SHARE
SPREAD
HELP

The Tradition of Sharing

Help your friends and juniors by posting answers to the questions that you know. Also post questions that are not available.

To start with, Sr2Jr’s first step is to reduce the expenses related to education. To achieve this goal Sr2Jr organized the textbook’s question and answers. Sr2Jr is community based and need your support to fill the question and answers. The question and answers posted will be available free of cost to all.

The pleasure of all reading is doubled when one lives with another who shares the same. -Katherine Mansfield

 

#
Authors:
James F. Kurose, Keith W. Ross
Chapter:
Application Layer
Exercise:
Problems
Question:18 | ISBN:9780132856201 | Edition: 6

Question

a. What is a whois database?

b. Use various whois databases on the Internet to obtain the names of two DNS servers. Indicate which whois databases you used.

c. Use nslookup on your local host to send DNS queries to three DNS servers: your local DNS server and the two DNS servers you found in part (b). Try querying for Type A, NS, and MX reports. Summarize your findings.

d. Use nslookup to find a Web server that has multiple IP addresses. Does the Web server of your institution (school or company) have multiple IP addresses?

e. Use the ARIN whois database to determine the IP address range used by your university.

f. Describe how an attacker can use whois databases and the nslookup tool to perform reconnaissance on an institution before launching an attack.

g. Discuss why whois databases should be publicly available.

TextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbook

Answer

a)

The database "whois" is a type of database and it is used to store data of registered users of the internet like domain name (Example: www.sr2jr.com), mapped IP address (Example: 156.52.18.237 ), alex rank (Example: rank 10000 for www.sr2jr.com), etc. 

b)

I searched the keyword "whois" database in the google. I found many DNS(Domain Naming System) servers in the google.

I prefered the following two DNS servers:

  1. http://whois.icann.org
  2. http://whois.domaintools.com/

c)

Open command prompt window and type "nslookup".

The following screen shots have Type A, NS, and MX reports:

d)
Yes, the Web server of school/company have multiple IP addresses after my observations.

e)
USe the ARIN( American Registry for Internet Numbers ) to found the IP address range.

The range of IP address of univerysity (example: sr2jr) is 10.20.3.27 – 12.10.24.24 and 139.111.12.50 – 139.152.16.75.

f)
The attackers collect every IP address the institution using and target those IP Addresses to attack by using whois databases and the nslookup tools. So, every institution require secure connections  and strong end-user authentication.

g)
The "whois" databases should be publicly available.  It is used to  find out registration and IP information about registered domains.

  • The main reason is identity of everyone in the world for the communication of growth.
  • If people wants to verify data about a particular institutue/company domain, they can use a whois database simply.
  • If it is not publicly avilable, then it is difficulty to find the domain data in other ways.
0 0

Discussions

Post the discussion to improve the above solution.