spammer from outer space? (routing error)

David Schwartz davids at webmaster.com
Sat Aug 25 22:01:12 UTC 2007


> 23  125.187.32.144(H!)  351.850 ms (H!)  359.870 ms (H!)  367.696 ms
>
> But whois keeps telling me:
>
> ReferralServer: whois://whois.apnic.net

Hmm, you might want to follow up with the referral server.

> NetRange:   125.0.0.0 - 125.255.255.255
> CIDR:       125.0.0.0/8
> NetName:    APNIC-125
> NetHandle:  NET-125-0-0-0-1
> Parent:
> NetType:    Allocated to APNIC
> Comment:    This IP address range is not registered in the ARIN database.

Logical, since it was never assigned to ARIN.

> Comment:    For details, refer to the APNIC Whois Database via
> Comment:    WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl

This seems pretty clear. You can get details from APNIC since this was
allocated to them, as the 'NetType' above shows.

> Comment:    ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
> Comment:    for the Asia Pacific region. APNIC does not operate networks
> Comment:    using this IP address range and is not able to investigate
> Comment:    spam or abuse reports relating to these addresses. For more
> Comment:    help, refer to http://www.apnic.net/info/faq/abuse

And, of course, APNIC doesn't operate this network, they assigned it.

> So I should never have seen a packet from them?

>From whom? What are you talking about?

This is someone who is using an IP inside a block that IANA assigned to
APNIC. You asked ARIN about the block and ARIN told you that they have no
idea since they have nothing to do with it and they suggested you follow up
with APNIC.

So you still have no idea what APNIC did with the block, other than that
they didn't actually operate any networks in it. They presumably assigned it
to a customer, and if you asked them (as you were suggested to do *twice*)
they would have told you.

DS





More information about the NANOG mailing list