[Dshield] Domain Name Front Running
Darren Spruell
phatbuckett at gmail.com
Sat Dec 29 05:23:00 GMT 2007
On Dec 28, 2007 7:10 PM, Paul Ferguson <fergdawg at netzero.net> wrote:
> First, the domain registrars are NOT doing adequate oversight to
> ensure that WHOIS registry information is accurate, and in many
> cases (e.g. Domains By Proxy) the information is sheilded. So relying
> on technical contacts, abuse contacts, etc. on domains which are
> deemed problematic or just downright abusive is zero gain -- it is
> virtually always incorrect, just plain wrong, or fudged altogether.
>
> In other words, the domain registrars/registries have allowed
> abusers to abuse the system -- legitimate users don't do that.
>
> Having said that, you can pretty much forget trying to use WHOIS
> for domain registry information.
For IP lookups (as with the Cymru lookup), domain
registrars/registries don't come into the picture, do they?
> On the other hand, the RIRs (the various IP registries, or
> Regional Internet Registries) have very good and mostly accrate
> allocation information which is useful in this case.
I'm under the assumption that the information provided by a Cymru
Whois lookup comes from IP registries / RIRs. Example:
203.117.111.102 "4657 | SG | apnic | 1996-01-18 | STARHUBINTERNET-AS
Starhub Internet, Singapore"
I get the same information directly querying www.apnic.net for 203.117.111.102.
DS
More information about the list
mailing list