[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more Internic nightmare (fwd)




---------- Forwarded message ----------
Date: Tue, 23 Mar 1999 17:37:37 -0800
From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
To: NANOG
Subject: Re: more Internic nightmare


Then you agree with Randy in that, there is no way to prevent whois contact
mining if the data is out there. So it now becomes a question of what do we
want more, contact info for tech use, or privacy from spam. That's some
choice. <sigh> 

I always thought the role accounts were a good partial answer (especially
where the EU privacy issue is concerned), Pre-pay is another. Note that
hostmaster addresses do not get spammed much anymore (it's a sure fire way
to get the account nuked). Another restriction could be to throttle whois
to *only* tech contact info, without a court order.

At 04:59 PM 3/23/99 -0800, Derek Balling wrote:
>On Tue, 23 Mar 1999, Roeland M.J. Meyer wrote:
>
>> Yes, this can be circumvented, but it would cost a lot more than the $70
>> for a domain registration. In addition, the whois server would know exactly
>> who is mining the data and would be able to track them, even if they spread
>> it out over months.
>
>Unless you're planning on enforcing passwords for contacts then I don't
>think it'd take all that much to SIMULATE a client, choosing random people
>from the whois database, and blaming other people for your whois queries.
>An even more intelligent system would use the tech contact for the LAST
>result as the requestor for the current one so that there would be no
>visible pattern.
>
>The source code for the client is going to be out there, so people will
>figure out how it works, reverse engineer a version that uses a forged,
>but existing, tech contact, and go on with their day.
>
>D
>
>======================================================================
>Derek J. Balling          | "Bill Gates is a monocle and a white 
>dredd@megacity.org        |  fluffy cat from being a villain in the
>http://www.megacity.org/  |  next Bond film."  - Dennis Miller
>======================================================================


___________________________________________________ 
Roeland M.J. Meyer - 
e-mail:                                      mailto:rmeyer@mhsc.com
Internet phone:                                hawk.lvrmr.mhsc.com
Personal web pages:             http://staff.mhsc.com/~rmeyer
Company web-site:                           http://www.mhsc.com
___________________________________________________ 
                       KISS ... gotta love it!