ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] ICANN's WDPRS has Crashed

  • To: ga@xxxxxxxxxxxxxx
  • Subject: Re: [ga] ICANN's WDPRS has Crashed
  • From: David Scott <tlda@xxxxxxxxxx>
  • Date: Thu, 28 Feb 2008 13:15:20 -0500

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Yes, you are right...<br>
<br>
bad.domain.tld&nbsp; floods<br>
whereas good.domain.tld never floods.<br>
Maybe should ban the offender for at least 1 day not more then 7 days,
and give out an email<br>
to abuse@offending domain.<br>
<br>
Jeffrey A. Williams wrote:
<blockquote cite="mid:47C6EDE0.EEAD1F4A@xxxxxxxxxxxxx" type="cite">
  <pre wrap="">David and all,

  Not a bad idea here either Dave. &gt;:)  I would modify your idea
slightly in that not to ban the offending Domain/IP perminantly
lest other ligitimate complaints be sent by same not be recognized
properly.

  ICANN should always be open, transparent and accountable
to any ligitimate complaint.

David Scott wrote:

  </pre>
  <blockquote type="cite">
    <pre wrap="">I would make a suggestion to set up a filter, based on
time-increments.
The ip / domain name is baned after 5 sequenced request within a 5 or
10 minute period.
This would stop any overload on the system, by which the system is
flooded.

I would presume that in the tables you have entries that are 1. from
the same location and 2. within a few seconds of each, if not
milliseconds.

Whether ICANN, or other root systems, abuse is abuse, and should be
dealt with accordingly.

David

Jeffrey A. Williams wrote:

    </pre>
    <blockquote type="cite">
      <pre wrap="">Dominik and all

  Good suggestion!

  Taking those same IP addresses and checking them against
spam services as well as RIR/LIR's Whois lookups so as to
determine whom those IP address are assinged to may also
be of use so that whomever these errant IP addresses are
assinged to can be contacted and made aware of the problem.
Of course doing so requires that the IP Whois databases are
accurate and up to date!  &gt;:)  One also has to take into account
for Hijacked IP's as well...  So some additional forensics may
be necessary.  Checking these IP addresses against already
*blacklisted* listing services may also aid in solving the problem
and determining which ones are suspect.  I would use
<a class="moz-txt-link-freetext" 
href="http://www.dnsstuff.com/";>http://www.dnsstuff.com/</a> to facilitate 
this.  Just a friendly
suggestion.

  If you wish Kent, send me a list of the IP's you suspect, and I
will have one of my staff do the grunt work looking these up.
Send it to me in an attached txt file if you decide to take me up
on this offer.

Dominik Filipp wrote:


      </pre>
      <blockquote type="cite">
        <pre wrap="">Kent,

It would be probably worth collecting the source IP addresses out
of
which the reports were submitted, if possible. This could help
reveal
possible sources of automated submit attempts. I can imagine
entities
interesting in disabling the system or at least in making it
practically
unmanageable.

Dominik

-----Original Message-----
From: <a class="moz-txt-link-abbreviated" 
href="mailto:owner-ga@xxxxxxxxxxxxxx";>owner-ga@xxxxxxxxxxxxxx</a> [<a 
class="moz-txt-link-freetext" 
href="mailto:owner-ga@xxxxxxxxxxxxxx";>mailto:owner-ga@xxxxxxxxxxxxxx</a>] On
Behalf
Of <a class="moz-txt-link-abbreviated" 
href="mailto:kent@xxxxxxxxx";>kent@xxxxxxxxx</a>
Sent: Thursday, February 28, 2008 12:00 AM
To: Danny Younger
Cc: <a class="moz-txt-link-abbreviated" 
href="mailto:ga@xxxxxxxxxxxxxx";>ga@xxxxxxxxxxxxxx</a>
Subject: Re: [ga] ICANN's WDPRS has Crashed

On Wed, Feb 27, 2008 at 07:53:46AM -0800, Danny Younger wrote:

        </pre>
        <blockquote type="cite">
          <pre wrap=""> I've received a report this morning that ICANN's Whois 
Data
 Problem
 Report system (WDPRS) has crashed.  I'm told that last week the
 system

 experienced a 20-30 per cent timeout failure rate (which has this
 morning reached 100 percent).

 Perhaps an update from ICANN Staff is in order.

          </pre>
        </blockquote>
        <pre wrap="">Hi Danny

The actual error I'm seeing is that a database table filled up, and
I'm
fixing that at the moment -- there are over half a million entries;
the
table is over 4 GB.

Apparently somebody has a script that submits *many* complaints,
because
the size of that table has grown enormously over the past couple of
months.  I don't have exact figures, but I suspect that recently we
are
getting on the order of 100000 complaints per month.

In the case of the WDPRS, every complaint needs to be examined by a
human being -- the consequences of deleting a good domain are
pretty
serious, and due diligence is required.  In addition, it is
relatively
common to receive malicious/mistaken complaints about perfectly
legitimate domains.

The reason for the timeouts is because the WDPRS is rate limited by
the
fact that every complaint does a whois query, and whois queries are
rate
limited by registrars and registries to prevent datamining and
other
things.

In any case, the system will be back online sometime later today;
the
rate limits will continue to be in effect.

Best Regards
Kent


        </pre>
        <blockquote type="cite">
          <pre wrap="">
          </pre>
        </blockquote>
      </blockquote>
      <pre wrap="">Regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders
strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
<a class="moz-txt-link-abbreviated" 
href="mailto:jwkckid1@xxxxxxxxxxxxx";>jwkckid1@xxxxxxxxxxxxx</a>
My Phone: 214-244-4827



      </pre>
    </blockquote>
  </blockquote>
  <pre wrap=""><!---->Regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
<a class="moz-txt-link-abbreviated" 
href="mailto:jwkckid1@xxxxxxxxxxxxx";>jwkckid1@xxxxxxxxxxxxx</a>
My Phone: 214-244-4827

  </pre>
</blockquote>
<br>
</body>
</html>



<<< Chronological Index >>>    <<< Thread Index >>>