Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

Michael Smith mksmith at mac.com
Sat Oct 29 02:45:40 UTC 2016


I would use LACNIC’s whois server for these queries.  They have info from all the registries, which is an amazing service that seems beyond the other RIRs. 

whois -h whois.lacnic.net <http://whois.lacnic.net/> 103.11.67.105

HostUS HOSTUS-IPV4-5 (NET-103-11-64-0-1) 103.11.64.0 - 103.11.67.255
Gaiacom, L.C. SOLVPS-103-11-67-0-24 (NET-103-11-67-0-1) 103.11.67.0 - 103.11.67.255

Mike

> On Oct 28, 2016, at 4:36 PM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> 
> 
> In message <CADVNyRb-LE2GAgxae149RUwz5fkzQh-9Es6ZcEg_e0N7LVDa9g at mail.gmail.com>
> Doug Clements <dclements at gmail.com> wrote:
> 
>> How does one get ARIN to register resources to come up with this result?
>> 
>> https://whois.arin.net/rest/nets;q=103.11.67.105
>> 
>> The /16 is APNIC but there are 2 subnets that appear to be allocated from
>> ARIN. Having just typed 'whois 103.11.67.105' I completely missed the fact
>> that the supernet was APNIC until I checked the web interface.
> 
> Oh!!  Wow!!  I totally missed this also, i.e. that ARIN is showing an
> allocation for 103.11.64.0/22 to HostUs.Us in Texas.
> 
> That's really weird, but even that doesn't either explain or excuse
> what still looks like an illicit squat (by an unrelated Los Angeles
> company) on the 103.11.67.0/24 block to me... perhaps one that's been
> re-sold to a spammer (which seems possible, given the spam I got).
> 
> In my own defense, I didn't see the ARIN allocation because I have a
> normative process that I use for looking up IP addresses.  It's
> hierarchical, and I always start with whatver whois.iana.org has to
> say.  And it says that that 103.0.0.0/8 belongs to APNIC, so of course,
> I only looked at what whois.apnic.net had to say about 103.11.67.105.
> And it says that it's unallocated.  (And apparently, data shown for
> announced prefixes on the bgp.he.net web site is also obtained in this
> same straightforward way, because it also is showing 103.11.67.0/24 as
> registered to "Asia Pacific Network Information Centre".)
> 
> This isn't the first time I've wished that the right hand knew (or cared)
> what the left hand was doing.  I've asked the folks at IANA about this
> sort of thing in the past, i.e. them giving pointers to the apparently
> wrong RiR whois server, and they just won't fix it.  They just shrug and
> say "Not our problem man!"  And in this case, maybe they're right.  If
> APNIC gave two subparts of 103/8 to ARIN, it might have been helpful
> if their own whois server was made aware of that fact.
> 
> Sigh.  I have to keep reminding myself of what one friend of mine keeps
> on telling me... "Ron, there you go again, trying to think about these
> things logically."
> 
> 
> Regards,
> rfg



More information about the NANOG mailing list