bogon identified? how to track down bogus IPs/ASN's
Filip Hruska
fhr at fhrnet.eu
Thu Sep 29 20:06:24 UTC 2016
According to HE's BGP tool, the IP range is actually 103.206.16.0/22 and
it looks like it's a bogon.
http://bgp.he.net/net/103.206.16.0/22#_bogon
Regards,
Filip
On 29.9.2016 21:46, Ken Chase wrote:
> My turn for the newb question:
>
> I've got a traceroute with this IP in it thats close to the end of the trace.
>
> 103.206.16.46
>
> Chasing down this IP to see who the ISP a friend is using, figured out
> the diff between ARIN and APNIC whois for IPs (..bit of a learning curve, not
> sure why there's not just one whois interface syntax).
>
> whois -h whois.apnic.net -m 103.206.16.0/21
>
> shows only the upper /22 being registered with APNIC (if you do -m on
> .16.0/22, there's no entry).
>
> So it seems to me these Ips arent registered properly with APNIC (could it
> be cross-registered with another RIR? Well it's not with ARIN who'd be the local.)
>
> But I do see this block in global bgp tables so it wasnt like someone decided to use
> 10.10.10/24 or 1.2.3/24 in their routing infrastructure. They're actually announcing;
>
> sh ip bg 103.206.16.0 ends in a path with 394786 135022
>
> looking up 394786 I see avetria networks. looking up 135022 I see nothing at ARIN.
>
> At APNIC I get
>
> as-block: AS134557 - AS135580
> descr: APNIC ASN block
> remarks: These AS numbers are further assigned by APNIC
> remarks: to APNIC members and end-users in the APNIC region
>
> but nothing more specific.
>
> However, this does show up in radb as avetria networks as well. (and various geolocate
> DBs put it in Melbourn.au though i know it's in use in Kitchener ontario).
>
> So what's not matching up here?
>
> /kc
> --
> Ken Chase - math at sizone.org Guelph Ontario
>
More information about the NANOG
mailing list