bogon identified? how to track down bogus IPs/ASN's

• Previous message (by thread): bogon identified? how to track down bogus IPs/ASN's
• Next message (by thread): PeeringDB Product Committee Charter Survey / NANOG
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As far as I can tell, AS394786 (Avetria Wireless) made up both AS135022 
and the associated bogon IP ranges that AS announces (103.206.16.0/22 & 
182.161.32.0/22) for its own use. Avetria's sole upstream provider 
appears to be AS54889 (Bluwest Inc). Probably an issue to discuss with 
both of these organizations.

--Blake

Filip Hruska wrote on 9/29/2016 3:06 PM:
> According to HE's BGP tool, the IP range is actually 103.206.16.0/22 
> and it looks like it's a bogon.
>
> http://bgp.he.net/net/103.206.16.0/22#_bogon
>
> Regards,
> Filip
>
> On 29.9.2016 21:46, Ken Chase wrote:
>> My turn for the newb question:
>>
>> I've got a traceroute with this IP in it thats close to the end of 
>> the trace.
>>
>> 103.206.16.46
>>
>> Chasing down this IP to see who the ISP a friend is using, figured out
>> the diff between ARIN and APNIC whois for IPs (..bit of a learning 
>> curve, not
>> sure why there's not just one whois interface syntax).
>>
>>  whois -h whois.apnic.net -m 103.206.16.0/21
>>
>> shows only the upper /22 being registered with APNIC (if you do -m on
>> .16.0/22, there's no entry).
>>
>> So it seems to me these Ips arent registered properly with APNIC 
>> (could it
>> be cross-registered with another RIR? Well it's not with ARIN who'd 
>> be the local.)
>>
>> But I do see this block in global bgp tables so it wasnt like someone 
>> decided to use
>> 10.10.10/24 or 1.2.3/24 in their routing infrastructure. They're 
>> actually announcing;
>>
>>  sh ip bg 103.206.16.0  ends in a path with  394786 135022
>>
>> looking up 394786 I see avetria networks. looking up 135022 I see 
>> nothing at ARIN.
>>
>> At APNIC I get
>>
>> as-block:       AS134557 - AS135580
>> descr:          APNIC ASN block
>> remarks:        These AS numbers are further assigned by APNIC
>> remarks:        to APNIC members and end-users in the APNIC region
>>
>> but nothing more specific.
>>
>> However, this does show up in radb as avetria networks as well. (and 
>> various geolocate
>> DBs put it in Melbourn.au though i know it's in use in Kitchener 
>> ontario).
>>
>> So what's not matching up here?
>>
>> /kc
>> -- 
>> Ken Chase - math at sizone.org Guelph Ontario
>>

• Previous message (by thread): bogon identified? how to track down bogus IPs/ASN's
• Next message (by thread): PeeringDB Product Committee Charter Survey / NANOG
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]