[23496] in North American Network Operators' Group
Re: more Internic nightmare
daemon@ATHENA.MIT.EDU (Derek Balling)
Tue Mar 23 20:01:43 1999
Date: Tue, 23 Mar 1999 16:59:45 -0800 (PST)
From: Derek Balling <dredd@megacity.org>
To: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
Cc: Randy Bush <randy@psg.com>, Rich Sena <ras@poppa.thick.net>,
nanog@merit.edu, cgomes@internic.net
In-Reply-To: <4.1.19990323164158.06b41960@pop.mhsc.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 23 Mar 1999, Roeland M.J. Meyer wrote:
> Yes, this can be circumvented, but it would cost a lot more than the $70
> for a domain registration. In addition, the whois server would know exactly
> who is mining the data and would be able to track them, even if they spread
> it out over months.
Unless you're planning on enforcing passwords for contacts then I don't
think it'd take all that much to SIMULATE a client, choosing random people
from the whois database, and blaming other people for your whois queries.
An even more intelligent system would use the tech contact for the LAST
result as the requestor for the current one so that there would be no
visible pattern.
The source code for the client is going to be out there, so people will
figure out how it works, reverse engineer a version that uses a forged,
but existing, tech contact, and go on with their day.
D
======================================================================
Derek J. Balling | "Bill Gates is a monocle and a white
dredd@megacity.org | fluffy cat from being a villain in the
http://www.megacity.org/ | next Bond film." - Dennis Miller
======================================================================
