It’s important to note that domain-related items (such as sitewelder.com) are
registered separately from IP-related items (such as IP net-blocks, BGP autonomous
system numbers, etc.). This means we will have two different paths in our methodology
for finding these details. Let’s start with domain-related details, using keyhole.com as an
example.
The first order of business is to determine which one of the many WHOIS servers
contains the information we’re after. The general process flows like this: the authoritative
Registry for a given TLD, “.com” in this case, contains information about which Registrar
the target entity registered its domain with. Then you query the appropriate Registrar to
find the Registrant details for the particular domain name you’re after. We refer to these
as the “Three Rs” of WHOIS: Registry, Registrar, and Registrant.
There are many places on the Internet that offer one-stop-shopping for WHOIS
information, but it’s important to understand how to find the information yourself for
those times that the auto-magic tools don’t work. Since the WHOIS information is based
on a hierarchy, the best place to start is the top of the tree—ICANN. As mentioned above,
ICANN (IANA) is the authoritative registry for all of the TLDs and is a great starting
point for all manual WHOIS queries If we surf to http://whois.iana.org, we can search for the authoritative registry for all
of .com. This search shows us that the authoritative registry for .com is
Verisign Global Registry Services at http://www.verisign-grs.com. If we go to that site
and click the Whois link to the right, we get the Verisign Whois Search page where we
can search for keyhole.com and find that keyhole.com is registered through http://
www.markmonitor.com. If we go to that site and search their “Search Whois” field on the
right, we can query this registrar’s WHOIS server via their web interface to
find the registrant details for keyhole.com—voilà!
This registrant detail provides physical addresses, phone numbers, names, e-mail
addresses, DNS server names, IPs, and so on. If you follow this process carefully, you shouldn’t have too much trouble finding registrant details for any (public) domain name
on the planet. Remember, some domains like .gov and .mil may not be accessible to the
public via WHOIS.
To be thorough, we could have done the same searches via the command-line WHOIS
client with the following three commands:
[bash]$ whois com –h whois.iana.org
[bash]$ whois keyhole.com –h whois.verisign-grs.com
[bash]$ whois keyhole.com –h whois.omnis.com
There are also several websites that attempt to automate this process with varying
degrees of success:
• http://www.allwhois.comhttp://www.uwhois.com
• http://www.internic.net/whois.html
Last but not least, there are several GUIs available that will also assist you in your
searches:
• SamSpade http://www.samspade.org
• SuperScan http://www.foundstone.com
• NetScan Tools Pro http://www.nwpsw.com
Once you’ve homed in on the correct WHOIS server for your target, you may be able
to perform other searches if the registrar allows it. You may be able to find all the domains
that a particular DNS server hosts, for instance, or any domain name that contains a
certain string. These types of searches are rapidly being disallowed by most WHOIS
servers, but it is still worth a look to see what the registrar permits. It may be just what
you’re after.
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন