Re: [ga] ICANN's WDPRS has Crashed

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

David and all,

  Not a bad idea here either Dave. >:)  I would modify your idea
slightly in that not to ban the offending Domain/IP perminantly
lest other ligitimate complaints be sent by same not be recognized
properly.

  ICANN should always be open, transparent and accountable
to any ligitimate complaint.

David Scott wrote:

>
> I would make a suggestion to set up a filter, based on
> time-increments.
> The ip / domain name is baned after 5 sequenced request within a 5 or
> 10 minute period.
> This would stop any overload on the system, by which the system is
> flooded.
>
> I would presume that in the tables you have entries that are 1. from
> the same location and 2. within a few seconds of each, if not
> milliseconds.
>
> Whether ICANN, or other root systems, abuse is abuse, and should be
> dealt with accordingly.
>
> David
>
> Jeffrey A. Williams wrote:
>
>> Dominik and all
>>
>>   Good suggestion!
>>
>>   Taking those same IP addresses and checking them against
>> spam services as well as RIR/LIR's Whois lookups so as to
>> determine whom those IP address are assinged to may also
>> be of use so that whomever these errant IP addresses are
>> assinged to can be contacted and made aware of the problem.
>> Of course doing so requires that the IP Whois databases are
>> accurate and up to date!  >:)  One also has to take into account
>> for Hijacked IP's as well...  So some additional forensics may
>> be necessary.  Checking these IP addresses against already
>> *blacklisted* listing services may also aid in solving the problem
>> and determining which ones are suspect.  I would use
>> http://www.dnsstuff.com/ to facilitate this.  Just a friendly
>> suggestion.
>>
>>   If you wish Kent, send me a list of the IP's you suspect, and I
>> will have one of my staff do the grunt work looking these up.
>> Send it to me in an attached txt file if you decide to take me up
>> on this offer.
>>
>> Dominik Filipp wrote:
>>
>>
>> > Kent,
>> >
>> > It would be probably worth collecting the source IP addresses out
>> > of
>> > which the reports were submitted, if possible. This could help
>> > reveal
>> > possible sources of automated submit attempts. I can imagine
>> > entities
>> > interesting in disabling the system or at least in making it
>> > practically
>> > unmanageable.
>> >
>> > Dominik
>> >
>> > -----Original Message-----
>> > From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On
>> > Behalf
>> > Of kent@xxxxxxxxx
>> > Sent: Thursday, February 28, 2008 12:00 AM
>> > To: Danny Younger
>> > Cc: ga@xxxxxxxxxxxxxx
>> > Subject: Re: [ga] ICANN's WDPRS has Crashed
>> >
>> > On Wed, Feb 27, 2008 at 07:53:46AM -0800, Danny Younger wrote:
>> >
>> >>  I've received a report this morning that ICANN's Whois Data
>> >>  Problem
>> >>  Report system (WDPRS) has crashed.  I'm told that last week the
>> >>  system
>> >>
>> >>  experienced a 20-30 per cent timeout failure rate (which has this
>> >>  morning reached 100 percent).
>> >>
>> >>  Perhaps an update from ICANN Staff is in order.
>> >>
>> > Hi Danny
>> >
>> > The actual error I'm seeing is that a database table filled up, and
>> > I'm
>> > fixing that at the moment -- there are over half a million entries;
>> > the
>> > table is over 4 GB.
>> >
>> > Apparently somebody has a script that submits *many* complaints,
>> > because
>> > the size of that table has grown enormously over the past couple of
>> > months.  I don't have exact figures, but I suspect that recently we
>> > are
>> > getting on the order of 100000 complaints per month.
>> >
>> > In the case of the WDPRS, every complaint needs to be examined by a
>> > human being -- the consequences of deleting a good domain are
>> > pretty
>> > serious, and due diligence is required.  In addition, it is
>> > relatively
>> > common to receive malicious/mistaken complaints about perfectly
>> > legitimate domains.
>> >
>> > The reason for the timeouts is because the WDPRS is rate limited by
>> > the
>> > fact that every complaint does a whois query, and whois queries are
>> > rate
>> > limited by registrars and registries to prevent datamining and
>> > other
>> > things.
>> >
>> > In any case, the system will be back online sometime later today;
>> > the
>> > rate limits will continue to be in effect.
>> >
>> > Best Regards
>> > Kent
>> >
>> >
>> >>
>> >>
>> Regards,
>>
>> Spokesman for INEGroup LLA. - (Over 277k members/stakeholders
>> strong!)
>> "Obedience of the law is the greatest freedom" -
>>    Abraham Lincoln
>>
>> "Credit should go with the performance of duty and not with what is
>> very often the accident of glory" - Theodore Roosevelt
>>
>> "If the probability be called P; the injury, L; and the burden, B;
>> liability depends upon whether B is less than L multiplied by
>> P: i.e., whether B is less than PL."
>> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>> ===============================================================
>> Updated 1/26/04
>> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
>> div. of Information Network Eng.  INEG. INC.
>> ABA member in good standing member ID 01257402 E-Mail
>> jwkckid1@xxxxxxxxxxxxx
>> My Phone: 214-244-4827
>>
>>
>>
Regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827