Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)

• Previous message (by thread): Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)
• Next message (by thread): Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/4/2010 10:05, Nathan Eisenberg wrote:
> http://kestrel3.netflight.com/2010.10.04-NANOG50-morning-notes.txt
> 
> "
> Whois traffic has been going through the roof; they
> added more proxies in front to support it.
> Apparently, there's IP management packages that do
> whois queries.  It would be good to find out who is
> doing it, and talk to ARIN engineering, to find a better
> way of handling it.
> We can't keep up if so many machines on the internet
> keep doing it like this.
> Source addresses are all over, they're all over, not
> sign of bots; could be a DLL or mac system startup
> that's doing it.
> Please, don't embed whois lookups in everyone's computers
> like this!!
> "
> 
> The only thing I know of is that packages like fail2ban that perform WHOIS lookups when blocking IPs to generate abuse POC notification emails.  So more SSH bruteforce attacks = more whois lookups.
> 


Or the new whois doesn't scale as well as the old one.

~Seth

• Previous message (by thread): Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)
• Next message (by thread): Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]