[153635] in North American Network Operators' Group
Re: My view of the arin db boarked?
daemon@ATHENA.MIT.EDU (Joe Provo)
Sat Jun 9 11:14:26 2012
Date: Sat, 9 Jun 2012 11:13:51 -0400
From: Joe Provo <nanog-post@rsuc.gweep.net>
To: Christopher Morrow <christopher.morrow@gmail.com>
In-Reply-To: <CAL9jLabVs-f16VE_gGpz2yPryaoY7Zne4VdDqMQSwLRfUofj-g@mail.gmail.com>
Cc: nanog list <nanog@nanog.org>
Reply-To: nanog-post@rsuc.gweep.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Jun 08, 2012 at 04:27:29PM -0400, Christopher Morrow wrote:
> err, last 3 times I asked this I was shown the error of my ways, but
> here goes...
>
> 209.250.228.241 - seems to not have any records in ARIN's WHOIS
> database, everythign seems to roll up to the /8 record :(
>
> I see this routed as a /23: (from routeviews)
> BGP routing table entry for 209.250.228.0/23, version 2072545487
> Paths: (33 available, best #19, table Default-IP-Routing-Table)
> Not advertised to any peer
> 3277 3267 174 27431 14037
> 194.85.102.33 from 194.85.102.33 (194.85.4.4)
> Origin IGP, localpref 100, valid, external
> Community: 3277:3267 3277:65321 3277:65323 3277:65330
>
> If I look at the ASN in particular: AS14037
> no records exist for that in ARIN's WHOIS database either ;( If I look
> at all the networks announced by AS14037:
> 14037 | 204.8.216.0/21 |
> 14037 | 209.250.224.0/19 |
> 14037 | 209.250.228.0/23 |
> 14037 | 209.250.242.0/24 |
> 14037 | 209.250.247.0/24 |
If you query filtergen.level3.com, they are expecting to see it from
this ASN:
Prefix list for policy as14037 =
LEVEL3::AS14037
204.8.216.0/21
209.250.224.0/20
> 14037 | 64.18.128.0/19 |
> 14037 | 64.18.159.0/24 |
...but not those, which are registered in ALTDB (as the /19)along
with the squatted 204.8.216.0/21 and 209.250.224.0/20
route: 64.18.128.0/19
descr: RackVibe LLC
origin: AS14037
admin-c: GC373-ARIN
tech-c: GC373-ARIN
notify: arin@6gtech.com
mnt-by: MNT-6GTECH
changed: arin@6gtech.com 20081007
source: ALTDB
> none of them have any records in the ARIN WHOIS database :( The
> upstream for this network is AS 27431 - JTL Networks
> who seems to get transit/peer with 3356/174.
Amusingly, AS27431 is still the RR contacts cording to the IRR. Score
another one in the 'inaccurate IRR' column.
> It's nice to see folk who use IRR databases to filter their customers
> still permit this sort of thing to go on though: AS3356 I'm looking at
> you...
Here's a clue of future prefixes to watch for 3356 allowing from
this particular nest:
% whois -h filtergen.level3.com -- "-searchpath=ARIN;RIPE;RADB;ALTDB;LEVEL3 as27431"
Prefix list for policy as27431 =
ARIN::AS27431 LEVEL3::AS27431 ALTDB::AS27431 RADB::AS27431
RIPE::AS27431
66.132.44.0/24
66.132.45.0/24
66.132.47.0/24
69.36.0.0/20
209.41.200.0/24
209.41.202.0/24
209.115.40.0/24
209.115.41.0/24
209.115.42.0/24
209.115.43.0/24
209.115.108.0/24
216.28.47.0/24
216.28.134.0/24
216.29.53.0/24
216.29.115.0/24
216.29.116.0/24
216.29.117.0/24
216.29.121.0/24
216.29.122.0/24
216.29.152.0/24
216.29.194.0/24
216.29.247.0/24
%
> I think first: "Where are the records for this set of ip number resources?"
> and second: "Why are we still seeing this on the network with no way
> to contact the operators of the resources?"
You can try and contact the entities that are called 'RackVibe' accordin
and '6G Tech' according to the various IRR registry entries for 14037 and
46496. Sketchy things which geolocate to Seacaucus? Whoda thunk.
--
RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NewNOG
