Re: bogon identified? how to track down bogus IPs/ASN's
As far as I can tell, AS394786 (Avetria Wireless) made up both AS135022 and the associated bogon IP ranges that AS announces (103.206.16.0/22 & 182.161.32.0/22) for its own use. Avetria's sole upstream provider appears to be AS54889 (Bluwest Inc). Probably an issue to discuss with both of these organizations. --Blake Filip Hruska wrote on 9/29/2016 3:06 PM: According to HE's BGP tool, the IP range is actually 103.206.16.0/22 and it looks like it's a bogon. http://bgp.he.net/net/103.206.16.0/22#_bogon Regards, Filip On 29.9.2016 21:46, Ken Chase wrote: My turn for the newb question: I've got a traceroute with this IP in it thats close to the end of the trace. 103.206.16.46 Chasing down this IP to see who the ISP a friend is using, figured out the diff between ARIN and APNIC whois for IPs (..bit of a learning curve, not sure why there's not just one whois interface syntax). whois -h whois.apnic.net -m 103.206.16.0/21 shows only the upper /22 being registered with APNIC (if you do -m on .16.0/22, there's no entry). So it seems to me these Ips arent registered properly with APNIC (could it be cross-registered with another RIR? Well it's not with ARIN who'd be the local.) But I do see this block in global bgp tables so it wasnt like someone decided to use 10.10.10/24 or 1.2.3/24 in their routing infrastructure. They're actually announcing; sh ip bg 103.206.16.0 ends in a path with 394786 135022 looking up 394786 I see avetria networks. looking up 135022 I see nothing at ARIN. At APNIC I get as-block: AS134557 - AS135580 descr: APNIC ASN block remarks:These AS numbers are further assigned by APNIC remarks:to APNIC members and end-users in the APNIC region but nothing more specific. However, this does show up in radb as avetria networks as well. (and various geolocate DBs put it in Melbourn.au though i know it's in use in Kitchener ontario). So what's not matching up here? /kc -- Ken Chase - m...@sizone.org Guelph Ontario
Re: bogon identified? how to track down bogus IPs/ASN's
According to HE's BGP tool, the IP range is actually 103.206.16.0/22 and it looks like it's a bogon. http://bgp.he.net/net/103.206.16.0/22#_bogon Regards, Filip On 29.9.2016 21:46, Ken Chase wrote: My turn for the newb question: I've got a traceroute with this IP in it thats close to the end of the trace. 103.206.16.46 Chasing down this IP to see who the ISP a friend is using, figured out the diff between ARIN and APNIC whois for IPs (..bit of a learning curve, not sure why there's not just one whois interface syntax). whois -h whois.apnic.net -m 103.206.16.0/21 shows only the upper /22 being registered with APNIC (if you do -m on .16.0/22, there's no entry). So it seems to me these Ips arent registered properly with APNIC (could it be cross-registered with another RIR? Well it's not with ARIN who'd be the local.) But I do see this block in global bgp tables so it wasnt like someone decided to use 10.10.10/24 or 1.2.3/24 in their routing infrastructure. They're actually announcing; sh ip bg 103.206.16.0 ends in a path with 394786 135022 looking up 394786 I see avetria networks. looking up 135022 I see nothing at ARIN. At APNIC I get as-block: AS134557 - AS135580 descr: APNIC ASN block remarks:These AS numbers are further assigned by APNIC remarks:to APNIC members and end-users in the APNIC region but nothing more specific. However, this does show up in radb as avetria networks as well. (and various geolocate DBs put it in Melbourn.au though i know it's in use in Kitchener ontario). So what's not matching up here? /kc -- Ken Chase - m...@sizone.org Guelph Ontario
bogon identified? how to track down bogus IPs/ASN's
My turn for the newb question: I've got a traceroute with this IP in it thats close to the end of the trace. 103.206.16.46 Chasing down this IP to see who the ISP a friend is using, figured out the diff between ARIN and APNIC whois for IPs (..bit of a learning curve, not sure why there's not just one whois interface syntax). whois -h whois.apnic.net -m 103.206.16.0/21 shows only the upper /22 being registered with APNIC (if you do -m on .16.0/22, there's no entry). So it seems to me these Ips arent registered properly with APNIC (could it be cross-registered with another RIR? Well it's not with ARIN who'd be the local.) But I do see this block in global bgp tables so it wasnt like someone decided to use 10.10.10/24 or 1.2.3/24 in their routing infrastructure. They're actually announcing; sh ip bg 103.206.16.0 ends in a path with 394786 135022 looking up 394786 I see avetria networks. looking up 135022 I see nothing at ARIN. At APNIC I get as-block: AS134557 - AS135580 descr: APNIC ASN block remarks:These AS numbers are further assigned by APNIC remarks:to APNIC members and end-users in the APNIC region but nothing more specific. However, this does show up in radb as avetria networks as well. (and various geolocate DBs put it in Melbourn.au though i know it's in use in Kitchener ontario). So what's not matching up here? /kc -- Ken Chase - m...@sizone.org Guelph Ontario
