[Rt4-whois] Two issues on Whois usage
Lutz Donnerhacke
lutz at iks-jena.de
Wed Feb 15 12:35:41 UTC 2012
Hi,
I'd like to point you to two documents which implicitly refer to WHOIS.
http://www.isc.org/files/imce/ghostdomain_camera.pdf
Problem description:
An attacker registers a domain, set up out large TTL values, starts the
phishing attack and removes the domain. The caching effect of the large
TTL values results in real world usage of the domain name, while the
registry does not have any data in the WHOIS.
Other kinds of this attack involves domain transfers or rapid contact data
changes.
Obvious solutions (might be wrong):
- Hold historic data in the WHOIS servers, allow browsing the histroy.
This requires a subtantial protocol change as well as various contact
and policy changes.
- Limit the change rate. This was sucessfully tried to prevent domain
tasting. And - of course - it will not solve the problem ;-)
http://www.online-und-recht.de/urteile/Kein-urheberrechtlicher-Internet-Auskunftsanspruch-bei-statischen-IP-Adressen-21-O-9065-11-Landgericht-Muenchen-20110524.html
Problem description (an a rough translation):
Fighting against online intellectual property misuse typically involve
requests to the access provider to map (IP address, timestamp) pairs to
subscriber contract details. In the cited case the court denied the right
to obtain this information, because the IP address was statically
assigned. So the IP address is not longer part of the call/traffic data
record (access allowed), but part of the master data record (access denied).
In order to have "easy access" to the master data record, WHOIS came into
the discussion in various law blogs.
Obvious solutions (might be wrong):
- IP WHOIS is considered to be a valid ressouce for law enforement as well
as private and civil law activities. ICANN needs to be liable for all
those kinds of law.
- IP WHOIS is shut down in order to prevent the bypass of lawful access
restrictions.
Thank you for reading.
More information about the Rt4-whois
mailing list