations for the states, then there's a 'region code' which will either be a city, region or large town. Under that people are free to register whatever they like, with some special cases.
The special cases are 'state' for special state-running bodies (are they called 'state government'?) and then a 'k-12' domain under which schools are organised by their respective school district.
The .us domain, then, is a lot more organised and distributed than most other countries, which is probably a good thing given its size. The RFC which proposed the organisation of the .us domain (whose number escapes me now -- try looking on the .us registry site) explains that they did not create .gov.us and similar because it would cause confusion, and that the US Federal Government alone would use .gov while state governments use .state.tx.us (or similar). At this stage in the game, moving the .gov domain to .gov.us would just cause a lot of problems as invalidating that many URLs en-masse is never a good idea.
Actually if you'd actually used e-mail clients and browsers on the Amiga (which I doubt you have) I think you'll find they're compatible with pretty much every website and mail server. You can be running an obscure browser ie Opera on the PC and run into more problems. Like Opera the browsers on the Amiga (IBrowse, Voyager, AWeb) allow you to spoof more popular browsers for webpages that can only be viewed by a particular type of browser.
Video Game cheats, hints a
"apple.is.the.choice.for.every.self.respecing.t
At least it worked in 10.1
So what if they stop access to .gov. I want to know when I'm going to stop getting deceiving snail mail from places like Register.com who deceptively try to get me to swtich my domain over to them with a bogus "RENEW NOW" notice.
...All I can say is that my life is pretty strange...
Only shows how dumb some in the U.S. government/VeriSign are. On an aside, read up on the SAIC (they own a stake in VeriSign last I checked). Interesting. Anyways, many U.S. government sites rely on .COM, .NET, .ORG, and other TLDs as well for their operation so not sure how restricting only .GOV zone access does much really...
.COM - and since .GOV contains relatively few entries compared to the likes of .COM, the task of assembling much of the zone from the outside is quite trivial.
.GOV zone files on irc for porn, etc or maybe even trying to sell it like they do with email addresses.
.GOV zone without authorization and you too are a terrorist...better delete dig, whois, ping, right now!! :-;
And anyways restricting zone file access doesn't work - domain speculators and others have for years basically compiled their own for other TLDs such as
I'm sure idiots already are trading the
Off-topic ramble: It's sad to say, but it very much appears the terrorists are winning or some even argue already have won. Various people over the years used to warn that Americans could lose their freedoms quicker than they ever imagined - it's now happening; more detention camps are being constructed with vastly larger ones out on bid from my understanding - why would such large detention camps be needed? There aren't that many terrorists...unless the U.S. government now considers Americans terrorists...wait they already have...enemy combatants...and now the standard has been further lowered...query the
Ron
He means "incompatibility" as in Amiga can't run VBScript or compiled Win32 binaries. So that "annakournikova.jpg.exe" that you just received can't actually run on your machine. And Amiga mail clients aren't Outlook (duh?) so they don't have all the buffer overflows that Outlook has.
Liberty in your lifetime
Why do we still have TLD's mapped to country names? Do they serve any essential technical purpose?
-- Slashdot: When Public Access TV Says "No"
Doesnt matter, its probably all morrored on Google anyways.
adventure-today.com
This is pathetic... security through obscurity? If you live in constant fear of the infinite possibilities then the terrorists have already won. Besides, if the government would pay for decent systems and good sys admins, this wouldn't be a problem... well at least not to the extent where we would have to hide their IP's and stuff. That's just pathetic.
This is my sig. There are many like it but this one is mine.
It is important that our government be even more unreachable with the citizens of this country. Who wants to hear from whiney citizens anyhow - besides they obviously are dangerous!
I think we should move the fences further out from the white house so that you need binoculars to see it.
I think we should close down streets around government buildings for a half mile around, and make security such an intrusion and frustrating experience no one will want to visit their lawmakers.
I think they should make snail mail even slower and have it sitting around for weeks at a time in some postal facility and then simply ignore email sent to them.
Then the lawmakers and executors of the law can live peacefully doing what ever they want irregardless of the citizens of the country.
