Private whois services

From pre-attack
Jump to: navigation, search


Private whois services
Technique
ID PRE-T1082
Tactic Adversary OPSEC

Definition

Every domain registrar maintains a publicly viewable database that displays contact information for every registered domain. Private 'whois' services display alternative information, such as their own company data, rather than the owner of the domain.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Commercially available or easy to set up and/or register using a disposable email account.

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Algorithmically possible to detect COTS service usage or use of non-specific mailing addresses (PO Boxes, drop sites, etc.)