[DBWG] WHOIS filtering and the "-B" option
Simon Seruyinda
simon at afrinic.net
Fri Nov 18 10:51:10 UTC 2016
Hi Mark,
> On 18 Nov 2016, at 13:53, Mark Elkins <mje at posix.co.za> wrote:
>
> That was useful info.
>
> I'm beginning to think the current settings are just fine.
>
> So, Yes, without '-B' - output is filtered - and it says so. No biggie.
>
> It could make sense though if the abuse address was always provided
> without having to use the '-B’ option
The abuse-mailbox attribute is not filtered by default. So even without the -B option, the abuse email will always be shown.
See example below.
ITE-DSD4:~ simon$ whois -h whois.afrinic.net SS32-AFRINIC
% This is the AfriNIC Whois server.
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to 'SS32-AFRINIC'
person: Simon Seruyinda
address: Plot 53, Avenue Des Capuccines, Quatre Bornes, Mauritius
phone: +23058248266
fax-no: +23046667844
nic-hdl: SS32-AFRINIC
abuse-mailbox: simon at afrinic.net
mnt-by: SSIMON-MNT
source: AFRINIC # Filtered
>
> On 18/11/2016 11:39, Michel Odou wrote:
>> Hi all,
>>
>> Concerning the filtering functions (they are actually two: one that
>> filters the emails, another one that filters the authentication
>> details), there is an explanation at
>> https://www.ripe.net/publications/docs/ripe-358.
>>
>> -- begin quote:
>>
>> A filtering process restricts some data from default query results. This
>> applies to e-mail contact data. When a user is searching for abuse
>> contact data, they sometimes take all e-mail addresses found in all
>> objects returned from a query. This may include the correct address.
>> However, it often also includes many other addresses for people who are
>> not responsible for handling such complaints.
>>
>> To help overcome this issue, some attributes containing e-mail addresses
>> are filtered out of the default output. Other attributes, also
>> containing e-mail addresses, are filtered if one of the returned objects
>> includes an “abuse-mailbox:” attribute.
>>
>> -- end of quote
>>
>> So the intention behind this behavior is not to prevent spammers get the
>> email addresses. They can get them if they want - and btw, if you want
>> to update an object, the WHOIS requires you to send the complete RPSL
>> object (including emails and auth details) otherwise the update will be
>> rejected.
>>
>> On the other side, note that there is a limit on the queries to person
>> and role objects. Every IP address has a default daily limit of 5000
>> queries. If the limit is reached within 24 hours, the IP address is
>> blocked for 24 hours. If the same IP address was blocked more than 10
>> times in the last 3 months, then it will not be allowed to query the
>> WHOIS during one year.
>>
>> Some white-listed addresses are not limited but this is done on a
>> case-by-case basis.
>>
>> Regards,
>> Michel
>>
>>
>> On 18/11/2016 6:25 PM, Seun Ojedeji wrote:
>>> Well I don't use the -B option often (nevermind that I don't have
>>> need/reason to consult whois that often). I just don't see a problem we
>>> are solving by removing the filter option but I see a problem we may be
>>> solving by leaving it. No matter how little it is, not everyone uses a
>>> -B option and it just makes sense for the contact details to be filtered
>>> by default
>>>
>>> Cheers!
>>>
>>> On Fri, Nov 18, 2016 at 10:10 AM, Mark Elkins <mje at posix.co.za
>>> <mailto:mje at posix.co.za>> wrote:
>>>
>>> I usually run whois without the '-B' - realise stuff is filtered -
>>> then
>>> re-run with '-B'. Unless, as Frank asks, there is some form of rate
>>> limiting - then there is probably little point in filtering. It
>>> would
>>> be cute that if the request is from an IP address associated to the
>>> results, that any form of rate limiting is ignored - if there is rate
>>> limiting.
