ICANN/DNSO
DNSO Mailling lists archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

[registrars] WHOIS BLUES


Hi,

i am going thru whois blues that most of you must have gone thru already. i
get more hits on my whois everyday than my entire list of domain names ....
for instance there is this guy right now slamming my whois server using
multiple ip addresses from the same damn subnet ... as the log below
shows....

[01 May 2002 19:09:05,463] DEBUG WhoisServer  -++Added New Client
65.218.40.188/65.218.40.188 Hash {65.218.40.188/65.218.40.188=1}
[01 May 2002 19:09:16,048] DEBUG WhoisServer  -++Added New Client
65.218.40.189/65.218.40.189 Hash {65.218.40.188/65.218.40.188=1,
207.174.230.245/207.174.230.245=1, 65.218.40.189/65.218.40.189=1}
[01 May 2002 19:09:26,847] DEBUG WhoisServer  -++Added New Client
65.218.40.190/65.218.40.190 Hash {213.225.132.39/213.225.132.39=1,
65.218.40.190/65.218.40.190=1}
[01 May 2002 19:09:35,467] DEBUG WhoisServer  -++Added New Client
65.218.40.191/65.218.40.191 Hash {65.218.40.191/65.218.40.191=1}
[01 May 2002 19:09:45,479] DEBUG WhoisServer  -++Added New Client
65.218.40.192/65.218.40.192 Hash {65.218.40.192/65.218.40.192=1}
[01 May 2002 19:10:03,610] DEBUG WhoisServer  -++Added New Client
65.218.40.193/65.218.40.193 Hash {65.218.40.193/65.218.40.193=1,
golem.itsyourdomain.com/63.85.86.40=1}
[01 May 2002 19:10:08,909] DEBUG WhoisServer  -++Added New Client
65.218.40.194/65.218.40.194 Hash {65.218.40.194/65.218.40.194=1,
65.218.40.193/65.218.40.193=1}
[01 May 2002 19:10:15,510] DEBUG WhoisServer  -++Added New Client
65.218.40.195/65.218.40.195 Hash {65.218.40.195/65.218.40.195=1,
65.218.40.194/65.218.40.194=1}
[01 May 2002 19:10:25,519] DEBUG WhoisServer  -++Added New Client
65.218.40.196/65.218.40.196 Hash {65.218.40.196/65.218.40.196=1}
[01 May 2002 19:10:36,040] DEBUG WhoisServer  -++Added New Client
65.218.40.197/65.218.40.197 Hash {65.218.40.197/65.218.40.197=1,
216.168.229.6/216.168.229.6=1}
[01 May 2002 19:10:54,460] DEBUG WhoisServer  -++Added New Client
65.218.40.198/65.218.40.198 Hash {65.218.40.198/65.218.40.198=1,
droid.daze.net/130.94.96.2=1}


This process becomes more and more manual - we put in a feature to block an
ip and here comes a subnet .... subnets we have to handle manually - unlessi
write some stuff to track complex patterns (wonder how i would take CIDR
into account to identify subnets)

If i get whois requests for all my domains several times everyday in this
fashion my margins wont support my whois server bandwidth costs :)

something should be done by icanb about this port 43 whois requirement
...... maybe require eveyone who wants to use it to ask the registrar for an
account (username and passwd) so that abuse can be tracked and stopped ....

bhavin




<<< Chronological Index >>>    <<< Thread Index >>>