DNSO Archives: [registrars]

ICANN/DNSO DNSO Mailling lists archives

[registrars]

<<< Chronological Index >>> <<< Thread Index >>>

RE: [registrars] RE: WHOIS BLUES

To: "Rick Wesson" <wessorh@ar.com>
Subject: RE: [registrars] RE: WHOIS BLUES
From: "Bhavin Turakhia" <bhavin.t@directi.com>
Date: Thu, 2 May 2002 11:14:43 +0530
Cc: "Registrars@Dnso. Org" <registrars@dnso.org>
Importance: Normal
In-Reply-To: <Pine.LNX.4.33.0205012132570.20799-100000@flash.ar.com>
Sender: owner-registrars@dnso.org

hi rick,

you havent understood my exact issue - i will exemplify below after
answering your statements -

> you look up the subnet in the appropiate whois database such as ARIN.

this is a manual process

> keep track of the requests from the subnet not the host, you could do this
> daily, take the address from your logs and look them up at ARIN, RIPE, or
> APNIC and keep those in a database.

here is the main problem.  even if Arin, RIPE or APNIC have handed out say a
CLASS C to some ISP, I cannot block the entire CLASS C, this is because the
offender may have been assigned a CIDR address from the CLASS C by further
subnetting it

> > he might have a /27 ..... but be randomly using ips from the
> /27, i cannot
> > identify what the exact subnet is and might end up banning the
> entire class
> > C when he did not own the entire /24.
>
> look up the ip at whois.arin.net...

that does not let me know the block of ips that the offender has been
assigned since he may have a subset of the block that shows up in Arin,
Apnic or RIPE

for eg, take my own ip address. it is 203.199.107.56. When u do a lookup on
this ip in APNIC you get -

inetnum              203.199.0.0 - 203.199.255.255
netname              VSNL-IN
descr                Videsh Sanchar Nigam Ltd - India.
descr                Videsh Sanchar Bhawan, M.G. Road
descr                Fort, Bombay 400001

Suppose that I am slamming yopur whois using this ip =- you do a lookup and
get the above results. the above is a CLASS B assigned to my ISP. There is
no way you can find out which ip addresses have been assigned to me. My
provider can assign me a /24, /20 or /27 or anything he wishes ..... from
his chunk

So even with a lookup on APNIC/Arin/RIPE it is impossible to dind out the
exact subnet that theoffender has been given, except where the offender is
directly buying ip addresses from APNIC, ARIN etc ...... which is not the
case mostof the times

bhavin


Best Regards
Bhavin Turakhia
CEO
Directi
----------------------------
Tel: 91-22-6370256 (4 lines)
Fax: 91-22-6370255
http://www.directi.com
----------------------------

Follow-Ups:
- RE: [registrars] RE: WHOIS BLUES
  - From: Rick Wesson <wessorh@ar.com>

References:
- RE: [registrars] RE: WHOIS BLUES
  - From: Rick Wesson <wessorh@ar.com>

<<< Chronological Index >>> <<< Thread Index >>>