[DBWG] WHOIS filtering and the "-B" option
Keessun Fokeerah
keessun.fokeerah at afrinic.net
Fri Nov 18 10:17:10 UTC 2016
Hello,
Someone who does not know how to use the whois and does a query for an
IP resource will be told how to get the full output without any "filtered":
whois -h whois.afrinic.net AS30999
% This is the AfriNIC Whois server.
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
The AFRINIC WHOIS will actually tell you to use "-B" flag, when you did
not do so!
In fact, by using "egrep -v '^%|^$" some people are actually ignoring
this useful tip/output. Or we simply ignore the first few lines of the
output!
I hope this helps.
Regards,
Keessun
On 18/11/2016 13:53, Mark Elkins wrote:
> That was useful info.
>
> I'm beginning to think the current settings are just fine.
>
> So, Yes, without '-B' - output is filtered - and it says so. No biggie.
>
> It could make sense though if the abuse address was always provided
> without having to use the '-B' option?
>
>
> On 18/11/2016 11:39, Michel Odou wrote:
>> Hi all,
>>
>> Concerning the filtering functions (they are actually two: one that
>> filters the emails, another one that filters the authentication
>> details), there is an explanation at
>> https://www.ripe.net/publications/docs/ripe-358.
>>
>> -- begin quote:
>>
>> A filtering process restricts some data from default query results. This
>> applies to e-mail contact data. When a user is searching for abuse
>> contact data, they sometimes take all e-mail addresses found in all
>> objects returned from a query. This may include the correct address.
>> However, it often also includes many other addresses for people who are
>> not responsible for handling such complaints.
>>
>> To help overcome this issue, some attributes containing e-mail addresses
>> are filtered out of the default output. Other attributes, also
>> containing e-mail addresses, are filtered if one of the returned objects
>> includes an “abuse-mailbox:” attribute.
>>
>> -- end of quote
>>
>> So the intention behind this behavior is not to prevent spammers get the
>> email addresses. They can get them if they want - and btw, if you want
>> to update an object, the WHOIS requires you to send the complete RPSL
>> object (including emails and auth details) otherwise the update will be
>> rejected.
>>
>> On the other side, note that there is a limit on the queries to person
>> and role objects. Every IP address has a default daily limit of 5000
>> queries. If the limit is reached within 24 hours, the IP address is
>> blocked for 24 hours. If the same IP address was blocked more than 10
>> times in the last 3 months, then it will not be allowed to query the
>> WHOIS during one year.
>>
>> Some white-listed addresses are not limited but this is done on a
>> case-by-case basis.
>>
>> Regards,
>> Michel
>>
>>
>> On 18/11/2016 6:25 PM, Seun Ojedeji wrote:
>>> Well I don't use the -B option often (nevermind that I don't have
>>> need/reason to consult whois that often). I just don't see a problem we
>>> are solving by removing the filter option but I see a problem we may be
>>> solving by leaving it. No matter how little it is, not everyone uses a
>>> -B option and it just makes sense for the contact details to be filtered
>>> by default
>>>
>>> Cheers!
>>>
>>> On Fri, Nov 18, 2016 at 10:10 AM, Mark Elkins <mje at posix.co.za
>>> <mailto:mje at posix.co.za>> wrote:
>>>
>>> I usually run whois without the '-B' - realise stuff is filtered -
>>> then
>>> re-run with '-B'. Unless, as Frank asks, there is some form of rate
>>> limiting - then there is probably little point in filtering. It
>>> would
>>> be cute that if the request is from an IP address associated to the
>>> results, that any form of rate limiting is ignored - if there is rate
>>> limiting.
>>>
>>> On 18/11/2016 09:46, Alan Barrett wrote:
>>> > The AFRINIC WHOIS server “filters” results by default. It seems
>>> to delete all fields that contain
>>> email addresses.
>>> >
>>> > For example, here are two queries with and without “-B”:
>>> >
>>> > $ whois -h whois.afrinic.net <http://whois.afrinic.net>
>>> IT7-AFRINIC | egrep -v '^%|^$'
>>> > person: Infrastructure Team
>>> > address: AFRINIC Ltd
>>> > address: 11th Floor, Standard Chartered Tower
>>> > address: 19, Cybercity
>>> > address: Ebène
>>> > address: Mauritius
>>> > phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>> > nic-hdl: IT7-AFRINIC
>>> > source: AFRINIC # Filtered
>>> >
>>> > $ whois -h whois.afrinic.net <http://whois.afrinic.net> -- '-B
>>> IT7-AFRINIC' | egrep -v '^%|^$
>>> > person: Infrastructure Team
>>> > address: AFRINIC Ltd
>>> > address: 11th Floor, Standard Chartered Tower
>>> > address: 19, Cybercity
>>> > address: Ebène
>>> > address: Mauritius
>>> > phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>> > e-mail: sysadmin at afrinic.net <mailto:sysadmin at afrinic.net>
>>> > nic-hdl: IT7-AFRINIC
>>> > changed: hiba at afrinic.net <mailto:hiba at afrinic.net> 20130416
>>> > changed: radha.ramphul at afrinic.net
>>> <mailto:radha.ramphul at afrinic.net> 20160808
>>> > source: AFRINIC
>>> >
>>> > I have two questions about this:
>>> >
>>> > 1. Instead of deleting the lines that are “filtered”, would it
>>> make sense to replace them
>>> with some sort of explanation that the information has been filtered?
>>> For example, like this:
>>> >
>>> > person: Infrastructure Team
>>> > address: AFRINIC Ltd
>>> > address: 11th Floor, Standard Chartered Tower
>>> > address: 19, Cybercity
>>> > address: Ebène
>>> > address: Mauritius
>>> > phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>> > e-mail: # Filtered
>>> > nic-hdl: IT7-AFRINIC
>>> > changed: # Filtered
>>> > source: AFRINIC # Filtered
>>> >
>>> > 2. Is it useful to censor the email addresses by default? It
>>> seems to me that this adds
>>> no security (because the query can simply be repeated with the “-B”
>>> option), and reduces the usefulness.
>>> >
>>> > Alan Barrett
>>>
>>>
>>> --
>>> Mark James ELKINS - Posix Systems - (South) Africa
>>> mje at posix.co.za <mailto:mje at posix.co.za> Tel: +27.128070590
>>> <tel:%2B27.128070590> Cell: +27.826010496 <tel:%2B27.826010496>
>>> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>>>
>>>
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>> <https://lists.afrinic.net/mailman/listinfo/dbwg>
>>>
>>>
>>>
>>>
>>> --
>>> ------------------------------------------------------------------------
>>>
>>> /Seun Ojedeji,
>>> Federal University Oye-Ekiti
>>> web: http://www.fuoye.edu.ng
>>> Mobile: +2348035233535
>>> //alt email:<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
>>> <mailto:seun.ojedeji at fuoye.edu.ng>/
>>>
>>> Bringing another down does not take you up - think about your
>>> action!
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>>
>
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/dbwg
--
Best Regards
--
Keessun Fokeerah
IP Number Analyst (Hostmaster)
AFRINIC Ltd.
t: +230 403 51 00 | f: +230 466 6758 | tt: @afrinic |
w: www.afrinic.net | facebook.com/afrinic | flickr.com/afrinic | youtube.com/afrinicmedia
___________________________
AFRINIC-25 in Mauritius from 28 to 30 Nov 2016 (Free Training 25 to 27 Nov)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161118/ce984326/attachment-0001.html>
More information about the DBWG
mailing list