|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re[2]: The in-your-face hijacking example, was: Re: Who is announcingbogons?
I would not be so sure that LANET-1 ASN has anything to do with LANET-1 Network or with LANET organization id. When ARIN was setting up names for organizations, networks, etc, it was doing it out of first two letters of company name, plus net plus a number. This would not be the first time that different companies got same name for asn and netblock, nor would such be considered an error in their database, though if any of these organizations report such to arin and request different network name, they will do it to remove the confusion. A quick check shows that State of Louisiana has a number ip blocks with names lanet* and they are all linked to ASN2048: [whois.arin.net] OrgName: State of Louisiana OrgID: STATEO-4 Address: Department of Health and Hospitals Address: Information Services Address: PO Box 3013 City: Baton Rouge StateProv: LA PostalCode: 70821 Country: US Comment: RegDate: 1992-08-24 Updated: 1994-04-25 Resources Used By Organization: State of Louisiana (AS2048) LANET-1 2048 State of Louisiana LADOA (NET-192-206-109-0-1) 192.206.109.0 - 192.206.109.255 State of Louisiana LANET8 (NET-192-239-252-0-1) 192.239.252.0 - 192.239.252.255 State of Louisiana LANET9 (NET-192-239-253-0-1) 192.239.253.0 - 192.239.253.255 State of Louisiana LANET10 (NET-192-239-254-0-1) 192.239.254.0 - 192.239.254.255 State of Louisiana LANET3 (NET-198-51-207-0-1) 198.51.207.0 - 198.51.207.255 State of Louisiana DHHLA (NET-198-203-166-0-1) 198.203.166.0 - 198.203.166.255 Given the above I would suspect that if state of louisiana indeed had 170.208.0.0, it would be linked to their main organization id (given that all blocks that were obtained earlier were) and it is not. This does not necessarily means this was not their block, it just the same that we do not know it for certain and have no good evidence either way. "LA" is also often used to represent names for organizations with names beginning with "Los Angeles" (and organization "Los Angeles Network ..." would get first priority on LANET name). In particular here is what I find in ARIN database as well: [whois.arin.net] OrgName: County of Los Angeles OrgID: CLA-6 Address: Internal Services Department Address: 9150 E. Imperial Hwy City: A Downey StateProv: CA PostalCode: 90242 Country: US NetRange: 159.83.0.0 - 159.83.255.255 CIDR: 159.83.0.0/16 NetName: LANET NetHandle: NET-159-83-0-0-1 Parent: NET-159-0-0-0-0 NetType: Direct Assignment NameServer: DNS1.CO.LA.CA.US NameServer: PHOENIX.CO.LA.CA.US Comment: RegDate: 1992-03-20 Updated: 1998-02-18 Now the block in question (170.208.0.0/16) is listed for "ISD", unfortunetly ARIN creates names the first letters of first 3 words in organization names are used for acronym, so there are lots of names beginning with ISD in their database (like "Intelligent Systems Designs", "Interlake School Division", "Information Services Department", etc). Its more interesting to look at networks that are assigned to organizations that have name "ISD": [whois.arin.net] Innovative Systems Design ISD (NET-204-107-85-0-1) 204.107.85.0 - 204.107.85.255 ISD LANET-1 (NET-170-208-0-0-1) 170.208.0.0 - 170.208.255.255 isd UU-65-212-131-192-D3 (NET-65-212-131-192-1) 65.212.131.192 - 65.212.131.199 ISD 625 - ST PAUL PUBLIC SCHOOL Q0904-205-215-222-0 (NET-205-215-222-0-1) 205.215.222.0 - 205.215.222.255 ISD Corporation PBI-CUSTNET-3996 (NET-216-100-252-0-1) 216.100.252.0 - 216.100.252.255 ISD CORPORATION QWEST-65-115-100-0 (NET-65-115-100-0-1) 65.115.100.0 - 65.115.100.127 ISD CORPORATION Q1209-63-149-253-0 (NET-63-149-253-0-1) 63.149.253.0 - 63.149.25R.127 ISD NORTH DAKOTA FON-106830092861637 (NET-63-172-250-128-1) 