ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] ICANN's WDPRS has Crashed

  • To: ga@xxxxxxxxxxxxxx
  • Subject: Re: [ga] ICANN's WDPRS has Crashed
  • From: David Scott <tlda@xxxxxxxxxx>
  • Date: Thu, 28 Feb 2008 09:02:07 -0500


I would make a suggestion to set up a filter, based on time-increments.
The ip / domain name is baned after 5 sequenced request within a 5 or 10 minute period.
This would stop any overload on the system, by which the system is flooded.

I would presume that in the tables you have entries that are 1. from the same location and 2. within a few seconds of each, if not milliseconds.

Whether ICANN, or other root systems, abuse is abuse, and should be dealt with accordingly.

David

Jeffrey A. Williams wrote:
Dominik and all

  Good suggestion!

  Taking those same IP addresses and checking them against
spam services as well as RIR/LIR's Whois lookups so as to
determine whom those IP address are assinged to may also
be of use so that whomever these errant IP addresses are
assinged to can be contacted and made aware of the problem.
Of course doing so requires that the IP Whois databases are
accurate and up to date!  >:)  One also has to take into account
for Hijacked IP's as well...  So some additional forensics may
be necessary.  Checking these IP addresses against already
*blacklisted* listing services may also aid in solving the problem
and determining which ones are suspect.  I would use
http://www.dnsstuff.com/ to facilitate this.  Just a friendly suggestion.

  If you wish Kent, send me a list of the IP's you suspect, and I
will have one of my staff do the grunt work looking these up.
Send it to me in an attached txt file if you decide to take me up
on this offer.

Dominik Filipp wrote:

Kent,

It would be probably worth collecting the source IP addresses out of
which the reports were submitted, if possible. This could help reveal
possible sources of automated submit attempts. I can imagine entities
interesting in disabling the system or at least in making it practically
unmanageable.

Dominik

-----Original Message-----
From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf
Of kent@xxxxxxxxx
Sent: Thursday, February 28, 2008 12:00 AM
To: Danny Younger
Cc: ga@xxxxxxxxxxxxxx
Subject: Re: [ga] ICANN's WDPRS has Crashed

On Wed, Feb 27, 2008 at 07:53:46AM -0800, Danny Younger wrote:
I've received a report this morning that ICANN's Whois Data Problem
Report system (WDPRS) has crashed.  I'm told that last week the system
experienced a 20-30 per cent timeout failure rate (which has this
morning reached 100 percent).

Perhaps an update from ICANN Staff is in order.
Hi Danny

The actual error I'm seeing is that a database table filled up, and I'm
fixing that at the moment -- there are over half a million entries; the
table is over 4 GB.

Apparently somebody has a script that submits *many* complaints, because
the size of that table has grown enormously over the past couple of
months.  I don't have exact figures, but I suspect that recently we are
getting on the order of 100000 complaints per month.

In the case of the WDPRS, every complaint needs to be examined by a
human being -- the consequences of deleting a good domain are pretty
serious, and due diligence is required.  In addition, it is relatively
common to receive malicious/mistaken complaints about perfectly
legitimate domains.

The reason for the timeouts is because the WDPRS is rate limited by the
fact that every complaint does a whois query, and whois queries are rate
limited by registrars and registries to prevent datamining and other
things.

In any case, the system will be back online sometime later today; the
rate limits will continue to be in effect.

Best Regards
Kent




Regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827





<<< Chronological Index >>>    <<< Thread Index >>>