>>>
>>> On 18/11/2016 09:46, Alan Barrett wrote:
>>>> The AFRINIC WHOIS server “filters” results by default. It seems
>>> to delete all fields that contain
>>> email addresses.
>>>>
>>>> For example, here are two queries with and without “-B”:
>>>>
>>>> $ whois -h whois.afrinic.net <http://whois.afrinic.net>
>>> IT7-AFRINIC | egrep -v '^%|^$'
>>>> person: Infrastructure Team
>>>> address: AFRINIC Ltd
>>>> address: 11th Floor, Standard Chartered Tower
>>>> address: 19, Cybercity
>>>> address: Ebène
>>>> address: Mauritius
>>>> phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>>> nic-hdl: IT7-AFRINIC
>>>> source: AFRINIC # Filtered
>>>>
>>>> $ whois -h whois.afrinic.net <http://whois.afrinic.net> -- '-B
>>> IT7-AFRINIC' | egrep -v '^%|^$
>>>> person: Infrastructure Team
>>>> address: AFRINIC Ltd
>>>> address: 11th Floor, Standard Chartered Tower
>>>> address: 19, Cybercity
>>>> address: Ebène
>>>> address: Mauritius
>>>> phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>>> e-mail: sysadmin at afrinic.net <mailto:sysadmin at afrinic.net>
>>>> nic-hdl: IT7-AFRINIC
>>>> changed: hiba at afrinic.net <mailto:hiba at afrinic.net> 20130416
>>>> changed: radha.ramphul at afrinic.net
>>> <mailto:radha.ramphul at afrinic.net> 20160808
>>>> source: AFRINIC
>>>>
>>>> I have two questions about this:
>>>>
>>>> 1. Instead of deleting the lines that are “filtered”, would it
>>> make sense to replace them
>>> with some sort of explanation that the information has been filtered?
>>> For example, like this:
>>>>
>>>> person: Infrastructure Team
>>>> address: AFRINIC Ltd
>>>> address: 11th Floor, Standard Chartered Tower
>>>> address: 19, Cybercity
>>>> address: Ebène
>>>> address: Mauritius
>>>> phone: +230 403 51 00 <tel:%2B230%20403%2051%2000>
>>>> e-mail: # Filtered
>>>> nic-hdl: IT7-AFRINIC
>>>> changed: # Filtered
>>>> source: AFRINIC # Filtered
>>>>
>>>> 2. Is it useful to censor the email addresses by default? It
>>> seems to me that this adds
>>> no security (because the query can simply be repeated with the “-B”
>>> option), and reduces the usefulness.
>>>>
>>>> Alan Barrett
>>>
>>>
>>> --
>>> Mark James ELKINS - Posix Systems - (South) Africa
>>> mje at posix.co.za <mailto:mje at posix.co.za> Tel: +27.128070590
>>> <tel:%2B27.128070590> Cell: +27.826010496 <tel:%2B27.826010496>
>>> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>>>
>>>
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>> <https://lists.afrinic.net/mailman/listinfo/dbwg>
>>>
>>>
>>>
>>>
>>> --
>>> ------------------------------------------------------------------------
>>>
>>> /Seun Ojedeji,
>>> Federal University Oye-Ekiti
>>> web: http://www.fuoye.edu.ng
>>> Mobile: +2348035233535
>>> //alt email:<http://goog_1872880453>seun.ojedeji at fuoye.edu.ng
>>> <mailto:seun.ojedeji at fuoye.edu.ng>/
>>>
>>> Bringing another down does not take you up - think about your
>>> action!
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net
>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>>
>
> --
> Mark James ELKINS - Posix Systems - (South) Africa
> mje at posix.co.za <mailto:mje at posix.co.za> Tel: +27.128070590 Cell: +27.826010496
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za <https://ftth.posix.co.za/>
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/dbwg <https://lists.afrinic.net/mailman/listinfo/dbwg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161118/c0096e42/attachment-0001.html>
More information about the DBWG
mailing list