Apparently, somebody @ RIPE NCC thinks that I have been too curious of late. How long should it take for this error to go away? ============================================================================= % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf %ERROR:201: access denied for 69.62.255.118 % % Queries from your IP address have passed the daily limit of controlled objects. % Access from your host has been temporarily denied. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-2... % This query was served by the RIPE Database Query Service version 1.76 (DB-2) ============================================================================= I have already written to ripe-dbm@ripe.net asking about this and have received no reply. And anyway, can anyone here explain to me what the point is of limiting WHOIS queries based on the source IP address? As far as I can see, this only has the effect of slowing down or blocking the work of legitimate researchers, such as myself. Anybody who knows anything about the Internet should know that an IP-address based throttling system would be almost entirely ineffective against anyone who was seriously determined to perform bulk harvesting of the RIPE data base via port 43 (or via port 80 for that matter). It seems that I am being slowed down, blocked, and penalized for the sin of having a static IP address, even while any other fool on the planet who has a dynamically-assigned broadband IP, or even a dial-up line, and who knows how to disconnect an reconnect can easily slurp all of the RIPE data they want, with no real limits. In what universe is this non-stupid? More to the point, who is it, specifically, within RIPE NCC, that has the authority to fix this? Regards, rfg P.S. More stupidity: Based on the text at the URL provided in the error mesage (see above) the goal of the rate limiting seems to be to prevent harvesters from collecting too much "contact information". OK. Fine. But the text on that web page also says that using the -r option with the WHOIS queries will prevent such contact information from being returned, thus eliminating the issue... or so one would think. But why then is it the case that once my IP address has hit its head against this daily limit, I am not even allowed anymore to even make any more ``safe'' queries with the -r option? I am now locked out completely. Why? Sigh. I guess that I need to go and drag my old 96Kb modem down out of the closet, dust it off, and get myself a free dial-up AOL account so that I can work around all of this stupidity.
On Mon, 17 Nov 2014, Ronald F. Guilmette wrote: Use the -r flag for your queries to avoid beeing blocked, you have requested to many person-objects probably.
Apparently, somebody @ RIPE NCC thinks that I have been too curious of late.
How long should it take for this error to go away?
============================================================================= % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
%ERROR:201: access denied for 69.62.255.118 % % Queries from your IP address have passed the daily limit of controlled objects. % Access from your host has been temporarily denied. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-2...
% This query was served by the RIPE Database Query Service version 1.76 (DB-2) =============================================================================
I have already written to ripe-dbm@ripe.net asking about this and have received no reply.
And anyway, can anyone here explain to me what the point is of limiting WHOIS queries based on the source IP address?
As far as I can see, this only has the effect of slowing down or blocking the work of legitimate researchers, such as myself. Anybody who knows anything about the Internet should know that an IP-address based throttling system would be almost entirely ineffective against anyone who was seriously determined to perform bulk harvesting of the RIPE data base via port 43 (or via port 80 for that matter).
It seems that I am being slowed down, blocked, and penalized for the sin of having a static IP address, even while any other fool on the planet who has a dynamically-assigned broadband IP, or even a dial-up line, and who knows how to disconnect an reconnect can easily slurp all of the RIPE data they want, with no real limits.
In what universe is this non-stupid?
More to the point, who is it, specifically, within RIPE NCC, that has the authority to fix this?
Regards, rfg
P.S. More stupidity: Based on the text at the URL provided in the error mesage (see above) the goal of the rate limiting seems to be to prevent harvesters from collecting too much "contact information". OK. Fine. But the text on that web page also says that using the -r option with the WHOIS queries will prevent such contact information from being returned, thus eliminating the issue... or so one would think.
But why then is it the case that once my IP address has hit its head against this daily limit, I am not even allowed anymore to even make any more ``safe'' queries with the -r option? I am now locked out completely. Why?
Sigh. I guess that I need to go and drag my old 96Kb modem down out of the closet, dust it off, and get myself a free dial-up AOL account so that I can work around all of this stupidity.
