No announcement yet.

US .gov WHOIS Info Restricted Over Attacker Fears

  • Filter
  • Time
  • Show
Clear All
new posts

  • US .gov WHOIS Info Restricted Over Attacker Fears

    VeriSign Inc has stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks, ComputerWire has learned. On September 16, the company posted a notice on its web site saying that from September 13 (three days earlier) it would no longer provide FTP access to the so-called "zone file" for .gov, which contains the IP addresses of all the name servers that point to .gov domains. Ken Silva, VeriSign's director of networks and security, told ComputerWire the company had removed access to information "of potential value to hackers", and that the decision was made "in conjunction with" the General Services Administration, which administers the .gov zone file.

    Silva pointed out that while VeriSign manages the .com, .org and .net zone files, and continues to make those available to those willing to enter a no-cost agreement with the company, it does not run .gov, and merely made the data available as a free informational service. Malicious hackers wanting to take down government web sites would hypothetically be able to do so by denial-of-service attacking the name servers associated with .gov domains. It was not immediately clear if the .gov zone file data is made available in bulk from other sources, but the GSA does not seem to do so. Also removed from the FTP site was the zone file for, which is used for reverse-DNS lookups (when somebody wants to find out what domain is associated with an IP address, rather than the other way around)

    It seems so logical to take that .gov WHOIS info offline that you have to wonder why it wasn't done last year. After all, who really needs to do WHOIS look ups on government sites except hackers, mail spammers that are harvesting government email addresses and fearful folks who like checking where the IP's of mysterious visitors to their web sites originate from... I wonder whether the same will be done for the .edu and .mil which also are prime targets.. ;).

    Cameron "Mr.Tweak" Wilmot
    Managing Director
    Tweak Town Pty Ltd