|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Why would you think that the whois database would be of any help in tracking down hackers, or more appropriately, crackers? FYI, hackers are good folks - coders and researchers for the most part. Crackers are malicious. Crackers will do everything they can to hide their activity and most certainly use remote machines to do their dirty work. The only way to track them is using sophisticated prcocesses. I have never even looked at the whois for information with hopes of finding a cracker. I have tracked using IP addresses to find source of packets. People are mistaken in thinking that the whois is meant for this use. Knowing who holds a domain does nothing at all for you in tracking crackers. You need to find who has the IP address of the offending packets and then how they used the machine that uses that IP address, etc. The same is true for spam. Rarely will you find the true domain name attached to a spam message. Most are spoofed. Again, you have to go to the IP addresses in the headers and track from there using the DNS "dig" or "host" to find who has that IP address and hope that the DNS provider has listed the correct email address for that mail server. If tracking security breaches was easy, we wouldn't be so concerned with it, would we? It would be a simple task to rid ourselves of the problem. It IS a nightmare, but the whois is the wrong tool to use in finding them. Leah Gallegos [Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index] |