Abstract
WHOIS is a publicly-accessible online directory used to map domain names to the contact information of the people who registered them (registrants). Regrettably, registrants have anecdotally complained about their WHOIS information being misused, e.g., for spam, while there is also concrete evidence that maliciously registered domains often map to bogus or protected information. All of this has brought into question whether WHOIS is still needed. In this study, we empirically assess which factors, if any, lead to a measurable degree of misuse of WHOIS data. We register 400 domains spread over the five most popular global top level domains (gTLD), using unique artificial registrant identities linked to email addresses, postal addresses, and phone numbers under our control. We collect, over six months, instances of misuse targeting our artificial registrants, revealing quantitative insights on both the extent and the factors (gTLD, domain type, presence of anti-harvesting mechanisms) that appear to have statistically-significant impact on WHOIS misuse.
Keywords
This paper is derived from a study we originally conducted for ICANN [1].
References
Leontiadis, N., Christin, N.: WHOIS misuse study (March 2014), http://whois.icann.org/sites/default/files/files/misuse-study-final-13mar14-en.pdf (last accessed July 3, 2014)
ICANN: 2013 Registrar Accreditation Agreement (2013), https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en (last accessed July 3, 2014)
Clayton, R., Mansfield, T.: A study of Whois privacy and proxy service abuse. In: Proceedings of the 13th Workshop on Economics of Information Security, State College, PA (June 2014)
Newton, A., Piscitello, D., Fiorelli, B., Sheng, S.: A restful web service for internet names and address directory services, pp. 23–32. USENIX; login (2011)
Sullivan, A., Kucherawy, M.S.: Revisiting WHOIS: Coming to REST. IEEE Internet Computing 16(3) (2012)
Hollenbeck, S., Ranjbar, K., Servin, A., Newton, A., Kong, N., Sheng, S., Ellacott, B., Obispo, F., Arias, F.: Using HTTP for RESTful Whois services by Internet registries (2012)
Expert Working Group on gTLD Directory Services: A next generation registration directory service (2013), https://www.icann.org/en/groups/other/gtld-directory-services/initial-report-24jun13-en.pdf (last accessed July 3, 2014)
ICANN. Generic Names Supporting Organization: Motion to pursue WHOIS studies, http://gnso.icann.org/en/council/resolutions#20100908-3 (2010) (last accessed July 3, 2014)
ICANN. Security and Stability Advisory Committee: Advisory on registrar impersonation phishing attacks (2008), http://www.icann.org/en/committees/security/sac028.pdf (last accessed July 3, 2014)
ICANN. Security and Stability Advisory Committee: Is the WHOIS service a source for email addresses for spammers (2007), http://www.icann.org/en/committees/security/sac023.pdf (last accessed July 3, 2014)
ICANN: gTLD–specific monthly registry reports (February 2011), http://www.icann.org/sites/default/files/mrr/[gTLD]/[gTLD]-transactions-201102-en.csv (last accessed July 3, 2014)
Elliott, K.: The who, what, where, when, and why of WHOIS: Privacy and accuracy concerns of the WHOIS database. SMU Sci. & Tech. L. Rev. 12, 141 (2008)
Dave, V., Guha, S., Zhang, Y.: Measuring and fingerprinting click-spam in ad networks. In: Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 175–186. ACM (2012)
Christin, N., Yanagihara, S., Kamataki, K.: Dissecting one click frauds. In: Proc. ACM CCS 2010, Chicago, IL, pp. 15–26 (October 2010)
Yarochkin, F., Kropotov, V., Huang, Y., Ni, G.K., Kuo, S.Y., Chen, I.Y.: Investigating dns traffic anomalies for malicious activities. In: 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), pp. 1–7. IEEE (2013)
Li, Z., Alrwais, S., Xie, Y., Yu, F., Valley, M.S., Wang, X.: Finding the linchpins of the dark web: a study on topologically dedicated hosts on malicious web infrastructures. In: IEEE Symposium on Security and Privacy, pp. 112–126. IEEE (2013)
Leontiadis, N., Moore, T., Christin, N.: Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In: Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, pp. 281–298 (August 2011)
United States Congress. House Committee on the Judiciary. Subcommittee on Courts, the Internet, and Intellectual Property: Internet Domain Name Fraud: The U.S. Government’s Role in Ensuring Public Access to Accurate WHOIS Data. H. hrg. U.S. Government Printing Office (September 2003)
WHOIS Task Force 3: Improving accuracy of collected data (2003), http://gnso.icann.org/en/issues/whois-privacy/tor3.shtml (last accessed July 3, 2014)
NORC: Proposed design for a study of the accuracy of WHOIS registrant contact information (2009), https://www.icann.org/en/system/files/files/norc-whois-accuracy-study-design-04jun09-en.pdf (last accessed July 3, 2014)
Watters, P.A., Herps, A., Layton, R., McCombie, S.: Icann or icant: Is whois an enabler of cybercrime? In: 2013 Fourth Cybercrime and Trustworthy Computing Workshop (CTC), pp. 44–49. IEEE (2013)
Anti-Phishing Working Group: Phishing attack trends report - Q2 2010 (Janurary 2010)
Mockapetris, P.: Domain names – Implementation and specification (RFC 1035). Information Sciences Institute (1987)
The Spamhaus Project: The definition of spam, http://www.spamhaus.org/consumer/definition/ (last accessed July 3, 2014)
VirusTotal: Free online virus, malware and URL scanner, https://www.virustotal.com/ (last accessed July 3, 2014)
Hosmer Jr., D.W., Lemeshow, S.: Applied logistic regression. John Wiley & Sons (2004)
Nelder, J.A., Wedderburn, R.W.M.: Generalized linear models. Journal of the Royal Statistical Society. Series A 135(3), 370–384 (1972)
Del Pino, G.: The unifying role of iterative generalized least squares in statistical algorithms. Statistical Science 4(4), 394–403 (1989)
Ye, F., Lord, D.: Comparing three commonly used crash severity models on sample size requirements: multinomial logit, ordered probit and mixed logit models. Analytic Methods in Accident Research 1, 72–85 (2014)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Leontiadis, N., Christin, N. (2014). Empirically Measuring WHOIS Misuse. In: Kutyłowski, M., Vaidya, J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8712. Springer, Cham. https://doi.org/10.1007/978-3-319-11203-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-11203-9_2
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11202-2
Online ISBN: 978-3-319-11203-9
eBook Packages: Computer ScienceComputer Science (R0)