Who Is

NICNAME, commonly referred to as WHOIS, is a protocol used to query databases that store information about registered users or assignees of an Internet resource, such as domain names or IP addresses. It operates over port 43 and is essential for obtaining contact and ownership details of these resources. The service is widely used by network administrators, security professionals, and domain registrars.

What is Who Is

NICNAME, more commonly known as WHOIS, is a protocol that allows users to query databases to obtain information about the registered users or assignees of Internet resources. These resources typically include domain names, IP addresses, and autonomous system numbers. The protocol operates over port 43 and has been a fundamental part of Internet infrastructure since its inception.

The WHOIS protocol was originally developed in the early 1980s as part of the ARPANET project, which later evolved into the modern Internet. It was designed to provide a simple, standardized way to look up information about network resources. Over the years, WHOIS has become an essential tool for network administrators, security professionals, and domain registrars, helping them manage and secure their networks.

WHOIS queries typically return information such as the name, address, and contact details of the resource owner, as well as technical and administrative contacts. This information is crucial for resolving technical issues, investigating security incidents, and ensuring compliance with Internet governance policies. Despite its importance, the WHOIS protocol has faced criticism for its lack of privacy protections, leading to ongoing efforts to develop more secure and privacy-respecting alternatives.

Who Is runs on TCP and UDP port 43 and is official IANA port.

Security risk

If port 43 is open and the WHOIS service is running, it can expose sensitive information about the network's resources and their owners. This information can be exploited by malicious actors for social engineering attacks, spamming, or other nefarious activities. It is crucial to secure WHOIS servers and limit access to trusted users to mitigate these risks.

In our UFW tutorial you can follow instructions how you can configure UFW to close port 43. Use StackChanges to monitor if the Who Is port is closed and stays closed. StackChanges will send an alert if port 43 is open again.