Service:
whois
Protocol:
TCPPort:
43Used for:
Domain name and IP address lookup serviceWhy It’s Open
Port 43 hosts WHOIS services for domain name and IP address lookups. It provides registration and ownership information for domains and network blocks.
Common Risks
- Information disclosure
Reveals domain ownership and contact details - Data harvesting
Bulk queries for reconnaissance - Privacy violations
Exposes personal information of registrants - Resource exhaustion
High-volume queries can overwhelm service - Rate limiting bypass
Distributed queries to avoid restrictions
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Service Detection:
nmap -sV -p 43Domain Query:
whois example.comIP Query:
whois 8.8.8.8Manual Query:
echo 'example.com' | nc 43What to Look For
| Checkpoint | What it means |
|---|---|
| Service type | Domain vs IP WHOIS server |
| Rate limiting | Query throttling mechanisms |
| Data format | Response structure and information provided |
| Access controls | Authentication or IP restrictions |
Mitigation
- Implement rate limiting
Throttle queries per IP address - Access controls
Restrict queries to authorized sources - Data minimization
Limit exposed personal information - Monitor queries
Log and analyze WHOIS requests - Proxy protection
Use intermediary services for public access
TL;DR
- Port 43 = WHOIS Protocol service
- Protocol: TCP
- Used for: Domain name and IP address lookup service
- Security focus: Proper configuration and monitoring required
Known CVEs and Exploits
- CVE-2002-0409 – WHOIS server buffer overflow vulnerability
- Information disclosure risks – Excessive domain and IP address information leakage
- Rate limiting bypass – Circumvention of query restrictions for reconnaissance
- Privacy concerns – Personal information exposure through domain registration data