como se interpreta la salida de whois?

Iniciado por lucas25cba, 9 Octubre 2012, 23:48 PM

0 Miembros y 1 Visitante están viendo este tema.

lucas25cba

Por lo que tengo entendido, el comando whois lista informacion sobre el propietario del dominio especificado.
Desde una consola linux ejecuto lo siguiente

:~$ whois elhacker.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: ELHACKER.NET
   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
   Whois Server: whois.melbourneit.com
   Referral URL: http://www.melbourneit.com
   Name Server: NS93.ELHACKER.NET
   Name Server: NS993.ELHACKER.NET
   Status: clientTransferProhibited
   Updated Date: 21-sep-2012
   Creation Date: 22-feb-2001
   Expiration Date: 22-feb-2018

>>> Last update of whois database: Tue, 09 Oct 2012 21:42:12 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Domain Name.......... elhacker.net
  Creation Date........ 2001-02-23
  Registration Date.... 2001-02-23
  Expiry Date.......... 2018-02-23
  Organisation Name.... Alex Bov?
  Organisation Address. PO Box 61359
  Organisation Address.
  Organisation Address.
  Organisation Address. Sunnyvale
  Organisation Address. 94088
  Organisation Address. CA
  Organisation Address. US

Admin Name........... Admin PrivateRegContact
  Admin Address........ PO Box 61359
  Admin Address........ registered post accepted only
  Admin Address........
  Admin Address. Sunnyvale
  Admin Address........ 94088
  Admin Address........ CA
  Admin Address........ US
  Admin Email.......... contact@myprivateregistration.com
  Admin Phone.......... +1.5105952002
  Admin Fax............

Tech Name............ TECH PrivateRegContact
  Tech Address......... PO Box 61359
  Tech Address......... registered post accepted only
  Tech Address.........
  Tech Address......... Sunnyvale
  Tech Address......... 94088
  Tech Address......... CA
  Tech Address......... US
  Tech Email........... contact@myprivateregistration.com
  Tech Phone........... +1.5105952002
  Tech Fax.............
  Name Server.......... ns993.elhacker.net
  Name Server.......... ns93.elhacker.net



Y luego
:~$ whois 198.59.115.19
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=198.59.115.19?showDetails=true&showARIN=false&ext=netref2
#


# start

NetRange:       198.59.96.0 - 198.59.191.255
CIDR:           198.59.96.0/19, 198.59.128.0/18
OriginAS:       
NetName:        WEST-198-NM
NetHandle:      NET-198-59-96-0-1
Parent:         NET-198-59-0-0-1
NetType:        Reallocated
RegDate:        1994-10-19
Updated:        2004-09-10
Ref:            http://whois.arin.net/rest/net/NET-198-59-96-0-1

OrgName:        New Mexico Technet
OrgId:          NM
Address:        5921 Jefferson NE
City:           Albuquerque
StateProv:      NM
PostalCode:     87109
Country:        US
RegDate:        1988-03-11
Updated:        2011-09-24
Ref:            http://whois.arin.net/rest/org/NM

OrgTechHandle: IO29-ARIN
OrgTechName:   Oso Grande Technologies Inc
OrgTechPhone:  +1-505-343-7630
OrgTechEmail:  noc@osogrande.com
OrgTechRef:    http://whois.arin.net/rest/poc/IO29-ARIN

OrgAbuseHandle: IO29-ARIN
OrgAbuseName:   Oso Grande Technologies Inc
OrgAbusePhone:  +1-505-343-7630
OrgAbuseEmail:  noc@osogrande.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/IO29-ARIN

RTechHandle: LH100-ARIN
RTechName:   Hays, Larry
RTechPhone:  +1-505-345-1748
RTechEmail:  noc@technet.nm.org
RTechRef:    http://whois.arin.net/rest/poc/LH100-ARIN

# end


# start

NetRange:       198.59.0.0 - 198.60.255.255
CIDR:           198.59.0.0/16, 198.60.0.0/16
OriginAS:       
NetName:        NETBLK-WESTNET
NetHandle:      NET-198-59-0-0-1
Parent:         NET-198-0-0-0-0
NetType:        Direct Allocation
RegDate:        1993-02-09
Updated:        2003-03-27
Ref:            http://whois.arin.net/rest/net/NET-198-59-0-0-1

OrgName:        WestNet, Inc.
OrgId:          WEST
Address:        3645 Marine Street
City:           Boulder
StateProv:      CO
PostalCode:     80309-0455
Country:        US
RegDate:        1992-08-29
Updated:        2003-03-26
Ref:            http://whois.arin.net/rest/org/WEST

