Re: Big List of network owners?
On Thu, Oct 28, 2004 at 10:30:43AM -0700, Randy Bush wrote: I have been looking around, but haven't found it yet.. Is there a text list of who owns what netblock worldwide? ISP/Location/Contact. I am not looking for anything searchable, but rather, a large, up to date list that I can import to a database.. in general, we try not to make life that easy for spammers and scammers Too late. Much, much too late. The spammers/scammers have long since gotten their hands on all of it. Whether because it was overtly sold to them, or covertly sold under-the-table by employees looking to pick up extra cash, or acquired via other means, they have it. Moreover, they're managing to get their hands on changes to it (as incidental experiments with recently-modified data indicate). Here's one example: $299 gets you a pocketful of CDROMs stuffed with data: http://www.promotionsite.net/ There are many more of these, of course, offering various compilations of data at various prices and in various formats. At this point, no purpose is served by maintaining the pretense that this data is private, in any sense. It would be better for everyone to simply publish it in a simple format (e.g. one static web page per doamin or network) so that everyone is on a level playing field. (As to the comment about registrars locking up more and more data: evidence is growing that at least a couple of registrars ARE the spammers they're registering domains for. Makes sense: if you're going to burn through thousands of domains, you might as well sell them to yourself cheaply.) ---Rsk
Re: Big List of network owners?
Randy Bush wrote: i wish i could remember which beatles' (i think it was) song had the refrain we have all been here before. randy CSNY, Deja Vu -- Scott V. Blomquist,A-SA-CN-NRKTINLC(tm) #2598 ITI/BearCoRochester, VT 802-767-3174(v) 802-767-3726(f) Any technology sufficiently advanced is indistinguishable from Magic. A. C. Clarke
Big List of network owners?
I have been looking around, but haven't found it yet.. Is there a text list of who owns what netblock worldwide? ISP/Location/Contact. I am not looking for anything searchable, but rather, a large, up to date list that I can import to a database.. Thanks John
Re: Big List of network owners?
On 28 Oct 2004, at 13:00, John Underhill wrote: I have been looking around, but haven't found it yet.. Is there a text list of who owns what netblock worldwide? ISP/Location/Contact. I am not looking for anything searchable, but rather, a large, up to date list that I can import to a database.. Poke around the ftp sites of the four RIRs until you find address registration data. Don't expect to see a single dump format across RIRs. Joe
Re: Big List of network owners?
On Thu, 28 Oct 2004 13:12:39 EDT, Joe Abley said: Poke around the ftp sites of the four RIRs until you find address registration data. Don't expect to see a single dump format across RIRs. For bonus points, does anybody have a good estimate of what percentage of the registration data doesn't match reality, due to missing SWIPs and the infamous allocated to a reseller who allocated to a re-re-seller who... issues? (Not talking actively hijacked, just all the forgot to file the paperwork allocations...) pgpJPSbrz8Q3L.pgp Description: PGP signature
Re: Big List of network owners?
I have been looking around, but haven't found it yet.. Is there a text list of who owns what netblock worldwide? ISP/Location/Contact. I am not looking for anything searchable, but rather, a large, up to date list that I can import to a database.. in general, we try not to make life that easy for spammers and scammers randy
Re: Big List of network owners?
On Oct 28, 2004, at 1:25 PM, [EMAIL PROTECTED] wrote: On Thu, 28 Oct 2004 13:12:39 EDT, Joe Abley said: Poke around the ftp sites of the four RIRs until you find address registration data. Don't expect to see a single dump format across RIRs. For bonus points, does anybody have a good estimate of what percentage of the registration data doesn't match reality, due to missing SWIPs and the infamous allocated to a reseller who allocated to a re-re-seller who... issues? (Not talking actively hijacked, just all the forgot to file the paperwork allocations...) We're working on this question at the operator (ASN) level for a couple of projects. I can't produce a list immediately, but there seem to be at least 600-700 ASNs that were consistently routed between Oct 01 and Oct 03 that have no easily matchable whois data in any registry. Probably the best you can come up with the the converse; the percentage of operators who take the (varied kinds of) trouble to identify themselves broadly to the community, thereby making themselves at least implicitly available for large-scale event management, etc. I think if you sum up the unique users of various extra-whois tools (nsp-sec, INOC-DBA, Jared's NOC list, etc.), you come up something like 3-4k operators. For those 3000+/- you can be reasonably confident that their whois data is correct; the other 15.5k actively routed ASNs (much less the routed netblocks, and less still the idled ASNs and netblocks) are anyone's guess... Tom
Re: Big List of network owners?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Randy! On Thu, 28 Oct 2004, Randy Bush wrote: in general, we try not to make life that easy for spammers and scammers Too late. That horse ran out the barn when Verisgn sold their whois data. At this point keeping the data hard to get just makes it harder on abuse admins. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgTuA8KZibdeR3qURAmPcAJkBi4c4szOnNXrh0GJJdpvrhf+mrwCdFtoQ ED7OtcZFcxoVkSuUhnsFOOI= =EMDd -END PGP SIGNATURE-
Re: Big List of network owners?
On Thu, 28 Oct 2004 14:17:14 EDT, Tom Vest said: operators. For those 3000+/- you can be reasonably confident that their whois data is correct; the other 15.5k actively routed ASNs (much less the routed netblocks, and less still the idled ASNs and netblocks) are anyone's guess... Certainly matches up with what my gut feeling was telling me And of course, the irony is that those 3K ASNs will probably exchange billions of packets with us on total autopilot, and I'll almost never need to find the owner, but the fact that I'm unable to identify who's *really* responsible for a given specific /24 makes an address in that /24 all the more desirable to the sort of people who will end up making me look for the /24's owner, when I'd much rather never have had any conscious knowledge of that particular /24 being routable at all... pgp6zaN1fPVYh.pgp Description: PGP signature
Re: Big List of network owners?
