Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)
Seth Mattinen
sethm at rollernet.us
Mon Oct 4 17:25:29 UTC 2010
On 10/4/2010 10:05, Nathan Eisenberg wrote:
> http://kestrel3.netflight.com/2010.10.04-NANOG50-morning-notes.txt
>
> "
> Whois traffic has been going through the roof; they
> added more proxies in front to support it.
> Apparently, there's IP management packages that do
> whois queries. It would be good to find out who is
> doing it, and talk to ARIN engineering, to find a better
> way of handling it.
> We can't keep up if so many machines on the internet
> keep doing it like this.
> Source addresses are all over, they're all over, not
> sign of bots; could be a DLL or mac system startup
> that's doing it.
> Please, don't embed whois lookups in everyone's computers
> like this!!
> "
>
> The only thing I know of is that packages like fail2ban that perform WHOIS lookups when blocking IPs to generate abuse POC notification emails. So more SSH bruteforce attacks = more whois lookups.
>
Or the new whois doesn't scale as well as the old one.
~Seth
More information about the NANOG
mailing list