[anti-abuse-wg] weird ERX networks ?
Denis Walker denis at ripe.net
Mon Mar 26 12:16:58 CEST 2012
Dear Colleagues, The IP address 220.127.116.11 - 18.104.22.168 was allocated to an organisation in Algeria and registered in the RIPE Database. So the entries in ARIN and LACNIC Databases were originally correct, but need to be updated. It was transferred from the RIPE Database to AfriNIC as part of the set up of the Afrinic Registry in 2005. That is why the RIPE Database entry says "This network has been transferred to AFRINIC" and has the netname "AFRINIC-NET-TRANSFERRED-20050223". Any questions about the current status of these addresses should be directed to AfriNIC. Regards, Denis Walker Business Analyst RIPE NCC Database Group On 26/03/12:14 11:43 AM, Frank Gadegast wrote: > Suresh Ramasubramanian wrote: > > Hi, > >> I dont think that IP is even announced - the /24 is not in the routing >> table at all. > > It could be, that this specific network was announced once and isnt > anymore today. > >> Did you get some spam from any specific IP in there? > > Yes. And true for all those networks (once we got a connect from those > IPs). Im trying to find a few, that are really routed somewhere and > really hove no whois, but that needs a bit programming first ... > > > My main question was, why ARIN and LACNIC are saying, that > they belong to RIPE and RIPE is saying, that they belong to AFRINIC > and AFRINIC is saying, that they are worldwide. > > Should AFRINIC not say, that they are unassigned, where they belong > to them and arent used right now ? Instead of saying, that they are > worldwide ? > > Should not any resource belong to one of the RIRs (even if its PI space) ? > > > Kind regards, Frank > > >> On Mon, Mar 26, 2012 at 1:30 PM, Frank Gadegast >> <ripe-anti-spam-wg at powerweb.de <mailto:ripe-anti-spam-wg at powerweb.de>> >> wrote: >> >> >> Hi, >> >> we receive Spam from some networks we cannot find any whois record >> for. >> >> An example: >> 22.214.171.124 >> (we found about 1000 networks like this) >> >> >> ARINs whois says, its RIPE >> RIPEs whois says, its AFRINIC >> LACNIC also says, its AFRINIC >> >> but AFRINICs whois says, its "world-wide" ... >> >> >> So, where is this really allocated too and where can we we find a >> whois record for those networks ? >> Unallocated, but still in use from somebody ? >> Anybody an idea ? >> >> Here are the whois records: >> >> ARIN: >> NetRange: 126.96.36.199 - 188.8.131.52 >> CIDR: 184.108.40.206/8 <http://220.127.116.11/8> >> OriginAS: >> NetName: RIPE-C3 >> NetHandle: NET-62-0-0-0-1 >> >> >> RIPE: >> inetnum: 18.104.22.168 - 22.214.171.124 >> org: ORG-AFNC1-RIPE >> netname: AFRINIC-NET-TRANSFERRED-__20050223 >> descr: This network has been transferred to AFRINIC >> remarks: These IP addresses are assigned in the AFRINIC region. >> >> >> AFRINIC: >> inetnum: 0.0.0.0 - 255.255.255.255 >> netname: IANA-BLK >> descr: The whole IPv4 address space >> country: EU # Country is really world wide >> org: ORG-IANA1-AFRINIC >> >> >> >> >> Kind regards, Frank >> -- >> MOTD: "have you enabled SSL on a website or mailbox today ?" >> -- >> PHADE Software - PowerWeb http://www.powerweb.de >> Inh. Dipl.-Inform. Frank Gadegast >> mailto:frank at powerweb.de <mailto:frank at powerweb.de> >> Schinkelstrasse 17 fon: +49 33200 >> 52920 >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 >> 52921 >> >> ==============================__==============================__========== >> >> >> >> >> >> >> -- >> Suresh Ramasubramanian (ops.lists at gmail.com <mailto:ops.lists at gmail.com>) > >