After all, who really needs to do WHOIS look ups on government sites
.gov - after all, if they are too afraid to post harmless whois info, everyone with a clear mind should stay out of the blast radius.
How every sysadmin on the globe who would like to tell you that there's a problem with your servers, routers or users? Whois tells me who to contact (and sometimes, if it's a live attack, abuse@whoever.tld just doesn't cut it).
Maybe I should just firewall
Assorted stuff I do sometimes: Lemuria.org
(11:45am EDT Saturday 21-Sep-2002)
It's not like Bush actually ever does real work! It's on perma-vacation a couple hours away from me.
--
Mod up a post Rob doesn't like and you'll never mod again
VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks.
Meanwhile, the government is trying to pass a law making it illegal for us to do the same thing.
So the government is worried about attacks. What about the rest of us who hate putting out personal information in the whois database? Although it's easy enough to falsify, why should I have to?
I wonder if they get paid as much as the NY Mets? They're certainly winning more games.
"Hey look at us, we're patriotic (idiots)!"
isnt there some logic to the idea that obscurity is a nice addition the great security?
i mean, i can put on my bulletproof vest, make sure i have body guards... but what about the not eating at the same place every day. doesnt that help make it harder to kill me too?
i think patterns make you predictable, and obvious ecurioty patterns dont help.... and its easy to implement isnt it?
There's nothing Intelligent about Intelligent Design.
So we as individuals have to provide and have our info available but large goverments that represent the public and are more than able to defend themselfs unlike an individual who relies upon said goverments; are able to do this and hide. Security thru obscurity does not work and only goes to lend an air of arragance about the whole issue. If there is a problem fix the problem not hide it away - but there again this is the paracetamol/asprin generation and when the brain goes I'm tired or hungry or get this crap outa my system we go - naaaa go away pill time. So narrow minded that they seem to have a longterm goal of it :-/
If you want to participare in a public network then they shouldn't be hiding whois information. Nobody is saying they can't run their own top secret nework (as I'm sure they already do to some degree) but participation in this giant public network involves some amount of conformance to standards.
Any information that is so critical to national security shouldn't be on the internet in the first place.
- Toby
Id love to have mine restricted. i had to get a sepreate PO box just to avoid the flood of spam US mail i got when i first registred my domain years and years ago..
I asked and was told NO.. phfft.
---- Booth was a patriot ----
It would seen to me that if someone wanted to attack us, they'd try to hit Microsoft. The majority of the computers out there have their os loaded... so it would make sense to try something that could affect as many systems as possible.
I also take offense to the fact that us "little people" are still left out the the open while the government saves its' own ass. If the whois info is so revealing, then they should just block it completely.
If anyone has a mirror of this data perhaps they could run a whowas server.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Our government over here in the U.S. is completely bought and paid for by corporattions. .gov is just another .com TLD if you consider this.
Ergo the
This article is almost totally inaccurate. The .gov has not been managed by
.com/.net/.org ones used to be available too, and I actually have copies of them from when they were available; but they were taken offline perhaps as long ago as 5 years? These are still available, but you have to enter into a contractual agreement with ICANN rather than them being available via FTP. It's a shame these were taken away as they made an excellent seed data for search engines and that was probably their most common use.
.gov, and .edu and in-addr.arpa zones continued to be made available via FTP up until just now.
.gov and then feed that into a security scanner instead.
whois data for
verisign for at least several years, it is maintained by nic.gov, and is still very much available on www.nic.gov.
It's the actual DNS zonesfiles that have been taken offline. These used to be available via FTP from ftp.internic.net. The
The problem is that they also make great seed material for `bad' search engines such as spam collectors or security scanners.
The
Interestingly ftp.ripe.net (the european version of arin) still makes the in-addr.arpa zone available for all the IPs that they manage.
This while issue has absolutly nothing to do with whois information or address/contact information. The zonesfiles that were removed do not contain anything other than domain names and the nameservers that control them.
The only reason for doing this is to make it slightly harder for search engines/scanners to get good seed data.
Personally I think this is a pointless thing to do. It raises the bar to finding information high enough to annoy legitimate information collection for use by good search engines but does little to stop a determinated attacker or in any way improve security.
