[anti-abuse-wg] weird ERX networks ?
Frank Gadegast ripe-anti-spam-wg at powerweb.de
Mon Mar 26 11:43:45 CEST 2012
Suresh Ramasubramanian wrote: Hi, > I dont think that IP is even announced - the /24 is not in the routing > table at all. It could be, that this specific network was announced once and isnt anymore today. > Did you get some spam from any specific IP in there? Yes. And true for all those networks (once we got a connect from those IPs). Im trying to find a few, that are really routed somewhere and really hove no whois, but that needs a bit programming first ... My main question was, why ARIN and LACNIC are saying, that they belong to RIPE and RIPE is saying, that they belong to AFRINIC and AFRINIC is saying, that they are worldwide. Should AFRINIC not say, that they are unassigned, where they belong to them and arent used right now ? Instead of saying, that they are worldwide ? Should not any resource belong to one of the RIRs (even if its PI space) ? Kind regards, Frank > On Mon, Mar 26, 2012 at 1:30 PM, Frank Gadegast > <ripe-anti-spam-wg at powerweb.de <mailto:ripe-anti-spam-wg at powerweb.de>> > wrote: > > > Hi, > > we receive Spam from some networks we cannot find any whois record for. > > An example: > 184.108.40.206 > (we found about 1000 networks like this) > > > ARINs whois says, its RIPE > RIPEs whois says, its AFRINIC > LACNIC also says, its AFRINIC > > but AFRINICs whois says, its "world-wide" ... > > > So, where is this really allocated too and where can we we find a > whois record for those networks ? > Unallocated, but still in use from somebody ? > Anybody an idea ? > > Here are the whois records: > > ARIN: > NetRange: 220.127.116.11 - 18.104.22.168 > CIDR: 22.214.171.124/8 <http://126.96.36.199/8> > OriginAS: > NetName: RIPE-C3 > NetHandle: NET-62-0-0-0-1 > > > RIPE: > inetnum: 188.8.131.52 - 184.108.40.206 > org: ORG-AFNC1-RIPE > netname: AFRINIC-NET-TRANSFERRED-__20050223 > descr: This network has been transferred to AFRINIC > remarks: These IP addresses are assigned in the AFRINIC region. > > > AFRINIC: > inetnum: 0.0.0.0 - 255.255.255.255 > netname: IANA-BLK > descr: The whole IPv4 address space > country: EU # Country is really world wide > org: ORG-IANA1-AFRINIC > > > > > Kind regards, Frank > -- > MOTD: "have you enabled SSL on a website or mailbox today ?" > -- > PHADE Software - PowerWeb http://www.powerweb.de > Inh. Dipl.-Inform. Frank Gadegast > mailto:frank at powerweb.de <mailto:frank at powerweb.de> > Schinkelstrasse 17 fon: +49 33200 52920 > 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > ==============================__==============================__========== > > > > > > -- > Suresh Ramasubramanian (ops.lists at gmail.com <mailto:ops.lists at gmail.com>) -- Mit freundlichen Gruessen, -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================