North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

WHOIS db datamining

  • From: Scott Francis
  • Date: Mon Feb 11 14:22:51 2002

Apologies for starting a new thread - I seem to recall one recently regarding
somebody who was having difficulty making more than X requests per Y seconds
to the WHOIS servers (receiving disconnects). Received a spam recently from offering the contents of .com/.net/.org/.edu on 4 CDs (reported
to the usual sources - spamcop, [email protected], [email protected], and in this case,
[email protected] (see below) ).

My annoyance at receiving a spam is fairly limited - I have become used to it
by now. However, I am curious - the WHOIS servers (some of them, anyway) contain
a statement in the connect message that explicitly prohibits commercial use of
the registry. And IIRC that earlier thread, too many connection attempts from a
single location in a certain amount of time would cause a disconnect
(presumably to thwart this very type of datamining).

"By submitting a WHOIS query, you agree that you will use this Data only for
lawful purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or  (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems)."

Is NetSol/VeriSign serious about enforcing this? Are they willing to
blackhole abusers? One would think it would be a trivial matter to engineer
the servers such that more than X attempts per Y seconds either results in
a block (temporary or permanent) or flags the activity for later review (a la
IDS). Perhaps I am vastly oversimplifying such a task.

I sent my concerns to NetSol's abuse department already, but I hold little
hope of that achieving anything of lasting significance. I was really hoping
to get either "been there, done that", "try X" or even "this is off-topic -
stop polluting the list" from those of you that have been down this road

Scott Francis                   [email protected] [home:] d a r k u n c l e . n e t
Systems/Network Manager          [email protected] [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui