Saturday, December 27, 2008

A Whois Tutorial Using Network Tools. Amazing!

The Whois tool is part of the Network tools found in Ubuntu and is readily available for all other operating systems.
It is also the feature tool of the following mini tutorial. I enjoy networking and network security. It's a hobby of mine. :-)

Many people don't realize how much info can be gleaned by using Whois. I hope to open the door and provide some education on the use of these tools.
The Network Tools feature is found in the System-Administration section of the Ubuntu menu.
Let's open it up and click on the Whois tab.

For this tutorial I will be using a page I found during a Google search of Windows anti-virus reviews.
I have numerous Windows customers and like to keep on top of the ever changing technology.

One of the first pages that came up in my search was a site titled 2009 Security Software Reviews.
The page had reviews for numerous anti-virus software. Many of the reviewed anti-virus software were easily recognizable but a few weren't.
And a few of the more notables were missing but I was after any info I could find and started reading the reviews.
Now the fun begins!

When using Whois you don't use the http or the www portion of the address. All you need is the website's name and the domain extension like .com, .net, .org, etc.
So let's put the following address in Whois and click the Whois button;
2009securitysoftwarereviews.com


A few seconds later Whois provides the following info;

Registrant:
Star Advertising
P.O. Box 8044
Delray Beach, Florida 33484
United States

Registered through: GoDaddy.com, Inc.
Created on: 25-Feb-08
Expires on: 25-Feb-10
Last Updated on: 03-Mar-08

Administrative Contact:
Frischman, Arthur arthur@frischman.com
Star Advertising, Inc.
150 West 25th Street
Suite 904
New York, New York 10001
United States
(561) 251-7198 Fax --

Technical Contact:
Frischman, Arthur arthur@frischman.com
Star Advertising, Inc.
150 West 25th Street
Suite 904
New York, New York 10001
United States
(561) 251-7198 Fax --

Domain servers in listed order:
NS1.RACKMY.COM
NS2.RACKMY.COM


Hmmmm....... We see that the contact info is Arthur Frischman at arthur@frischman.com
You want to make a note of that for later.
We also see that this review site is owned by Star Advertising.

Let's copy the above info and paste it into a text document for future reference.
Now let's take a look at the website of the #1 rated security software.
It can be found and purchased here;
pcsecurityshield.com

Clear out the Domain Address search window of Whois and insert the following address in Whois and click the button;
pcsecurityshield.com


A Whois search provides us with this info;

Registrant:
PCSecurityShield
601 N Congress Avenue
Suite 303
Delray Beach, Florida 33445
United States

Registered through: GoDaddy.com, Inc.
Domain Name: PCSECURITYSHIELD.COM
Created on: 04-Dec-03
Expires on: 04-Dec-11
Last Updated on: 28-Aug-06

Administrative Contact:
Frischman, Arthur arthur@pcsecurityshield.com
PCSecurityShield
601 N Congress Avenue
Suite 303
Delray Beach, Florida 33445
United States
5612433247 Fax -- 5612433249

Technical Contact:
Frischman, Arthur arthur@pcsecurityshield.com
PCSecurityShield
601 N Congress Avenue
Suite 303
Delray Beach, Florida 33445
United States
5612433247 Fax -- 5612433249

Domain servers in listed order:
NS1.RACKMY.COM
NS2.RACKMY.COM


Again we see that the contact info is Arthur Frischman at arthur@frischman.com
We also see that the street addresses are different but the city and state are the same.
They use different email address domains but both use arthur@.
They both use the same domain servers.
Isn't that interesting?!!!!

Now let's dig a bit deeper and use the resources found at;
http://www.robtex.com/dns

Doing a search of frischman.com gave me this page;
http://www.robtex.com/dns/www.frischman.com.html

I'll let you the reader make a decision and draw your own conclusions from the above info.
As you can see, using the Whois tool can provide some good info which allows you to investigate
website and domain info.
Never take claims on the internet at face value. Do a little research before making a decision.
It only takes you a few minutes and can provide you with good hard facts.

The foregoing shows how and why the use of domain proxies has become more prevalent.
A proxy allows the registrant of a domain name to hide all contact and address info from a search.
The implications and consequences of such secrecy should be obvious to the reader.
However, in an upcoming article I will show you more ways of finding who owns a domain name.
I will also continue my mini-series tutorials of the Domain Tools included with Ubuntu.


Be safe!

TaZMAn


4 comments:

Unknown said...
This comment has been removed by a blog administrator.
Anonymous said...

Maybe Cartoreso network mapper would be useful (create map of large networks)

http://tips-linux.net/en/content/cartoreso-network-mapper

Anonymous said...

Hello

I downloaded whois for Ubuntu.

It's a cli. There is no button to click.

Unknown said...

Thanks for your useful information. I got more details about whois tool .There are lot of ways available to check whois information. I have checked whois history from this site Whoisxy.com