bogon identified? how to track down bogus IPs/ASN's
fhr at fhrnet.eu
Thu Sep 29 20:06:24 UTC 2016
According to HE's BGP tool, the IP range is actually 126.96.36.199/22 and
it looks like it's a bogon.
On 29.9.2016 21:46, Ken Chase wrote:
> My turn for the newb question:
> I've got a traceroute with this IP in it thats close to the end of the trace.
> Chasing down this IP to see who the ISP a friend is using, figured out
> the diff between ARIN and APNIC whois for IPs (..bit of a learning curve, not
> sure why there's not just one whois interface syntax).
> whois -h whois.apnic.net -m 188.8.131.52/21
> shows only the upper /22 being registered with APNIC (if you do -m on
> .16.0/22, there's no entry).
> So it seems to me these Ips arent registered properly with APNIC (could it
> be cross-registered with another RIR? Well it's not with ARIN who'd be the local.)
> But I do see this block in global bgp tables so it wasnt like someone decided to use
> 10.10.10/24 or 1.2.3/24 in their routing infrastructure. They're actually announcing;
> sh ip bg 184.108.40.206 ends in a path with 394786 135022
> looking up 394786 I see avetria networks. looking up 135022 I see nothing at ARIN.
> At APNIC I get
> as-block: AS134557 - AS135580
> descr: APNIC ASN block
> remarks: These AS numbers are further assigned by APNIC
> remarks: to APNIC members and end-users in the APNIC region
> but nothing more specific.
> However, this does show up in radb as avetria networks as well. (and various geolocate
> DBs put it in Melbourn.au though i know it's in use in Kitchener ontario).
> So what's not matching up here?
> Ken Chase - math at sizone.org Guelph Ontario
More information about the NANOG