Re: [registrars] Whois

[erlich@netscott.com (Larry Erlich)]

Ross,

Didn't Tucows used to have a block on NSI servers
from accessing your Opensrs whois for the same reason? I seem to remember
never being able to do a whois on an Opensrs domain when querying
whois.networksolutions.com. It appears that it was just lifted within
the last week? 

(For the record we also block by IP addresses if we
determine that people are mining a-z domains and the operator of
the whois server is not blocking on their end.)

Larry Erlich

> elana broitman wrote:
> 
> Dear Ross -
> 
> I wanted to get back to you as quickly as possible regarding your
> question as to why register.com
> is blocking access to its WHOIS database from certain IP addresses,
> the
> specific range of which you had identified.  Since receiving these
> ranges
> from you at 6:00 p.m. yesterday, our network engineers have looked
> into the matter and reported that we are currently blocking access to
> our
> WHOIS database from certain IP addresses within that range (we have
> left out
> the actual IP addresses from this email to protect your security, but
> will
> send them to you in a separate email).
> 
> As you are undoubtedly aware, like all internet domain name
> registrars,
> register.com depends upon a computer system that, among other things,
> is
> both responsive to the demands of the domain name registration
> process, and
> provides timely information to register.com's customer service team.
> In
> order to protect against significant degradation of system processing
> and
> response time, register.com's systems are programmed to deny access to
> identified sources of high volume traffic.
> 
> The addresses in question have been blocked due to high volume traffic
> into
> register.com's system which appears to have been an automated
> dictionary
> based search of domain names.  A short example of the types of queries
> we
> received is set forth at the bottom of this email (again with the
> specific
> IP addresses redacted).  While we recognize that this behavior was
> most
> likely commenced by a Tucows customer or reseller, and not by Tucows
> itself,
> until we receive adequate assurances that Tucows has controls in place
> to prevent such pernicious behavior in the
> future, in order to protect our computer systems, we have no choice
> but to
> keep the addresses blocked.  I suggest that members of your technical
> staff
> investigate the source of this behavior on your end and communicate
> your findings back to us.
> In order to facilitate matters, I am happy to put them in touch
> directly with their counterparts at register.com.
> 
> Assuming our technical staff is able to get comfortable that proper
> controls
> are in place to prevent similar future conduct with respect to queries
> to
> our WHOIS database via these Tucows related IP addresses, register.com
> is
> prepared to restore access to register.com's computer system to these
> Tucows' network hosts.  Please note, however, that notwithstanding any
> future restoration of access, register.com reserves the right to block
> access if these network hosts are again identified as a source of high
> volume traffic that might threaten register.com's system processing or
> response time.
> 
> We appreciate that, notwithstanding your initial communication on the
> subject, you have worked with us productively during our investigation
> of
> this matter.  Still, with regard to your earlier assertions that
> register.com's policy of blocking sources of high volume traffic is
> "arbitrary" and "capricious" and somehow constitutes a contravention
> of
> ICANN policy, I feel compelled, for the record, to direct your
> attention to
> the Amicus Curiae submission ICANN made in connection with our
> litigation
> against Verio.  See
> http://www.icann.org/registrars/register.com-verio/amicus-22sep00.htm
> (acknowledging that high volume traffic directed at a registrar's
> systems is
> "a threat to the stable operation of the registration system").  As
> you may
> be aware, that litigation concerned, among other things, the propriety
> of
> Verio's submission of a large number of WHOIS queries to our WHOIS
> database
> and we prevailed on each of our claims.
> 
> That said, I am confident that by cooperating to uncover the source of
> the
> bad conduct in question, our two companies can work this matter out
> and
> ensure that the proper protections for each of our computer systems is
> not
> compromised.  I look forward to hearing from you.
> 
> Kind regards,
> 
> Elana Broitman
> Director, Policy and Public Affairs
> register.com
> 575 Eighth Avenue
> New York, NY 10018
> (212) 798-9100
> (212) 594-9876
> ebroitman@register.com
> 
> ____________________________________________________
> 
> Fri Jun 1 13:39:15 2001 ip=[------------] domain=[crazyswedes.net]
> found
> Fri Jun 1 13:39:55 2001 ip=[------------] domain=[crazythings.net]
> found
> Fri Jun 1 13:40:15 2001 ip=[------------] domain=[crazytom.net] found
> Fri Jun 1 13:40:58 2001 ip=[------------] domain=[crazytrane.net]
> found
> Fri Jun 1 13:42:31 2001 ip=[------------]
> domain=[crazywearcompany.net]
> found
> Fri Jun 1 13:44:03 2001 ip=[------------] domain=[crazz.net] found
> Fri Jun 1 13:45:13 2001 ip=[------------] domain=[crbel.net] found
> Fri Jun 1 13:45:17 2001 ip=[------------] domain=[crbell.net] found
> Fri Jun 1 13:45:58 2001 ip=[------------] domain=[crbu.net] found
> Fri Jun 1 13:47:28 2001 ip=[------------] domain=[crcdepot.net] found
>