nanog mailing list archives
Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted)
From: Seth Mattinen <sethm () rollernet us>
Date: Mon, 04 Oct 2010 10:25:29 -0700
On 10/4/2010 10:05, Nathan Eisenberg wrote:
http://kestrel3.netflight.com/2010.10.04-NANOG50-morning-notes.txt " Whois traffic has been going through the roof; they added more proxies in front to support it. Apparently, there's IP management packages that do whois queries. It would be good to find out who is doing it, and talk to ARIN engineering, to find a better way of handling it. We can't keep up if so many machines on the internet keep doing it like this. Source addresses are all over, they're all over, not sign of bots; could be a DLL or mac system startup that's doing it. Please, don't embed whois lookups in everyone's computers like this!! " The only thing I know of is that packages like fail2ban that perform WHOIS lookups when blocking IPs to generate abuse POC notification emails. So more SSH bruteforce attacks = more whois lookups.
Or the new whois doesn't scale as well as the old one. ~Seth
Current thread:
- Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) Nathan Eisenberg (Oct 04)
- Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) Seth Mattinen (Oct 04)
- Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) John Curran (Oct 04)
- Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) David Conrad (Oct 04)
- Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) Mark Kosters (Oct 04)
- Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) John Curran (Oct 04)
- Re: Whois lookups (was: 2010.10.04 NANOG50 day 1 morning notes posted) Seth Mattinen (Oct 04)