Using the whois databases The InterNIC whois databases can be used to locate a point of contact for an Internet site. The following information provides directions and examples on the use of the whois databases. 1. Using the InterNIC whois database vs. the NIC whois database (excerpts from RFC 1400) As a result of the NREN NIS award by the National Science Foundation, non-DDN registration services have been transferred from the DDN NIC to the new Internet Registration Service, which is a part of an entity referred to as the InterNIC. DDN users will continue to receive full registration support from the DDN NIC. Only DDN information will be available from whois.nic.ddn.mil. The WHOIS service available from the whois.internic.net will contain individual user records only for those who serve as a Point of Contact for an active node. 2. How to Use the InterNIC Whois Database 1) At your system prompt, telnet to "rs.internic.net" or to "198.41.0.5" followed by a . e.g. % telnet rs.internic.net or % telnet 198.41.0.5 2) At the "[xterm] InterNIC >" prompt, type "whois" followed by a . e.g. [xterm] InterNIC > whois 3) At the "Whois: " prompt, type the entity for which you want information. There are several ways to search the database: * using the domain name (e.g. cert.org) e.g. Whois: cert.org * using the "domain-dom" option (e.g. cert-dom) e.g. Whois: cert-dom * using the IP net number (does not include the host number) (e.g. for cert.org, the IP net number is 192.88.209.0) e.g. Whois: 192.88.209.0 * using a name (e.g. CERT); this will give you all the instances of the name in the database, assuming there is an entry for that name e.g. Whois: CERT 4) When you have obtained the contact information, at the "Whois: " prompt, type "quit" and a , and you will be returned to the "[xterm] InterNIC > " prompt. e.g. Whois: quit [xterm] InterNIC > 5) At the "[xterm] InterNIC > " prompt, type "quit" and a , and you will be returned to your system prompt. 6) An example session: % telnet rs.internic.net Trying 198.41.0.5 ... Connected to rs.internic.net. Escape character is '^]'. SunOS UNIX 4.1 (rs) (ttyp2) *************************************************************************** * -- InterNIC Registration Services Center -- * * For gopher, type: GOPHER ** DISABLED ** * For wais, type: WAIS * For the *original* whois type: WHOIS [search string] * For referral whois type: RWHOIS [search string] * * For user assistance call (703) 742-4777 or (619) 455-4600 # Questions/Updates on the whois database to HOSTMASTER@internic.net * Please report system problems to ACTION@internic.net **************************************************************************** Please be advised that use constitutes consent to monitoring (Elec Comm Priv Act, 18 USC 2701-2711) 6/1/94 We are offering an experimental distributed whois service called referral whois (RWhois). To find out more, look for RWhois documents, a sample client and server under: gopher: (rs.internic.net) InterNIC Registration Services -> InterNIC Registration Archives -> pub -> rwhois anonymous ftp: (rs.internic.net) /pub/rwhois Cmdinter Ver 1.3 Thu Dec 22 16:41:09 1994 EST [xterm] InterNIC > whois Connecting to the rs Database . . . . . . Connected to the rs Database InterNIC WHOIS Version: 1.0 Thu, 22 Dec 94 16:41:11 Whois: whois cert.org Carnegie Mellon University (CERT1) CERT.ORG 192.88.209.5 Computer Emergency Response Team (CERT-DOM) CERT.ORG Whois: cert-dom Computer Emergency Response Team (CERT-DOM) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Domain Name: CERT.ORG Administrative Contact, Technical Contact, Zone Contact: CERT Coordination Center (CERT) cert@cert.org (412) 268-7090 (412) 268-6989 fax Record last updated on 25-Oct-94. Domain servers in listed order: CERT.ORG 192.88.209.5 TICTAC.CERT.ORG 192.88.209.21 Whois: quit [xterm] InterNIC > quit Thu Dec 22 16:43:24 1994 EST Connection closed by foreign host. % 3. How to Use the NIC Whois Database 1) At your system prompt, telnet to "nic.ddn.mil" or to "192.112.36.5" followed by a . e.g. % telnet nic.ddn.mil or % telnet 192.112.36.5 2) At the "@ " prompt, type "whois" followed by a . e.g. @ whois 3) At the "Whois: " prompt, type the entity for which you want information. 4) When you have obtained the contact information, at the "Whois: " prompt, type "quit" and a , and you will be returned to the "@ " prompt. e.g. Whois: quit 5) At the "@ " prompt, type "quit" and a , and you will be returned to your system prompt. e.g. @ quit 6) An example session: % telnet nic.ddn.mil Trying 192.112.36.5 ... Connected to nic.ddn.mil. Escape character is '^]'. SunOS UNIX (nic) (ttyp4) * -- DDN Network Information Center -- * * For TAC news, type: TACNEWS * For user and host information, type: WHOIS * For NIC information, type: NIC * For GOSIP information, type: GOSIP * * For user assistance call (800) 365-3642 or (800) 365-DNIC or (703) 802-4535 * Please report system problems to ACTION@NIC.DDN.MIL **************************************************************************** Please be advised that all INTERNET Domain, IP Network Number, and ASN records are now kept in the new Internet Registry, RS.INTERNIC.NET (198.41.0.5). Please refer to RFC 1400 for details. NIC, SunOS Release 4.1.1 (NIC) #1: Use constitutes consent to monitoring. Cmdinter Ver 1.3 Thu Dec 22 16:48:45 1994 EST @ whois Connecting to id Database . . . . . . Connected to id Database NIC WHOIS Version: 2.22 Thu, 22 Dec 94 16:49:19 Enter a handle, name, mailbox, or other field, optionally preceded by a keyword, like "host diis". Type "?" for short, 2-page details, "HELP" for full documentation, or hit RETURN to exit. ---> Do ^E to show search progress, ^G to abort a search or output <--- Whois: whois assist.mil Center for Information Systems Security Countermeasures Directorate (ASSIST-DOM) Defense Information Systems Agency 5113 Leesburg Pike, Suite 400 Falls Church, VA 22041 Domain Name: ASSIST.MIL Administrative Contact: Higgins, Michael (MH616) higginsm@CC.IMS.DISA.MIL 703-756-7980 Technical Contact, Zone Contact: Galloway, Scott (SG316) galloways@ASSIST.MIL 703-756-7974 (DSN) 289-7974 800-357-4231 Record last updated on 10-Nov-94. Domain servers in listed order: ASSIST.ASSIST.MIL 199.211.123.11 CC.IMS.DISA.MIL 164.117.176.1 MARVIN.IMS.DISA.MIL 164.117.176.2 ARTHUR.IMS.DISA.MIL 164.117.176.4 Would you like to see the known hosts under this secondary domain? no Whois: quit @ quit Thu Dec 22 16:50:29 1994 EST Connection closed by foreign host. From: "Mike Schmidt" Date: Wed, 25 Mar 1998 13:33:37 -0700 To: woods@ucar.edu (Greg Woods), sitongia@jabba.hao.ucar.edu Subject: Re: Possible active hacking attempt Cc: tres@rap.ucar.edu, csac@ucar.edu, siemsen@ucar.edu If we want to target the ISP, they have quite a range of IP addresses; % whois -h whois.apnic.net 203.108.206.0 inetnum: 203.108.144.0 - 203.108.243.255 netname: OZEMAIL-AU descr: Ozemail Limited descr: Internet Service Provider descr: Sydney country: AU admin-c: SH12-AP tech-c: SH12-AP changed: salimh@ozemail.com.au 970623 source: APNIC person: Salim Hijazi address: Ozemail Limited address: Level 2, 39 Herbert St address: St Leonards, NSW 2065 address: Sydney, Australia phone: +61-2-9433-2362 nic-hdl: SH12-AP changed: salimh@ozemail.com.au 970620 source: APNIC mike