Re: Re[4]: [ga] WHOIS policy primer

["L. Gallegos" <jandl@jandl.com>]

On Wednesday 28 August 2002 01:32 am, Allan Liska wrote:
> Hello L.,
>
> Tuesday, August 27, 2002, 11:44:28 PM, you wrote:
>
>
> LG> So look up the SOA for the domain (dig) and use the Postmaster
> LG> address to reach the domain owner if you need to converse with
> LG> him/her.  However, if the domain is being hosted by an ISP, that is
> LG> where you need to make contact, not with the domain owner unless you
> LG> want to purchase the domain.
>
> Won't work, the address listed in the SOA is generally an
> administrator for the DNS server, not the administrator for the
> domain.  I am specifically interested in contacting someone from the
> organization, not the person managing the DNS server.

The responsible person for the domain is the postmaster@ address for the 
domain.  If that is not accurate, what makes you think the whois information 
is accurate?

>
> >> Examples of times when I have needed to get in touch with a domain
> >> owner:
> >>
> >> 1. Receiving virus infected e-mails from a user of a domain.  Yes, I
> >> can /dev/null the e-mails, but I want the account cleaned up -- the
> >> ISP is not going to do that, the owner of the domain will.
>
> LG> Not necessarily.  The ISP needs to know about the infected machine.
> LG> The domain name holder may have nothing to do with the virus at all
> LG> unless it is his personal machine that is infected.  The domain name
> LG> has nothing to do with the virus infecting a machine.
>
> Why would the ISP need to know about a virus infected machine?  
Because that machine is passing infected mail throughout his network via his 
mail server.

Once
> again, if you really think that is the case, the next time you get a
> virus, call your ISP's NOC and tell them.  
I call the ISP for the machine that is passing the infected mail AND my ISP so 
they know the source of hte virus infection sending mail through that server.

The domain has everything
> to do with the virus, especially in the case of worm/virus hybrids
> like Melissa and Klez.  They don't mask the sender, but that mailbox
> quickly becomes full -- it needs to be killed.

Those viruses send using addresses located in the windoze address book of hte 
infected machine.  It most likely has nothing to do with the domain name 
holder at all.  I have several domains, but have never sent a virus that I 
know of based on a domain name of mine.  However, I was infected twice on my 
wincrash box which then sent out one or two infected emails before I caught 
it.  I don't have more than a couple of addresses in any windoze address 
book, so it was easy to notify those who received the infected mail.  

Agaom. it had absolutely nothing to do with any domain name I hold.  It was my 
personcal machine that received a virus from someone on this list and I was 
dumb enough to click on it.  the infected machine that sent the virus also 
had nothing to do with a domain name.  He had received the virus through an 
email and was as dumb as I was, so it sent itself to all his addressbook 
addys too.  That's how a virus works. 

Now tell me just how contacting me as a domain name holder would have any 
effect on killing the virus?  Once I had the virus, my machine was shut down 
since it killed Explorer anyway. (at least one of them did - MTX)

You keep insisting that a domain name holder is somehow responsible for a 
virus being propagated and you keep being told that it is unrelated and has 
everthing to do with individual pc's.  You still have to trace the IP address 
as the source of the virus infection, not the domain name holder. If a domain 
name holder happens to be the originator of a virus, that is a totall 
different matter and would not be up to you to trace it unless you happened 
to stumble upon it.  It is a criminal offense and up to legal enforcement 
agencies to ferret it out.  However, you are talking about the propagation of 
a virus via individual pc's email.

In the case of a website page that is propagating a virus via milicious code, 
you would want to contact the technical person hosting that website.  The 
designer or domain name holder would not help since he designed it.  I think 
yoiu would find the ISP would shut the site down pretty darn quickly once 
notified just to avoid liability.

You still have not made a case for needing the registrant information.

Leah

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html