North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What is up with 170.36.0.0/16

  • From: Josh Richards
  • Date: Thu Jun 14 12:02:03 2001

* Erik Antelman <[email protected]> [20010614 07:47]:
> 
> Is someone renumbering around this area?
> My motivation is to understand the mechanisms and techniques \
> by which a non-privelaged user (ie someone without login access to a BGP fed
> router) would diagnose (characterize, locate, identify, etc..) failure to 
> reach a large corporations mail servers (1/2 of the MX servers for 
> fleet.com)

Here's some of that stuff I'd do:

Grab a list of their MX servers and use the standard tools to check them out:
  * Public looking glasses (which will allow even someone without access
    to their own BGP router to check out a reasonable sample of global 
    routing tables).  If you're lucky you may even may able to find a 
    looking glass in the immediate upstream AS from the site you are 
    having trouble reaching.
  * whois (I highly recommend installing/using the GeekTools proxy to make
    querying the various whois servers that may be relevant to your query). 
  * traceroute/ping (network connectivity)
  * nslookup/dig (find out all of the MX servers involved)
  * log files on relay hosts you control or otherwise have access to 

> RADB has nothing on this, a New York QWEST looking glass says:
> Query: bgp
> IP address: 170.36.73.11
> Location: New York
> Timeout: 20 seconds
> 
> % Network not in table
> 
> What's up?

Just what it says.  They don't appear to be announcing their block. :-)  
(same results here from several boxes I checked, BTW)

Note though that only two of their MX boxes are in that block:

fleet.com       preference = 30, mail exchanger = bkb-bh.bkb.com
fleet.com       preference = 40, mail exchanger = testmail.fleet.com
fleet.com       preference = 10, mail exchanger = sweeper.bkb.com
fleet.com       preference = 20, mail exchanger = walmail.bkb.com
fleet.com       preference = 10, mail exchanger = mail2.fleet.com
fleet.com       preference = 20, mail exchanger = bosmail.bkb.com
fleet.com       preference = 20, mail exchanger = fleet-cp.fleet.com
fleet.com       nameserver = dnsauth3.sys.gtei.net
fleet.com       nameserver = dnsauth1.sys.gtei.net
fleet.com       nameserver = dnsauth2.sys.gtei.net
bkb-bh.bkb.com  internet address = 204.167.53.66
testmail.fleet.com      internet address = 170.36.73.48
sweeper.bkb.com internet address = 155.182.19.38
walmail.bkb.com internet address = 32.97.32.201
mail2.fleet.com internet address = 170.36.73.11
bosmail.bkb.com internet address = 204.167.53.91
fleet-cp.fleet.com      internet address = 199.95.175.66
dnsauth3.sys.gtei.net   internet address = 4.2.49.4
dnsauth1.sys.gtei.net   internet address = 4.2.49.2
dnsauth2.sys.gtei.net   internet address = 4.2.49.3

Have you tried contacting the technical contact listed in the WHOIS record?
Or perhaps GTEI (Genuity) who appears to be their service provider? 

-jr

----
Josh Richards <[email protected]{ geekresearch.com, cubicle.net }> [JTR38/JR539-ARIN]
Geek Research, LLC - San Luis Obispo, CA - <URL:http://www.geekresearch.com/>
KG6CYK - IP/Unix/telecom/knowledge/coffee/security/crypto/business/geek