a. What is a whois database?
b. Use various whois databases on the Internet to obtain the names of two DNS servers. Indicate which whois databases you used.
c. Use nslookup on your local host to send DNS queries to three DNS servers: your local DNS server and the two DNS servers you found in part (b). Try querying for Type A, NS, and MX reports. Summarize your findings.
d. Use nslookup to find a Web server that has multiple IP addresses. Does the Web server of your institution (school or company) have multiple IP addresses?
e. Use the ARIN whois database to determine the IP address range used by your university.
f. Describe how an attacker can use whois databases and the nslookup tool to perform reconnaissance on an institution before launching an attack.
g. Discuss why whois databases should be publicly available.
a)
The database "whois" is a type of database and it is used to store data of registered users of the internet like domain name (Example: www.sr2jr.com), mapped IP address (Example: 156.52.18.237 ), alex rank (Example: rank 10000 for www.sr2jr.com), etc.
b)
I searched the keyword "whois" database in the google. I found many DNS(Domain Naming System) servers in the google.
I prefered the following two DNS servers:
c)
Open command prompt window and type "nslookup".
The following screen shots have Type A, NS, and MX reports:
d)
Yes, the Web server of school/company have multiple IP addresses after my observations.
e)
USe the ARIN( American Registry for Internet Numbers ) to found the IP address range.
The range of IP address of univerysity (example: sr2jr) is 10.20.3.27 – 12.10.24.24 and 139.111.12.50 – 139.152.16.75.
f)
The attackers collect every IP address the institution using and target those IP Addresses to attack by using whois databases and the nslookup tools. So, every institution require secure connections and strong end-user authentication.
g)
The "whois" databases should be publicly available. It is used to find out registration and IP information about registered domains.