Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

[Nick Hilliard <nick () foobar org>]

Ronald F. Guilmette wrote:
>  I always start with whatver whois.iana.org has to
> say.  And it says that that 103.0.0.0/8 belongs to APNIC, so of course,
> I only looked at what whois.apnic.net had to say about 103.11.67.105.

yeah, this prefix was transferred from APNIC to ARIN.  You can search
for the details here:

https://www.apnic.net/manage-ip/manage-resources/transfer-resources/transfer-logs

There's a full log on their ftp site:

ftp://ftp.apnic.net/public/transfers/apnic/transfer-apnic-latest

No doubt other RIRs have their own transfer listings.

> This isn't the first time I've wished that the right hand knew (or cared)
> what the left hand was doing.  I've asked the folks at IANA about this
> sort of thing in the past, i.e. them giving pointers to the apparently
> wrong RiR whois server, and they just won't fix it.

It's not an IANA problem to fix.  IANA handles the initial allocation to
the RIR, but does not account for subsequent inter-RIR transfers.  There
are 5 RIRs, so 20 different ways for data to flow, and IANA is no longer
authoritative for the address space once its been RIR-allocated.  This
excludes ERX space, which is another bundle of fun.

I.e. you should no longer depend on whois.iana.org for accurate resource
delegation information.

The LACNIC whois server (whois.lacnic.net) appears to maintain pointer
information, judging by a couple of queries.

Nick