WHOIS db datamining
Scott Francis
darkuncle at darkuncle.net
Mon Feb 11 19:20:34 UTC 2002
Apologies for starting a new thread - I seem to recall one recently regarding
somebody who was having difficulty making more than X requests per Y seconds
to the WHOIS servers (receiving disconnects). Received a spam recently from
212.171.42.117 offering the contents of .com/.net/.org/.edu on 4 CDs (reported
to the usual sources - spamcop, abuse at domain, abuse at upstream, and in this case,
abuse at internic.net (see below) ).
My annoyance at receiving a spam is fairly limited - I have become used to it
by now. However, I am curious - the WHOIS servers (some of them, anyway) contain
a statement in the connect message that explicitly prohibits commercial use of
the registry. And IIRC that earlier thread, too many connection attempts from a
single location in a certain amount of time would cause a disconnect
(presumably to thwart this very type of datamining).
====
"By submitting a WHOIS query, you agree that you will use this Data only for
lawful purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems)."
====
Is NetSol/VeriSign serious about enforcing this? Are they willing to
blackhole abusers? One would think it would be a trivial matter to engineer
the servers such that more than X attempts per Y seconds either results in
a block (temporary or permanent) or flags the activity for later review (a la
IDS). Perhaps I am vastly oversimplifying such a task.
I sent my concerns to NetSol's abuse department already, but I hold little
hope of that achieving anything of lasting significance. I was really hoping
to get either "been there, done that", "try X" or even "this is off-topic -
stop polluting the list" from those of you that have been down this road
before.
--
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
More information about the NANOG
mailing list