This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Finding previous user of IP addresses
- Previous message (by thread): [ncc-services-wg] Finding previous user of IP addresses
- Next message (by thread): [ncc-services-wg] Finding previous user of IP addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roland Perry
roland at internetpolicyagency.com
Tue Dec 10 16:58:41 CET 2019
In message <6C247001-B2CB-4CFD-818B-E31EC48D9134 at ripe.net>, at 16:01:41 on Tue, 10 Dec 2019, Daniel Karrenberg <dfk at ripe.net> writes > >On 10 Dec 2019, at 13:15, Roland Perry wrote: > >> … How do I as (nowadays anyway, an outsider) access such historic >>snapshots of the IP address range, before today's ISP acquired them. >> >> Is this a 'service' that RIPE NCC offers (and hence my question in >>this forum). … > >https://stat.ripe.net/ > >Type in the prefix concerned. Thanks, Daniel. As ever you are a star! >The ‘Anti-abuse’ tab lists some well known blacklists, also >historically. But shows nothing. (Nor had my earlier searches elsewhere) The block that a friend encountered yesterday, and made me decide to look into this further, was from Hootsuite, which is a social media management platform. Ones that had been previously mentioned by other users include Adobe, PayPal and Eventbrite. >The ‘ Database’ tab has registration and allocation history. Which suggests an allocation to the ISP in July 2015... >The ‘Routing’ tab has routing history. ...and to customers in 11th March 2019. Which together *doesn't* match a theory of either recent acquisition, nor a hangover from dirty usage. >In my experience all this goes a long way to get a good picture of the >address space concerned. > >It would be helpful if you told the list whether this would have warned >this particular end-user had they or their consultants looked at it. Nothing leaps out at me. Which leaves the question of where the data being acted on by the undoubtedly active block lists originated. But could explain why it's apparently difficult to expunge, if it's of unknown source. The name 'Globalprotect' was also mentioned. My next theory is that it's not a poorly sanitised transfer of IP addresses, but some glitch in the blacklisting process. -- Roland Perry
- Previous message (by thread): [ncc-services-wg] Finding previous user of IP addresses
- Next message (by thread): [ncc-services-wg] Finding previous user of IP addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]