[DBWG] WHOIS filtering and the "-B" option

Mark Elkins mje at posix.co.za
Fri Nov 18 09:53:57 UTC 2016 

That was useful info.

I'm beginning to think the current settings are just fine.

So, Yes, without '-B' - output is filtered - and it says so. No biggie.

It could make sense though if the abuse address was always provided
without having to use the '-B' option?


On 18/11/2016 11:39, Michel Odou wrote:
> Hi all,
> 
> Concerning the filtering functions (they are actually two: one that
> filters the emails, another one that filters the authentication
> details), there is an explanation at
> https://www.ripe.net/publications/docs/ripe-358.
> 
> -- begin quote:
> 
> A filtering process restricts some data from default query results. This
> applies to e-mail contact data. When a user is searching for abuse
> contact data, they sometimes take all e-mail addresses found in all
> objects returned from a query. This may include the correct address.
> However, it often also includes many other addresses for people who are
> not responsible for handling such complaints.
> 
> To help overcome this issue, some attributes containing e-mail addresses
> are filtered out of the default output. Other attributes, also
> containing e-mail addresses, are filtered if one of the returned objects
> includes an “abuse-mailbox:” attribute.
> 
> -- end of quote
> 
> So the intention behind this behavior is not to prevent spammers get the
> email addresses. They can get them if they want - and btw, if you want
> to update an object, the WHOIS requires you to send the complete RPSL
> object (including emails and auth details) otherwise the update will be
> rejected.
> 
> On the other side, note that there is a limit on the queries to person
> and role objects. Every IP address has a default daily limit of 5000
> queries. If the limit is reached within 24 hours, the IP address is
> blocked for 24 hours. If the same IP address was blocked more than 10
> times in the last 3 months, then it will not be allowed to query the
> WHOIS during one year.
> 
> Some white-listed addresses are not limited but this is done on a
> case-by-case basis.
> 
> Regards,
> Michel
> 
> 
> On 18/11/2016 6:25 PM, Seun Ojedeji wrote:
>> Well I don't use the -B option often (nevermind that I don't have
>> need/reason to consult whois that often). I just don't see a problem we
>> are solving by removing the filter option but I see a problem we may be
>> solving by leaving it. No matter how little it is, not everyone uses a
>> -B option and it just makes sense for the contact details to be filtered
>> by default
>>
>> Cheers!
>>
>> On Fri, Nov 18, 2016 at 10:10 AM, Mark Elkins <mje at posix.co.za
>> <mailto:mje at posix.co.za>> wrote:
>>
>>     I usually run whois without the '-B' - realise stuff is filtered -
>> then
>>     re-run with '-B'. Unless, as Frank asks, there is some form of rate
>>     limiting - then  there is probably little point in filtering. It
>> would
>>     be cute that if the request is from an IP address associated to the
>>     results, that any form of rate limiting is ignored - if there is rate
>>     limiting.
>>
>>     On 18/11/2016 09:46, Alan Barrett wrote:
>>     > The AFRINIC WHOIS server “filters” results by default.  It seems
>>     to delete all fields that contain
>>      email addresses.
>>     >
>>     > For example, here are two queries with and without “-B”:
>>     >
>>     > $ whois -h whois.afrinic.net <http://whois.afrinic.net>
>>     IT7-AFRINIC | egrep -v '^%|^$'
>>     > person:         Infrastructure Team
>>     > address:        AFRINIC Ltd
>>     > address:        11th Floor, Standard Chartered Tower
>>     > address:        19, Cybercity
>>     > address:        Ebène
>>     > address:        Mauritius
>>     > phone:          +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>     > nic-hdl:        IT7-AFRINIC
>>     > source:         AFRINIC # Filtered
>>     >
>>     > $ whois -h whois.afrinic.net <http://whois.afrinic.net> -- '-B
>>     IT7-AFRINIC' | egrep -v '^%|^$
>>     > person:         Infrastructure Team
>>     > address:        AFRINIC Ltd
>>     > address:        11th Floor, Standard Chartered Tower
>>     > address:        19, Cybercity
>>     > address:        Ebène
>>     > address:        Mauritius
>>     > phone:          +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>     > e-mail:         sysadmin at afrinic.net <mailto:sysadmin at afrinic.net>
>>     > nic-hdl:        IT7-AFRINIC
>>     > changed:        hiba at afrinic.net <mailto:hiba at afrinic.net> 20130416
>>     > changed:        radha.ramphul at afrinic.net
>>     <mailto:radha.ramphul at afrinic.net> 20160808
>>     > source:         AFRINIC
>>     >
>>     > I have two questions about this:
>>     >
>>     > 1. Instead of deleting the lines that are “filtered”, would it
>>     make sense to replace them
>>     with some sort of explanation that the information has been filtered?
>>     For example, like this:
>>     >
>>     > person:         Infrastructure Team
>>     > address:        AFRINIC Ltd
>>     > address:        11th Floor, Standard Chartered Tower
>>     > address:        19, Cybercity
>>     > address:        Ebène
>>     > address:        Mauritius
>>     > phone:          +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>     > e-mail:         # Filtered
>>     > nic-hdl:        IT7-AFRINIC
>>     > changed:        # Filtered
>>     > source:         AFRINIC # Filtered
>>     >
>>     > 2. Is it useful to censor the email addresses by default?  It
>>     seems to me that this adds
>>     no security (because the query can simply be repeated with the “-B”
>>     option), and reduces the usefulness.
>>     >
>>     > Alan Barrett
>>
>>
>>     --
>>     Mark James ELKINS  -  Posix Systems - (South) Africa
>>     mje at posix.co.za <mailto:mje at posix.co.za>       Tel: +27.128070590
>>     <tel:%2B27.128070590>  Cell: +27.826010496 <tel:%2B27.826010496>
>>     For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>>
>>
>>     _______________________________________________
>>     DBWG mailing list
>>     DBWG at afrinic.net <mailto:DBWG at afrinic.net>
>>     https://lists.afrinic.net/mailman/listinfo/dbwg
>>     <https://lists.afrinic.net/mailman/listinfo/dbwg>
>>
>>
>>
>>
>> -- 
>> ------------------------------------------------------------------------
>>
>>     /Seun Ojedeji,
>>     Federal University Oye-Ekiti
>>     web:      http://www.fuoye.edu.ng
>>     Mobile: +2348035233535
>>     //alt email:<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
>>     <mailto:seun.ojedeji at fuoye.edu.ng>/
>>
>>         Bringing another down does not take you up - think about your
>>         action!
>>
>>
>>
>>
>> _______________________________________________
>> DBWG mailing list
>> DBWG at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3854 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161118/219336ef/attachment.p7s>

More information about the DBWG mailing list