whois queries with respect to RIPE policies

[chris chricki@localhost]

Hi list,

During the next days, I'm planning to analyze some suspicious traffic
that I collected during an execution of malware. One of my goal is to
retrieve additional information for every IP address that is in that
traffic. For this, I believe that the whois data is a very valuable
source of information. However, I realize that I should not overdo in
performing whois queries to RIPE (and RIR databases in general).

I expect to query the database ~ 20,000 times per day. Here comes my
problem: According to the RIPE policy, I am allowed to query the
database even frequently. At the same time, one should avoid querying
personal data too often. I am trying now to find a program (e.g.,
jwhois, the 'usual' UNIX whois client, with some weird parameters) that
allow me to comply to the RIPE policies. For my convenicen, if I can
somehow avoid it, I'd rather use the online database instead of syncing
it and performing requests locally.

In addition, I checked the whois usage policies of other RIRs.
Admittedly, RIPE has got the far most transparent ones! Others don't
give explicit limits in their usage, and I have to hope that I won't be
blocked when using whois extensively.

Would you please share your experiences, and maybe even give hints about
a 'correct' usage of a whois client?

Thanks in advance,
Chris