nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

From: Michael Smith <mksmith () mac com>
Date: Fri, 28 Oct 2016 19:45:40 -0700
I would use LACNIC’s whois server for these queries.  They have info from all the registries, which is an amazing 
service that seems beyond the other RIRs. 

whois -h whois.lacnic.net <http://whois.lacnic.net/> 103.11.67.105

HostUS HOSTUS-IPV4-5 (NET-103-11-64-0-1) 103.11.64.0 - 103.11.67.255
Gaiacom, L.C. SOLVPS-103-11-67-0-24 (NET-103-11-67-0-1) 103.11.67.0 - 103.11.67.255

Mike


On Oct 28, 2016, at 4:36 PM, Ronald F. Guilmette <rfg () tristatelogic com> wrote:


In message <CADVNyRb-LE2GAgxae149RUwz5fkzQh-9Es6ZcEg_e0N7LVDa9g () mail gmail com>
Doug Clements <dclements () gmail com> wrote:


How does one get ARIN to register resources to come up with this result?

https://whois.arin.net/rest/nets;q=103.11.67.105

The /16 is APNIC but there are 2 subnets that appear to be allocated from
ARIN. Having just typed 'whois 103.11.67.105' I completely missed the fact
that the supernet was APNIC until I checked the web interface.


Oh!!  Wow!!  I totally missed this also, i.e. that ARIN is showing an
allocation for 103.11.64.0/22 to HostUs.Us in Texas.

That's really weird, but even that doesn't either explain or excuse
what still looks like an illicit squat (by an unrelated Los Angeles
company) on the 103.11.67.0/24 block to me... perhaps one that's been
re-sold to a spammer (which seems possible, given the spam I got).

In my own defense, I didn't see the ARIN allocation because I have a
normative process that I use for looking up IP addresses.  It's
hierarchical, and I always start with whatver whois.iana.org has to
say.  And it says that that 103.0.0.0/8 belongs to APNIC, so of course,
I only looked at what whois.apnic.net had to say about 103.11.67.105.
And it says that it's unallocated.  (And apparently, data shown for
announced prefixes on the bgp.he.net web site is also obtained in this
same straightforward way, because it also is showing 103.11.67.0/24 as
registered to "Asia Pacific Network Information Centre".)

This isn't the first time I've wished that the right hand knew (or cared)
what the left hand was doing.  I've asked the folks at IANA about this
sort of thing in the past, i.e. them giving pointers to the apparently
wrong RiR whois server, and they just won't fix it.  They just shrug and
say "Not our problem man!"  And in this case, maybe they're right.  If
APNIC gave two subparts of 103/8 to ARIN, it might have been helpful
if their own whois server was made aware of that fact.

Sigh.  I have to keep reminding myself of what one friend of mine keeps
on telling me... "Ron, there you go again, trying to think about these
things logically."


Regards,
rfg
Previous By Date Next
Previous By Thread Next

Current thread: