My view of the arin db boarked?

Joe Provo nanog-post at rsuc.gweep.net
Sat Jun 9 15:13:51 UTC 2012


On Fri, Jun 08, 2012 at 04:27:29PM -0400, Christopher Morrow wrote:
> err, last 3 times I asked this I was shown the error of my ways, but
> here goes...
> 
> 209.250.228.241 - seems to not have any records in ARIN's WHOIS
> database, everythign seems to roll up to the /8 record :(
> 
> I see this routed as a /23: (from routeviews)
>   BGP routing table entry for 209.250.228.0/23, version 2072545487
> Paths: (33 available, best #19, table Default-IP-Routing-Table)
>   Not advertised to any peer
>   3277 3267 174 27431 14037
>     194.85.102.33 from 194.85.102.33 (194.85.4.4)
>       Origin IGP, localpref 100, valid, external
>       Community: 3277:3267 3277:65321 3277:65323 3277:65330
> 
> If I look at the ASN in particular: AS14037
> no records exist for that in ARIN's WHOIS database either ;( If I look
> at all the networks announced by AS14037:
> 14037   | 204.8.216.0/21      |
> 14037   | 209.250.224.0/19    |
> 14037   | 209.250.228.0/23    |
> 14037   | 209.250.242.0/24    |
> 14037   | 209.250.247.0/24    |

If you query filtergen.level3.com, they are expecting to see it from
this ASN:

Prefix list for policy as14037 =
 LEVEL3::AS14037

204.8.216.0/21
209.250.224.0/20

> 14037   | 64.18.128.0/19      |
> 14037   | 64.18.159.0/24      |

...but not those, which are registered in ALTDB (as the /19)along
with the squatted 204.8.216.0/21 and 209.250.224.0/20


route:      64.18.128.0/19
descr:      RackVibe LLC
origin:     AS14037
admin-c:    GC373-ARIN
tech-c:     GC373-ARIN
notify:     arin at 6gtech.com
mnt-by:     MNT-6GTECH
changed:    arin at 6gtech.com 20081007
source:     ALTDB

 
> none of them have any records in the ARIN WHOIS database :( The
> upstream for this network is  AS 27431 - JTL Networks
> who seems to get transit/peer with 3356/174.

Amusingly, AS27431 is still the RR contacts cording to the IRR. Score
another one in the 'inaccurate IRR' column.

> It's nice to see folk who use IRR databases to filter their customers
> still permit this sort of thing to go on though: AS3356 I'm looking at
> you...

Here's a clue of future prefixes to watch for 3356 allowing from 
this particular nest:

% whois -h filtergen.level3.com -- "-searchpath=ARIN;RIPE;RADB;ALTDB;LEVEL3 as27431"
Prefix list for policy as27431 =
 ARIN::AS27431   LEVEL3::AS27431 ALTDB::AS27431  RADB::AS27431
 RIPE::AS27431

66.132.44.0/24
66.132.45.0/24
66.132.47.0/24
69.36.0.0/20
209.41.200.0/24
209.41.202.0/24
209.115.40.0/24
209.115.41.0/24
209.115.42.0/24
209.115.43.0/24
209.115.108.0/24
216.28.47.0/24
216.28.134.0/24
216.29.53.0/24
216.29.115.0/24
216.29.116.0/24
216.29.117.0/24
216.29.121.0/24
216.29.122.0/24
216.29.152.0/24
216.29.194.0/24
216.29.247.0/24
%
 
> I think first: "Where are the records for this set of ip number resources?"
> and second: "Why are we still seeing this on the network with no way
> to contact the operators of the resources?"

You can try and contact the entities that are called 'RackVibe' accordin
and '6G Tech' according to the various IRR registry entries for 14037 and 
46496.  Sketchy things which geolocate to Seacaucus? Whoda thunk.

-- 
         RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NewNOG




More information about the NANOG mailing list