From bachng at nttv6.jp Sat Oct 28 18:35:57 2006 From: bachng at nttv6.jp (Nguyen Huu Bach) Date: Sun, 29 Oct 2006 01:35:57 +0900 Subject: question about RIPE DB Message-ID: <454386ED.6050600@nttv6.jp> Dear all, My name is Nguyen. I'm a newbee trying to deploy a RIPE database. I have a simple question and would be appriciate to hear from you. I've tried to search for the question but still could not find any answer. My questions: What is the purpose of the config port (default is 43002)? When I started the whois_server, it allways listens on this port. Is there any way to disable this or apply a authenticate mechanism on this port ? Thank you very much. From katie at ripe.net Mon Oct 30 08:54:37 2006 From: katie at ripe.net (Katie Petrusha) Date: Mon, 30 Oct 2006 08:54:37 +0100 Subject: question about RIPE DB In-Reply-To: <454386ED.6050600@nttv6.jp> References: <454386ED.6050600@nttv6.jp> Message-ID: <20061030075437.GA31697@ripe.net> On Sun, Oct 29, 2006 at 01:35:57AM +0900, Nguyen Huu Bach wrote: Dear Nguyen, This port is used for the command-line interface to some of the whois server's threads. You can see the threads that are currently running in the server. You can use it for instance to block certain IP addresses from retrieving information from your database, and to see which queries are running at the moment and for how long and from which IP. Try connecting: telnet 53002 (hit enter to see list of commands) There is no password-protected mechanism, built in the server, to access this port. You can restrict it in your systems network settings, so that only local connections (from localhost) are accepted to this port. You might also be able, depending on your system, to restrict connections with only certain usernames to this port. This is not a feature supported by the whois server itself, you would need to set it up in your system. Katie Petrusha RIPE NCC > Dear all, > > My name is Nguyen. I'm a newbee trying to deploy a RIPE database. > I have a simple question and would be appriciate to hear from you. > I've tried to search for the question but still could not find any answer. > My questions: > > What is the purpose of the config port (default is 43002)? > When I started the whois_server, it allways listens on this port. > Is there any way to disable this or apply a authenticate mechanism on > this port ? > > Thank you very much. -- Katie Petrusha RIPE NCC From bachng at nttv6.jp Mon Oct 30 12:26:42 2006 From: bachng at nttv6.jp (Nguyen Huu Bach) Date: Mon, 30 Oct 2006 20:26:42 +0900 Subject: question about RIPE DB In-Reply-To: <20061030075437.GA31697@ripe.net> References: <454386ED.6050600@nttv6.jp> <20061030075437.GA31697@ripe.net> Message-ID: <4545E172.10306@nttv6.jp> Dear Katie Petrusha Thank you very much for your reply. We choose to modify the source to permit only to the localhost to access the config port. Here is the patch (in case someone has interest in this issue) --- ./src/modules/sv/server.c.old Mon Oct 30 20:18:53 2006 +++ ./src/modules/sv/server.c Mon Oct 30 20:19:41 2006 @@ -619,7 +619,9 @@ /* Currently binds to INADDR_ANY. Will need to get specific address */ /* SV_whois_sock = SK_getsock(SOCK_STREAM,whois_port,whois_addr); */ /* config interface socket */ - SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, INADDR_ANY); + /* SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, INADDR_ANY); */ + SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, htonl(INADDR_LOOPBACK)); + /* nrt socket */ SV_mirror_sock = SK_getsock(SOCK_STREAM,mirror_port, 128, INADDR_ANY); Thank you very much. Nguyen, NTT Communications. Katie Petrusha wrote: > On Sun, Oct 29, 2006 at 01:35:57AM +0900, Nguyen Huu Bach wrote: > > Dear Nguyen, > > This port is used for the command-line interface to some of the whois > server's threads. You can see the threads that are currently running in > the server. You can use it for instance to block certain IP > addresses from retrieving information from your database, and to see > which queries are running at the moment and for how long and from which > IP. > > Try connecting: > telnet 53002 > (hit enter to see list of commands) > > There is no password-protected mechanism, built in the server, > to access this port. > You can restrict it in your systems network settings, so that > only local connections (from localhost) are accepted to this port. > You might also be able, depending on your system, to restrict > connections with only certain usernames to this port. > This is not a feature supported by the whois server itself, you would > need to set it up in your system. > > Katie Petrusha > RIPE NCC > > >> Dear all, >> >> My name is Nguyen. I'm a newbee trying to deploy a RIPE database. >> I have a simple question and would be appriciate to hear from you. >> I've tried to search for the question but still could not find any answer. >> My questions: >> >> What is the purpose of the config port (default is 43002)? >> When I started the whois_server, it allways listens on this port. >> Is there any way to disable this or apply a authenticate mechanism on >> this port ? >> >> Thank you very much. >> > > From bachng at nttv6.jp Tue Oct 31 03:04:19 2006 From: bachng at nttv6.jp (Nguyen Huu Bach) Date: Tue, 31 Oct 2006 11:04:19 +0900 Subject: question about mirroring Message-ID: <4546AF23.40202@nttv6.jp> Dear all We have a question and would be appreciated to hear from you. We saw that RIPE is currently mirroring RADB RIPE:2:N:2278327-8326558 RADB:1:N:397470-400159 APNIC:2:N:2-2157249 ARIN:1:N:2-3830651 VERIO:1:N:20896-67078 JPIRR:1:N:755-28963 AFRINIC:2:N:2-157989 we would like to know in this case, what the mirror mechanism is used and how it is configured ? As we know RADB runs Irrd while RIPE runs whoisd. Thank you very much. Nguyen, NTT Communications