-- Mvh Fredrik Widell Resilans AB http://www.resilans.se/ mail: info@resilans.se , fredrik@resilans.se
On Mon, Nov 17, 2014 at 01:55:10PM -0800, Ronald F. Guilmette wrote:
% Queries from your IP address have passed the daily limit of controlled objects. % Access from your host has been temporarily denied. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-2...
This is a limit on "person:" objects, NCC's idea of data protection. Don't think you'd like my solution for this though, I wouldn't allow anyone who isn't a) identifiable and b) contracted access to personally identifying data. I also believe you accessing this constitutes an export to a non-EU country, something not allowed under the EU DPD. (not your problem but the NCC's) rgds, Sascha Luck
In message <20141117224139.GA91687@cilantro.c4inet.net>, "Sascha Luck [ml]" <aawg@c4inet.net> wrote:
On Mon, Nov 17, 2014 at 01:55:10PM -0800, Ronald F. Guilmette wrote:
% Queries from your IP address have passed the daily limit of controlled obje cts. % Access from your host has been temporarily denied. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-2... 1-access-denied
This is a limit on "person:" objects, NCC's idea of data protection.
Apparently.
Don't think you'd like my solution for this though, I wouldn't allow anyone who isn't a) identifiable and b) contracted access to personally identifying data.
I would be perfectly OK with (a). In fact, accessing this service only via individual password-protected accounts seems to me to be the only rational way to _actually_ protect the data from mass harvesting. Regarding (b) I would be OK with that too, as long as the contract in question required me to pay only zero dollars... er... I mean zero euros. Regards, rfg
I remember someone having this issue last year and as far i remember he was not able to get ripe to unblock him so i think you are out of luck. On Mon, Nov 17, 2014 at 10:51 PM, Ronald F. Guilmette <rfg@tristatelogic.com
wrote:
In message <20141117224139.GA91687@cilantro.c4inet.net>, "Sascha Luck [ml]" <aawg@c4inet.net> wrote:
On Mon, Nov 17, 2014 at 01:55:10PM -0800, Ronald F. Guilmette wrote:
% Queries from your IP address have passed the daily limit of controlled obje cts. % Access from your host has been temporarily denied. % For more information, see %
http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-2... 1-access-denied
This is a limit on "person:" objects, NCC's idea of data protection.
Apparently.
Don't think you'd like my solution for this though, I wouldn't allow anyone who isn't a) identifiable and b) contracted access to personally identifying data.
I would be perfectly OK with (a). In fact, accessing this service only via individual password-protected accounts seems to me to be the only rational way to _actually_ protect the data from mass harvesting.
Regarding (b) I would be OK with that too, as long as the contract in question required me to pay only zero dollars... er... I mean zero euros.
Regards, rfg
Ronald F. Guilmette wrote:
Apparently, somebody @ RIPE NCC thinks that I have been too curious of late.
s/somebody/something/ :-)
How long should it take for this error to go away?
About a day, I guess, unless you continue to hammer along... [...]
And anyway, can anyone here explain to me what the point is of limiting WHOIS queries based on the source IP address?
Some sort of (weak, we all know,) protection of mass harvesting of potentially personal data, *and* some sort of protection against run-away scripts from the same source. This is a pretty old mechanism and its shortcomings are known. [...]
More to the point, who is it, specifically, within RIPE NCC, that has the authority to fix this?
No one. And please stop accusing the NCC folks of stupidity and other useless stuff! Coming forward with proposals for removing or modifying the mechanisms imho would be the responsibility of the Community, either in AA-WG and/or DB-WG or maybe Services. IIRC, we had a brief discussion a while ago in DB-WG, regarding a more useful(?) configuration that would still honour resource queries *not* asking (implicitly or explicitly) for contact information or person objects.
Regards, rfg
Wilfried
participants (5)
-
Fredrik Widell -
Ronald F. Guilmette -
Sara Borges -
Sascha Luck [ml] -
Wilfried Woeber