[Dshield] Domain Name Front Running

John Draper lists at webcrunchers.com
Fri Dec 28 23:19:39 GMT 2007 

Jim McCullough wrote:
> I found an interesting article hitting slashdot.org today regarding domain
> name front running and the whois searches.   The following links are from
> slashdot and I have not had the chance to dig any deeper into the issue.  I
> am looking into it further but was curious if anyone else was noticing a
> similiar type of issue.
>
>
> http://it.slashdot.org/article.pl?sid=07/12/28/1458247
> http://www.dailydomainer.com/2007173-who-is-monitoring-your-domain-searches-update.html
> http://img.domaintools.com/blog/domain-name-front-running.pdf
> http://blog.domaintools.com/2007/03/stealing-domain-name-research/
>
>
>   
Hmmm - yea - and this is going to make even harder to use "Whois" in 
fighting spam.
Even now,  the whois servers are really tightening up on using it to 
find out who owns
an IP Block.   You can no longer do repeated Whois queries without being 
blocked.
So to attempt to glean information on the IP Block an infected host sits 
on,  you can
no longer do it..

I heard there are SOME ways of doing multiple Whois queries by 
"batching" them,
but didn't find much information on it.

There needs to be another kind of IP Whois server... one specifically 
designed for
fighting spam...    Most follow a normal tamplate like ERIN, APNIC, and 
such...

But we need one that can do this..

  * reveal the IP block the IP in question is in
  * reveal the Abuse Email in cases of Abuse.
 
THAT'S IT...  Then,  when I come across spam from some IP address,  I 
can learn the size of the IP block,  and an Abuse Email address where I 
can report it.  I'm sure SpamCop would also use something like this.

But now,  I don't care about it anymore,  because I FINALLY white listed 
my old and very much spammed Email.  Before I did that,  I was getting 
6000 spams a DAY...  with more then 60% of them sending it to me 
personally with MY name and address.  Spammers obviously know me,  and 
have been harrassing me for years.  I fought back implementing a very 
aggressive spam reporting engine I call "SpamCrunchers" - where from 
July 2004 - Sept 2004 I shut down more then 750,000 trojan zombies.

Most whois servers do this already,  but adds a lot of other info not 
important for spam reporting.

Then,  there is always this problem of keeping the database updated...

john

More information about the list mailing list