It's trivially easy to get seed data from search engines like google, just make a script that searches for
I would not need whois to find an address where to land hijacked jet. Maybe I can review local Yellow Pages (if its not against the U. S. law to export Yellow Pages) or use other useful tools .
They won't waste so much time on false leads.
The Web is like Usenet, but
the elephants are untrained.
It's as simple as listing a bogus address (real street and zip, tho, in case they cross reference it).
Better yet, list your registry's address so they can see all the lovely spam you get.
Standard thing I do at Rat Shack, etc., when they ask for my address. I just look at a business card on the desk and give them the info from there.
I think the catch-phrase is security enhanced through obscurity. This is generally a good deterrant against lazy script kiddies who'll target anyone, but against someone who has you lined up in their sights and doesn't care about anyone else, it doesn't do much.
US government being set to the moon, and having no connection to the outside world for security?
Or, maybe, we should send 3 parties - the government, the terrorists, and then the rest of us?
So bite me, and your piss-poor Troll mod. Now *this* is flamebait. (for your information)
So now when a .gov domain comes in I can't verify it. That means when an attack comes in that purports to be from the .GOV TLD I can just assume it is spoofed and block the whole address block that ARIN associates with it. Right.
.gov TLD is the same as saying we don't care about your security, only our security. However, if we can't verify, isn't the correct solution to route around or isolate the problem area.
I would hope a more sane approach would be to provide sufficient information to say that yes it is a valid domain, and to have the sense to have a common contact procedure for problems. The whole point of "whois" is to help maintain the security of the network, turning off whois for the
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
As it is, myself and several others I know who handle domains have gotten emails from a company asking us to "renew" our domain. Further reading into this shows that the company sending the letter had no relation to the company from which the original domain was bought (though the word "renew" indicates a renew of the original "contract", scamming buggers). I figure that they go out looking for expiring domains and use WHOIS to find the billing contact to send their crapmail to. Being as there are many potentially more malicous uses for this, perhaps hiding the WHOIS isn't such a bad idea in some cases.
Actually they could but under emulation. Anyway for using e-mail and browsers - why do you need to run VBScript or Win32 binaries? And yes - I was well aware that PC executables won't run on an Amiga unless you're emulating a PC. Actually out of all the e-mail clients I've ever used YAM has been the best one - pity there isn't a PC port.
Video Game cheats, hints a
as it is with ever changing technology, theres no way to always be secure, not all the time. so no, you can never be fully protected... so again, why not keep moving?
There's nothing Intelligent about Intelligent Design.
"... why do you need to run VBScript or Win32 binaries?"
The, um, viruses are PC executables. Hence they won't run on Amiga, and that's what he meant by "incompatibility." Not that you couldn't "use the Internet," just that PC viruses won't run on your computer.
Liberty in your lifetime
Congratulations, you have just produced a "ma and pa" compliant definition of National Security.
Seriously, what else is new? When it comes to governments, civilians don't count; if saving the president or its goons is at stake, sacrificing "ma and pa" (and a whole planeload of them, at that) is always perfectly fine. They even call that "colateral damage".
Funny how citizens are not allowed to accidentaly get a cop or politician killed and call it "colateral damage" too... Democracy? Bah, who's kidding who?
Software is not supposed to be about how to work around a useability issue. - Ken Barber
world. So technically you're right, however, i was just being a smart ass! I love California (something to do with being an Okie! lol Damn Grapes of Wrath).
It looks like from this angle that my Grandmother runs the CIA, and she makes a fine apple pie too.
XLI:
The more one produces, the less one gets.
XLII:
Simple systems are not feasible because they require infinite testing.
XLIII:
Hardware works best when it matters the least.
XLIV:
Aircraft flight in the 21st century will always be in a westerly
direction, preferably supersonic, crossing time zones to provide the
additional hours needed to fix the broken electronics.
XLV:
One should expect that the expected can be prevented, but the
unexpected should have been expected.
XLVI:
A billion saved is a billion earned.
-- Norman Augustine
- this post brought to you by the Automated Last Post Generator...