ICANN/DNSO
DNSO Mailling lists archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [registrars] RE: WHOIS BLUES



Bhavin,

handeling black lists of subnets is real easy, infact easyer than
blacklisting hosts, just check to see if the incomming address is within
the netmask in this case a /24. first convert the ipaddress to a long and
the netmask, and the incomming host as addr.

   (addr & mask) == net then reject the request.

if you keep a list of blacklisted networks hosts appear as {host-ip}/32 or
{host-ip}/255.255.255.255 depending on how you parse the blacklist.

for instance 65.218.40.0/24 =~ 65.218.40.0/255.255.255.0

hope this helps

-rick


On Thu, 2 May 2002, Bhavin Turakhia wrote:

> HEY WAIT A MINUTE ... i just checked ARIN on this SUBNET and Found this -
>
> SnapNames.com, Inc. (NETBLK-UU-65-218-40) UU-65-218-40
> 						   65.218.40.0 - 65.218.40.255
>
> HELLO .... WHY is SNAPNAMES SLAMMING MY WHOIS??? for EVERY one of my Domain
> Name ....
>
> bhavin
>
> > -----Original Message-----
> > From: Bhavin Turakhia [mailto:bhavin.t@directi.com]
> > Sent: Thursday, May 02, 2002 12:37 AM
> > To: Registrars@Dnso. Org
> > Cc: Dan Halloran
> > Subject: WHOIS BLUES
> >
> >
> > Hi,
> >
> > i am going thru whois blues that most of you must have gone thru
> > already. i get more hits on my whois everyday than my entire list
> > of domain names .... for instance there is this guy right now
> > slamming my whois server using multiple ip addresses from the
> > same damn subnet ... as the log below shows....
> >
> > [01 May 2002 19:09:05,463] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.188/65.218.40.188 Hash {65.218.40.188/65.218.40.188=1}
> > [01 May 2002 19:09:16,048] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.189/65.218.40.189 Hash {65.218.40.188/65.218.40.188=1,
> > 207.174.230.245/207.174.230.245=1, 65.218.40.189/65.218.40.189=1}
> > [01 May 2002 19:09:26,847] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.190/65.218.40.190 Hash
> > {213.225.132.39/213.225.132.39=1, 65.218.40.190/65.218.40.190=1}
> > [01 May 2002 19:09:35,467] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.191/65.218.40.191 Hash {65.218.40.191/65.218.40.191=1}
> > [01 May 2002 19:09:45,479] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.192/65.218.40.192 Hash {65.218.40.192/65.218.40.192=1}
> > [01 May 2002 19:10:03,610] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.193/65.218.40.193 Hash {65.218.40.193/65.218.40.193=1,
> > golem.itsyourdomain.com/63.85.86.40=1}
> > [01 May 2002 19:10:08,909] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.194/65.218.40.194 Hash {65.218.40.194/65.218.40.194=1,
> > 65.218.40.193/65.218.40.193=1}
> > [01 May 2002 19:10:15,510] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.195/65.218.40.195 Hash {65.218.40.195/65.218.40.195=1,
> > 65.218.40.194/65.218.40.194=1}
> > [01 May 2002 19:10:25,519] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.196/65.218.40.196 Hash {65.218.40.196/65.218.40.196=1}
> > [01 May 2002 19:10:36,040] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.197/65.218.40.197 Hash {65.218.40.197/65.218.40.197=1,
> > 216.168.229.6/216.168.229.6=1}
> > [01 May 2002 19:10:54,460] DEBUG WhoisServer  -++Added New Client
> > 65.218.40.198/65.218.40.198 Hash {65.218.40.198/65.218.40.198=1,
> > droid.daze.net/130.94.96.2=1}
> >
> >
> > This process becomes more and more manual - we put in a feature
> > to block an ip and here comes a subnet .... subnets we have to
> > handle manually - unlessi write some stuff to track complex
> > patterns (wonder how i would take CIDR into account to identify subnets)
> >
> > If i get whois requests for all my domains several times everyday
> > in this fashion my margins wont support my whois server bandwidth costs :)
> >
> > something should be done by icanb about this port 43 whois
> > requirement ...... maybe require eveyone who wants to use it to
> > ask the registrar for an account (username and passwd) so that
> > abuse can be tracked and stopped ....
> >
> > bhavin
>
>



<<< Chronological Index >>>    <<< Thread Index >>>