[GTER] ICANN reforming the WHOIS database - Network World

Fri Jun 27 14:18:26 -03 2003

NETWORK WORLD NEWSLETTER - 06/26/03
Today's focus: ICANN reforming the WHOIS database
By M. E. Kabay

In fighting spam and other forms of Internet and e-mail abuse, 
many defenders of the 'Net have noticed that the worst offenders 
often include obviously false information in their WHOIS 
database entries. The WHOIS database records the contact 
information for each registered domain in the DNS.
In my attacks on originators of spam, I've often seen the phone 
number (nnn) 555-1212 (where nnn is an area code) supplied as 
the contact point; addresses such as "12345 Street Road" with 
bogus ZIP codes; real-looking phone numbers that turn out to be 
nonexistent or disconnected; and countless e-mail addresses that 
bounce like the walls in a squash court.
The Internet Corporation for Assigned Names and Numbers (ICANN) 
regulates the administrative infrastructure of the Internet. In 
March, the board of directors voted to accept four important 
recommendations from the Generic Names Supporting Organization 
Council to maintain the integrity of information in the WHOIS 
database.

Here are the recommendations:

"1. Accuracy of WHOIS Data.

"A. At least annually, a registrar must present to the 
Registrant the current WHOIS information, and remind the 
registrant that provision of false WHOIS information can be 
grounds for cancellation of their domain name registration. 
Registrants must review their WHOIS data, and make any 
corrections.

"B. When registrations are deleted on the basis of submission of 
false contact data or non-response to registrar inquiries,
the redemption grace period - once implemented - should be
applied. However, the redeemed domain name should be placed
in registrar hold status until the registrant has provided
updated WHOIS information to the registrar-of-record.

"2. Bulk Access to WHOIS Data.

"A. Use of bulk access WHOIS data for marketing should not be 
permitted. The Task Force therefore recommends that the 
obligations contained in the relevant provisions of the RAA
be modified to eliminate the use of bulk access WHOIS data
for marketing purposes...

"B. Section 3.3.6.5 of the Registrar Accreditation Agreement 
currently describes an optional clause of registrars' bulk 
access agreements, which disallows further resale or 
redistribution of bulk WHOIS data by data users. The use of
this clause shall be made mandatory."

In addition, the recommendations strongly support development of 
"a reliable contact point to receive and act upon reports of 
false WHOIS data." The recommendation continued, "ICANN should 
encourage registrars to (i) provide training for these contact 
points in the handling of such reports, and (ii) require 
re-sellers of registration services to identify and train 
similar contacts."

These measures will help to fight the scourge of spam by 
shutting down entire domains run by dishonest people. They will 
also inadvertently shut down perfectly legitimate domains whose 
owners are too disorganized to keep their information up to 
date. If you run a business that depends on the existence of 
your own domain (e.g., for your own Web site or to send and 
receive important e-mail), you had better put proper measures 
into place to ensure that a named individual (and a backup 
person) are explicitly responsible for keeping the WHOIS 
database correctly updated (and your DNS registration fees paid 
on time) or you might suffer a self-imposed denial of service.
Lastly, as you consider how to comply with these regulations and 
update your own registration information, keep one other factor 
in mind: no one has asked you to provide information that would 
permit easy social engineering. For example, you don't have to 
provide the exact name of the person(s) who will be the 
administrative contact and the technical contact; instead, you 
can give a title (e.g., Hostmaster) and an accurate and working, 
but generic e-mail address such as <mailto:hostmaster at domain.tld>. 
The additional benefit of such a system is that you control where 
e-mail directed to this address ends up; this flexibility means 
you don't have to update the WHOIS database every time you 
reassign responsibility for the domain to another employee. 
For the same reasons, the phone number can be the switchboard 
rather than a specific extension, thus allowing you to direct 
calls to the right person without giving away valuable internal 
information that might support a criminal hacker's attempts to 
spoof someone's identity.

RELATED EDITORIAL LINKS

ICANN
http://www.icann.org/

Minutes of Meeting of the Board of Directors of ICANN, March 27
http://www.icann.org/minutes/minutes-27mar03.htm

Security appliance adds P-to-P controls
Network World, 06/23/03
http://www.nwfusion.com/news/2003/0623tipping.html

_______________________________________________________________
To contact: M. E. Kabay
NEW! 18-month online Master of Science in Information Assurance 
offered by Norwich University <http://www3.norwich.edu/msia>.
Look for the "Computer Security Handbook, 4th Edition" edited by 
Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 
0-4714-1258-9. 
Available now at your technical bookstore or from Amazon 
<http://www.amazon.com/exec/obidos/ASIN/0471412589/tag=fusion0e>.
M. E. Kabay, Ph.D., CISSP, is Associate Professor in the 
Department of Computer Information Systems at Norwich University 
in Northfield, Vt. Mich can be reached by e-mail 
<mailto:mkabay at norwich.edu> and his Web site 
<http://www2.norwich.edu/mkabay/index.htm>.
_______________________________________________________________
ARCHIVE LINKS
Archive of the Security newsletter:
http://www.nwfusion.com/newsletters/sec/index.html
Breaking security news:
http://www.nwfusion.com/topics/security.html
_______________________________________________________________
SECURITY, VIRUS & BUG, SECURITY ALERT AND ALL OTHERS 
"Interview with the Spammer" - An audio webcast sponsored by 
Network World and IntelliReach on Wednesday, June 25, 2003, 
12:00 PM EST. This event will give you exclusive insight into 
the mindset and tactics of the most notorious spammers in the 
world. Register now at 
http://www.fattail.com/redir/redirect.asp?CID=29597 
_______________________________________________________________
FEATURED READER RESOURCE
CASE STUDIES Fully understand the challenges and the environment 
facing network IT professionals like yourself; and how solutions 
and products they implemented solved these technology 
challenges. 
http://www.nwfusion.com/productcentral/casestudies.html?sort=1
_______________________________________________________________
May We Send You a Free Print Subscription? 
You've got the technology snapshot of your choice delivered 
at your fingertips each day. Now, extend your knowledge by 
receiving 51 FREE issues to our print publication. Apply 
today at http://www.subscribenw.com/nl2
International subscribers click here: 
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES 
To subscribe or unsubscribe to any Network World e-mail 
newsletters, go to: 
http://www.nwwsubscribe.com/Changes.aspx 
To unsubscribe from promotional e-mail go to: 
http://www.nwwsubscribe.com/Preferences.aspx
To change your e-mail address, go to: 
http://www.nwwsubscribe.com/ChangeMail.aspx 
Subscription questions? Contact Customer Service by replying to 
this message. 
Have editorial comments? Write Jeff Caruso, Newsletter Editor, 
at: mailto:jcaruso at nww.com 
For advertising information, write Alonna Doucette, V.P. of 
Online Development, at: mailto:sponsorships at nwfusion.com
Copyright Network World, Inc., 2003
------------------------