On 10/4/2010 10:05, Nathan Eisenberg wrote: > http://kestrel3.netflight.com/2010.10.04-NANOG50-morning-notes.txt > > " > Whois traffic has been going through the roof; they > added more proxies in front to support it. > Apparently, there's IP management packages that do > whois queries. It would be good to find out who is > doing it, and talk to ARIN engineering, to find a better > way of handling it. > We can't keep up if so many machines on the internet > keep doing it like this. > Source addresses are all over, they're all over, not > sign of bots; could be a DLL or mac system startup > that's doing it. > Please, don't embed whois lookups in everyone's computers > like this!! > " > > The only thing I know of is that packages like fail2ban that perform WHOIS > lookups when blocking IPs to generate abuse POC notification emails. So more > SSH bruteforce attacks = more whois lookups. >
Or the new whois doesn't scale as well as the old one. ~Seth