nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

From: Selphie Keller <selphie.keller () gmail com>
Date: Mon, 31 Oct 2016 17:43:57 -0600
Nick,

Very cool, learn something new every day :)

[root@stellarfrost(~)]> nicinfo 103.11.67.167
# NicInfo v.1.1.1

[ NOTICE ] Terms of Service
         1 By using the ARIN RDAP/Whois service, you are agreeing to the
RDAP/Whois Terms of Use
     About https://www.arin.net/whois_tou.html

# Query type is IP4ADDR. Result type is IP.

[ RESPONSE DATA ]
  1= NET-103-11-67-0-1
     |--- 1= Gaiacom, L.C. ( GL-299 )
     |    |--- 1= GCM NY NOC ( GNN-ARIN )
     |    `--- 2= GCM NET ABUSE ( GNA35-ARIN )
     `--- 2= Los Angeles NOC ( LAN55-ARIN )

           [ IP NETWORK ]
                   Handle:  NET-103-11-67-0-1
            Start Address:  103.011.067.000
              End Address:  103.011.067.255
               IP Version:  v4
             Last Changed:  Mon, 13 Jun 2016 15:20:51 -0700
             Registration:  Wed, 25 May 2016 17:17:12 -0700

               [ ENTITY ]
                   Handle:  GL-299
                     Name:  Gaiacom, L.C.
                    Roles:  Registrant
             Last Changed:  Fri, 15 Aug 2014 11:26:53 -0700
             Registration:  Wed, 04 Dec 2013 13:01:12 -0800

               [ ENTITY ]
                   Handle:  GNN-ARIN
                     Name:  GCM NY NOC
             Organization:  GCM NY NOC
                    Email:  noc () gaiacom net
                    Phone:  +1-310-421-9099 ( work, voice )
                    Phone:  +1-310-421-9098 ( work, fax )
                    Roles:  Noc, Technical, Administrative
                   Status:  Validated
             Last Changed:  Sat, 20 Aug 2016 09:21:23 -0700
             Registration:  Tue, 26 Nov 2013 22:58:12 -0800

               [ ENTITY ]
                   Handle:  GNA35-ARIN
                     Name:  GCM NET ABUSE
             Organization:  GCM NET ABUSE
                    Email:  noc () maya net
                    Phone:  +1-310-421-9099 ( work, voice )
                    Phone:  +1-310-421-9098 ( work, fax )
                    Roles:  Abuse
                   Status:  Validated
             Last Changed:  Wed, 03 Aug 2016 13:51:02 -0700
             Registration:  Tue, 26 Nov 2013 23:39:45 -0800

               [ ENTITY ]
                   Handle:  LAN55-ARIN
                     Name:  Los Angeles NOC
             Organization:  Los Angeles NOC
                    Email:  noc () maya net
                    Phone:  +1-213-587-7995 ( work, voice )
                    Phone:  +1-213-587-7995 ( work, cell )
                    Phone:  +1-213-587-7995 ( work, fax )
                    Roles:  Technical, Noc
                   Status:  Validated
             Last Changed:  Mon, 13 Jun 2016 15:14:38 -0700
             Registration:  Mon, 13 Jun 2016 15:14:38 -0700

# Use "nicinfo 1=" to show NET-103-11-67-0-1
# Use "nicinfo 1.1=" to show Gaiacom, L.C. ( GL-299 )
# Use "nicinfo 1.2=" to show Los Angeles NOC ( LAN55-ARIN )
# Use "nicinfo https://rdap.arin.net/registry/ip/103.011.067.000"; to
directly query this resource in the future.
# Use "nicinfo -h" for help.

On 31 October 2016 at 17:21, Nick Hilliard <nick () foobar org> wrote:


Selphie Keller wrote:

APNIC -> 103.11.64.0/22 -> then to WebNX 103.11.67.0/24, which would

show

the full chain and a proper abuse contact for this subnet.


the tl;dr on the thread scrollback was:

1. whois is irredeemably broken
2. use rdap, which supports referrals
3. open source RDAP client: https://github.com/arineng/nicinfo

Nick
Previous By Date Next
Previous By Thread Next

Current thread: