DNSO Archives: [registrars]

ICANN/DNSO DNSO Mailling lists archives

[registrars]

<<< Chronological Index >>> <<< Thread Index >>>

RE: [registrars] RE: WHOIS BLUES

To: Bhavin Turakhia <bhavin.t@directi.com>
Subject: RE: [registrars] RE: WHOIS BLUES
From: Rick Wesson <wessorh@ar.com>
Date: Thu, 2 May 2002 00:04:20 -0700 (PDT)
cc: "Registrars@Dnso. Org" <registrars@dnso.org>
In-Reply-To: <JHEBIMIIFEIEENCJHLHPIEHKJOAA.bhavin.t@directi.com>
Sender: owner-registrars@dnso.org


Bhavin,

your main gripe is understood, however ip registries require subdeligation
information to be put into whois for blocks as small as a /27. PackBell  a
huge telco/isp in the US make deligations in arin down to at least a /27
so if ISPs do what theyare required to then you should have reasonable
information.

After all we are just talking aboyt blocking whois, ofcource you could put
your abuse contact details in the results when you block someone insted of
just droping their request on the floor.

Look how the sendmail folks do it for RBL blacklists...


-rick


On Thu, 2 May 2002, Bhavin Turakhia wrote:

> hi rick,
>
> you havent understood my exact issue - i will exemplify below after
> answering your statements -
>
> > you look up the subnet in the appropiate whois database such as ARIN.
>
> this is a manual process
>
> > keep track of the requests from the subnet not the host, you could do this
> > daily, take the address from your logs and look them up at ARIN, RIPE, or
> > APNIC and keep those in a database.
>
> here is the main problem.  even if Arin, RIPE or APNIC have handed out say a
> CLASS C to some ISP, I cannot block the entire CLASS C, this is because the
> offender may have been assigned a CIDR address from the CLASS C by further
> subnetting it
>
> > > he might have a /27 ..... but be randomly using ips from the
> > /27, i cannot
> > > identify what the exact subnet is and might end up banning the
> > entire class
> > > C when he did not own the entire /24.
> >
> > look up the ip at whois.arin.net...
>
> that does not let me know the block of ips that the offender has been
> assigned since he may have a subset of the block that shows up in Arin,
> Apnic or RIPE
>
> for eg, take my own ip address. it is 203.199.107.56. When u do a lookup on
> this ip in APNIC you get -
>
> inetnum              203.199.0.0 - 203.199.255.255
> netname              VSNL-IN
> descr                Videsh Sanchar Nigam Ltd - India.
> descr                Videsh Sanchar Bhawan, M.G. Road
> descr                Fort, Bombay 400001
>
> Suppose that I am slamming yopur whois using this ip =- you do a lookup and
> get the above results. the above is a CLASS B assigned to my ISP. There is
> no way you can find out which ip addresses have been assigned to me. My
> provider can assign me a /24, /20 or /27 or anything he wishes ..... from
> his chunk
>
> So even with a lookup on APNIC/Arin/RIPE it is impossible to dind out the
> exact subnet that theoffender has been given, except where the offender is
> directly buying ip addresses from APNIC, ARIN etc ...... which is not the
> case mostof the times
>
> bhavin
>
>
> Best Regards
> Bhavin Turakhia
> CEO
> Directi
> ----------------------------
> Tel: 91-22-6370256 (4 lines)
> Fax: 91-22-6370255
> http://www.directi.com
> ----------------------------
>
>

Follow-Ups:
- RE: [registrars] RE: WHOIS BLUES
  - From: "Bhavin Turakhia" <bhavin.t@directi.com>

References:
- RE: [registrars] RE: WHOIS BLUES
  - From: "Bhavin Turakhia" <bhavin.t@directi.com>

<<< Chronological Index >>> <<< Thread Index >>>