63.172.250.128 - 63.172.250.255 ISD DSLNET-20001206-00128 (NET-64-205-53-128-1) 64.205.53.128 - 64.205.53.159 ISD 709 CPINTERNET-21 (NET-209-240-238-16-1) 209.240.238.16 - 209.240.238.31 ISD Inc SBCIS-101912-131748 (NET-66-73-231-96-1) 66.73.231.96 - 66.73.231.103 ISD Inc SBC068078085176030328 (NET-68-78-85-176-1) 68.78.85.176 - 68.78.85.183 ISD Infotech pvt Ltd. STPH16 (NET-196-12-47-0-1) 196.12.47.0 - 196.12.47.255 Looking into various addresses I find that "ISD Corporation" has locations in Riverside (CA), Corona (CA) and San Jose (CA). Two of these addresses are in LA area, so they would be my first choice what ISD stands for for that block, but it does look like ISD Corporation has not been in involved in internet until recently, but maybe there was some very old history there now forgotten. In any case I would more likely suspect that LA in that block stands for Los Angeles then for Louisiana. But overall in ARIN records I can not find any conclusive answer what company this block was originally used at. On Wed, 30 Apr 2003, Richard Cox wrote: > > On Wed, 30 Apr 2003 16:46 (UT), Scott Granados <[email protected]> wrote: > > | Clearly someone or something at Arin has given authority to this block > | to be used and that authorized figure has requested service from us. > > I wouldn't say it was at all clear that "someone or something" at ARIN > has given any authority for anything. Some - indeed several - records > at ARIN have clearly been changed - fairly recently (the handle ISC1 on > 2003-03-05, and the Netblock 170.208.0.0/16 on 2003-03-04, AS 27595 on > 2003-04-07 - but netblock 170.208.0.0/20 was created before any of that, > on 2003-01-23, and has AFAICT not changed since then. > > Previously ISD-1 showed: > > OrgName: ISD > OrgID: ISD-1 > Address: 1324 South Ridge Parkway (Mapquest confirms no such address) > City: Beverly Hills > StateProv: CA > PostalCode: 90210 > Updated: 2003-01-23 > TechHandle: DS127-ARIN > TechName: Shelley, Dennis > TechPhone: +1-213-246-6565 (mobile range, number not in service) > TechEmail: dshelley58#netscape.net > > So there was a change to ISD1 on the same day that 170.208.0.0/20 was > created, where the address/phone number were a total fiction and the > email address was at a free email service and probably untraceable? > > ARIN shows that block as being LANET-1; LANET-1 is listed by ARIN as: > > OrgName: State of Louisiana > OrgID: STATEO-4 > Address: Department of Health and Hospitals > Address: Information Services > Address: PO Box 3013 > City: Baton Rouge > StateProv: LA > PostalCode: 70821 > Country: US > > ASNumber: 2048 > ASName: LANET-1 > ASHandle: AS2048 > RegDate: 1992-12-07 > Updated: 1995-05-22 > > TechHandle: JL141-ARIN > TechName: Joseph Lanier > TechPhone: +1-504-342-7701 > TechEmail: blanier#doa.state.la.us > > (Of course, the postholders have changed and there's been an > area code split since 1992 ... this is an ANCIENT /16 block!) > > | Unless I'm missing something obvious <which is possible> > > Well, Kai summarised it rather well when he asked: > > > How many owners of a /16 do you know that use an MBE/UPS > > Store address as their primary place of business? > > More to the point, do you not do credit checks as part of your > "Due Diligence" these days? What credit check would pass when > the primary address is at an MBE/UPS Store? > > I'm happy to give full credit to the Spamhaus Project, and ARIN, as > sources of some of the information I used during this investigation. > > Full details of Spamhaus records are at: http://snurl.com/19fq > > I've had to delay reporting this by about six hours as, out of > courtesy, I wanted to ensure that the appropriate people at Baton > Rouge were aware of the situation before anything was announced.
|