OrgAbuseHandle: ABUSE245-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-303-492-4409
OrgAbuseEmail:  abuse@westnet.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE245-ARIN

OrgTechHandle: DCMW-ARIN
OrgTechName:   Wood, David CM
OrgTechPhone:  +1-303-492-4905
OrgTechEmail:  dcmwood@spot.colorado.edu
OrgTechRef:    http://whois.arin.net/rest/poc/DCMW-ARIN

RAbuseHandle: ABUSE245-ARIN
RAbuseName:   Abuse
RAbusePhone:  +1-303-492-4409
RAbuseEmail:  abuse@westnet.net
RAbuseRef:    http://whois.arin.net/rest/poc/ABUSE245-ARIN

RTechHandle: DCMW-ARIN
RTechName:   Wood, David CM
RTechPhone:  +1-303-492-4905
RTechEmail:  dcmwood@spot.colorado.edu
RTechRef:    http://whois.arin.net/rest/poc/DCMW-ARIN

# end


# start

NetRange:       198.59.115.0 - 198.59.115.255
CIDR:           198.59.115.0/24
OriginAS:       
NetName:        DBACYBER
NetHandle:      NET-198-59-115-0-1
Parent:         NET-198-59-96-0-1
NetType:        Reallocated
RegDate:        1994-10-20
Updated:        2001-06-22
Ref:            http://whois.arin.net/rest/net/NET-198-59-115-0-1

OrgName:        Southwest Cyberport
OrgId:          SWCP
Address:        5021 Indian School NE
Address:        Suite 600
City:           Albuquerque
StateProv:      NM
PostalCode:     87110
Country:        US
RegDate:        1994-10-20
Updated:        2011-09-24
Ref:            http://whois.arin.net/rest/org/SWCP

ReferralServer: rwhois://rwhois.swcp.com:4321/

OrgTechHandle: MC143-ARIN
OrgTechName:   Costlow, Mark
OrgTechPhone:  +1-505-232-7992
OrgTechEmail:  cheeks@swcp.com
OrgTechRef:    http://whois.arin.net/rest/poc/MC143-ARIN

OrgAbuseHandle: MC143-ARIN
OrgAbuseName:   Costlow, Mark
OrgAbusePhone:  +1-505-232-7992
OrgAbuseEmail:  cheeks@swcp.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/MC143-ARIN

OrgNOCHandle: ZS132-ARIN
OrgNOCName:   Hostmaster
OrgNOCPhone:  +1-505-232-7992
OrgNOCEmail:  hostmaster@swcp.com
OrgNOCRef:    http://whois.arin.net/rest/poc/ZS132-ARIN

RTechHandle: MC143-ARIN
RTechName:   Costlow, Mark
RTechPhone:  +1-505-232-7992
RTechEmail:  cheeks@swcp.com
RTechRef:    http://whois.arin.net/rest/poc/MC143-ARIN

# end


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#



Se ha encontrado una referencia a rwhois.swcp.com:4321.

%rwhois V-1.5:003eff:00 rwhois.swcp.com (by Network Solutions, Inc. V-1.5.9.3)
network:Class-Name:network
network:ID:NETBLK-SWCP-4-198.59.115.0/26
network:Auth-Area:198.59.115.0/24
network:Network-Name:NET-SWCP4-SWCP
network:IP-Network:198.59.115.0/26
network:Name-Server;I:kitsune.swcp.com
network:Name-Server;I:ns1.swcp.com
network:Org-Name:Southwest Cyberport
network:Street-Address:5021 Indian School NE Ste 600
network:City:Albuquerque
network:State:NM
network:Postal-Code:87110-8910
network:Country-Code:US
network:Created:1994-06-01
network:Changed:2001-01-19
network:Tech-Contact;I:ZS132-ARIN
network:Tech-Name:Southwest Cyberport
network:Tech-Phone:+1-505-232-7992
network:Tech-Email:hostmaster@swcp.com
network:Updated-By:hostmaster@swcp.com
network:Reason:local services (mail, web, etc)

%referral rwhois://rwhois.arin.net:4321/auth-area=.
%ok


La eleccion de la Ip del segundo caso es arbitrario.
Como se interpretan estas dos salidas?

Desde ya, muchas gracias!

Diabliyo

En primera es solo cuestion que veas el resultado y sabes por donde va...

Pero lo mas importante o bien, "en resumen" es que whois es utilizado constantemente para obtener las credenciales de un sitio web y los DNSs.

Las credenciales seria la informacion de contacto y registro de los propietarios del dominio.

Y los DNSs para saber que servidores estan resolviendo el dominio.

Saludos !