Re: [ga] ICANN's WDPRS has Crashed

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Dominik and all

  Good suggestion!

  Taking those same IP addresses and checking them against
spam services as well as RIR/LIR's Whois lookups so as to
determine whom those IP address are assinged to may also
be of use so that whomever these errant IP addresses are
assinged to can be contacted and made aware of the problem.
Of course doing so requires that the IP Whois databases are
accurate and up to date!  >:)  One also has to take into account
for Hijacked IP's as well...  So some additional forensics may
be necessary.  Checking these IP addresses against already
*blacklisted* listing services may also aid in solving the problem
and determining which ones are suspect.  I would use
http://www.dnsstuff.com/ to facilitate this.  Just a friendly suggestion.

  If you wish Kent, send me a list of the IP's you suspect, and I
will have one of my staff do the grunt work looking these up.
Send it to me in an attached txt file if you decide to take me up
on this offer.

Dominik Filipp wrote:

> Kent,
>
> It would be probably worth collecting the source IP addresses out of
> which the reports were submitted, if possible. This could help reveal
> possible sources of automated submit attempts. I can imagine entities
> interesting in disabling the system or at least in making it practically
> unmanageable.
>
> Dominik
>
> -----Original Message-----
> From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf
> Of kent@xxxxxxxxx
> Sent: Thursday, February 28, 2008 12:00 AM
> To: Danny Younger
> Cc: ga@xxxxxxxxxxxxxx
> Subject: Re: [ga] ICANN's WDPRS has Crashed
>
> On Wed, Feb 27, 2008 at 07:53:46AM -0800, Danny Younger wrote:
> >
> > I've received a report this morning that ICANN's Whois Data Problem
> > Report system (WDPRS) has crashed.  I'm told that last week the system
>
> > experienced a 20-30 per cent timeout failure rate (which has this
> > morning reached 100 percent).
> >
> > Perhaps an update from ICANN Staff is in order.
>
> Hi Danny
>
> The actual error I'm seeing is that a database table filled up, and I'm
> fixing that at the moment -- there are over half a million entries; the
> table is over 4 GB.
>
> Apparently somebody has a script that submits *many* complaints, because
> the size of that table has grown enormously over the past couple of
> months.  I don't have exact figures, but I suspect that recently we are
> getting on the order of 100000 complaints per month.
>
> In the case of the WDPRS, every complaint needs to be examined by a
> human being -- the consequences of deleting a good domain are pretty
> serious, and due diligence is required.  In addition, it is relatively
> common to receive malicious/mistaken complaints about perfectly
> legitimate domains.
>
> The reason for the timeouts is because the WDPRS is rate limited by the
> fact that every complaint does a whois query, and whois queries are rate
> limited by registrars and registries to prevent datamining and other
> things.
>
> In any case, the system will be back online sometime later today; the
> rate limits will continue to be in effect.
>
> Best Regards
> Kent
>
> >
> >
> >
> >

Regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827