Lately when I query whois from one of our servers I almost always receive the following message indicating that we are exceedind daily usage limits:
Queries from your IP address have passed the daily limit of controlled objects:
%ERROR:201: access denied for xxxx:xxxx:x:x:xxxx:xxxx:xxxx:xxxx % % Queries from your IP address have passed the daily limit of controlled objects. % Access from your host has been temporarily denied.
This happens whether or not I've done any lookups at all on a given day. Since I have only occasionally used this tool in the past I am left wondering how the quota could have been used up since no one else has command line access to our server and I'm reasonably sure that there has been no security compromise.
My question: Are there linux services or daemons that make use of the RIPE database service?
As noted in the comments, yes, certain services do in fact query the RIPE database. To investigate this I did reverse depends query of APT's package cache like this:
This reveals the most likely culprit in my case: fail2ban
Thanks to @HBruijn for pointing out that I should check dependencies to answer my own question.