This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ncc-services-wg] Finding previous user of IP addresses
- Previous message (by thread): [ncc-services-wg] Finding previous user of IP addresses
- Next message (by thread): [ncc-services-wg] Finding previous user of IP addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Karrenberg
dfk at ripe.net
Wed Dec 11 14:41:37 CET 2019
On 10 Dec 2019, at 16:58, Roland Perry wrote: > In message <6C247001-B2CB-4CFD-818B-E31EC48D9134 at ripe.net>, at > 16:01:41 on Tue, 10 Dec 2019, Daniel Karrenberg <dfk at ripe.net> writes >> >> On 10 Dec 2019, at 13:15, Roland Perry wrote: >> >>> … How do I as (nowadays anyway, an outsider) access such historic >>> snapshots of the IP address range, before today's ISP acquired them. >>> >>> Is this a 'service' that RIPE NCC offers (and hence my question in >>> this forum). … >> >> https://stat.ripe.net/ >> >> Type in the prefix concerned. > > Thanks, Daniel. As ever you are a star! The stars are the engineers who make RIPEstat work. I was just the initial instigator to set this up. >> The ‘Anti-abuse’ tab lists some well known blacklists, also >> historically. > > But shows nothing. (Nor had my earlier searches elsewhere) We cannot possibly cover all blacklists. It is just an indication. We may add more public blacklists on suggestion. > The block that a friend encountered yesterday, and made me decide to > look into this further, was from Hootsuite, which is a social media > management platform. > > Ones that had been previously mentioned by other users include Adobe, > PayPal and Eventbrite. Those usually do not publish their prejudices …. :-( >> The ‘ Database’ tab has registration and allocation history. > > Which suggests an allocation to the ISP in July 2015... That’s what I read into that. So I guess the customer should complain to the ISP. >> The ‘Routing’ tab has routing history. > > ...and to customers in 11th March 2019. Which together *doesn't* match > a theory of either recent acquisition, nor a hangover from dirty > usage. I read the same. >> In my experience all this goes a long way to get a good picture of >> the address space concerned. >> >> It would be helpful if you told the list whether this would have >> warned this particular end-user had they or their consultants looked >> at it. > > Nothing leaps out at me. Not really in this case. > Which leaves the question of where the data being acted on by the > undoubtedly active block lists originated. But could explain why it's > apparently difficult to expunge, if it's of unknown source. > > The name 'Globalprotect' was also mentioned. > > My next theory is that it's not a poorly sanitised transfer of IP > addresses, but some glitch in the blacklisting process. That’s what I would go with. I have heard similar stories. If you are inclined towards conspiracies it may also be deliberate poisoning. I have seen evidence of this in the past. Also some of this may be based on goofy geolocation. My family server for instance suddenly seems to be regarded by some as somewhere in Russia even though it has not moved from Germany in years. This way I can practise my hardly existent Russian by trying to decipher the google ads. ;-) Daniel
- Previous message (by thread): [ncc-services-wg] Finding previous user of IP addresses
- Next message (by thread): [ncc-services-wg] Finding previous user of IP addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]