--On 28 October 2004 11:33 -0700 Gary E. Miller [EMAIL PROTECTED] wrote: in general, we try not to make life that easy for spammers and scammers Too late. That horse ran out the barn when Verisgn sold their whois data. At this point keeping the data hard to get just makes it harder on abuse admins. Last time I looked, VRSN did not have whois data on netblock owners. Alex
Re: Big List of network owners?
Perhaps I should have made my inquiry/intentions a little more specific. Just in the thinking out loud stage here, but.. I would like to put an interactive help system together. One where, the user would have the option to forward some types of complaints directly to the hosting provider/ISP through a web portal. Form data would be collected, trends analyzed, if a particular address space is consistently behaving irresponsibly, it would be forwarded to an agent for further investigation. At which point, depending on the type of, and number of problems, further steps could be taken to correct the problem, ex administrative contact, resolving a hijack site to a warning page, or worst case: filtering that network entirely. We already do this to some degree, but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. John - Original Message - From: Gary E. Miller [EMAIL PROTECTED] To: Randy Bush [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 2:33 PM Subject: Re: Big List of network owners? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Randy! On Thu, 28 Oct 2004, Randy Bush wrote: in general, we try not to make life that easy for spammers and scammers Too late. That horse ran out the barn when Verisgn sold their whois data. At this point keeping the data hard to get just makes it harder on abuse admins. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgTuA8KZibdeR3qURAmPcAJkBi4c4szOnNXrh0GJJdpvrhf+mrwCdFtoQ ED7OtcZFcxoVkSuUhnsFOOI= =EMDd -END PGP SIGNATURE-
Re: Big List of network owners?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo John! On Thu, 28 Oct 2004, John Underhill wrote: ... but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. And that is exactly why it will not happen. A lot of the registrars have gone over to the other side. Ever try to get any domain contact info out of nameking? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgWGE8KZibdeR3qURAhOxAJ95psP3g0yjv1Wr6vz5yPQPuCaE4gCdEP/e erE90DWlIxpcUFLljcMW98k= =dvcd -END PGP SIGNATURE-
Re: Big List of network owners?
I realize that there may be no way to contact many of these people, but, it is a step towards identifying problem networks. If badhosting.com is responsible for a given percentage of the garbage that comes through our pipes, and I can leverage user input to identify this, then I can use this to create more responsive filtering policies.. - Original Message - From: Gary E. Miller [EMAIL PROTECTED] To: John Underhill [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 5:15 PM Subject: Re: Big List of network owners? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo John! On Thu, 28 Oct 2004, John Underhill wrote: ... but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. And that is exactly why it will not happen. A lot of the registrars have gone over to the other side. Ever try to get any domain contact info out of nameking? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgWGE8KZibdeR3qURAhOxAJ95psP3g0yjv1Wr6vz5yPQPuCaE4gCdEP/e erE90DWlIxpcUFLljcMW98k= =dvcd -END PGP SIGNATURE-
Re: Big List of network owners?
On Oct 28, 2004, at 2:56 PM, [EMAIL PROTECTED] wrote: On Thu, 28 Oct 2004 14:17:14 EDT, Tom Vest said: operators. For those 3000+/- you can be reasonably confident that their whois data is correct; the other 15.5k actively routed ASNs (much less the routed netblocks, and less still the idled ASNs and netblocks) are anyone's guess... Certainly matches up with what my gut feeling was telling me And of course, the irony is that those 3K ASNs will probably exchange billions of packets with us on total autopilot, and I'll almost never need to find the owner, but the fact that I'm unable to identify who's *really* responsible for a given specific /24 makes an address in that /24 all the more desirable to the sort of people who will end up making me look for the /24's owner, when I'd much rather never have had any conscious knowledge of that particular /24 being routable at all... That irony may disappear soon, but perhaps not in a good way. Observing the general policy trend across the registries, it seems that all are moving toward a system where publicly available contact information for any/all assigned numbers is optimized for resource management, while preserving maximum flexibility for anonymous operation. That is to say, operators may eventually provide visible whois entries that include only a workable email address (e.g., [EMAIL PROTECTED]) and a cell phone number. So long as these contacts are sufficient to request/remit annual registry renewal fees, the whois requirement will be satisfied. Opinions vary as to whether this is a good thing or a bad thing. Some advocates suggest that anonymity will help mitigate some security issues, although it seems to me a little incongruous that security through obscurity is advocated in this sphere at the same time that it is ridiculed in other contexts. Anyway, during the ARIN public forum last week there were repeated suggestions that the scope and purpose of whois database be clarified once and for all, at least at the institutional (ARIN) level. I for one would hate to see operator identity (i.e., as you say who's *really* responsible for a given number) disappear from that that scope and purpose, especially without considering that change and all of its implications very very carefully. Tom
Re: Big List of network owners?
Please describe exactly what you want to do with the data. If its specific action based on some network name or per their ASN, I can probably deliver it (assuming this function has community value for more then just your needs). But providing entire list - is too open for abuse and also may violate RIR policies for not redistributing bulk whois data in bulk form. If you want to do it yourself - feel free to contact every RIR (its only 4 of them) and sign for bulk whois agreements (and RIPE and APNIC already provide their whois database free actually if you look around) and write scripts and program to put it all in the database format that you want. On Thu, 28 Oct 2004, John Underhill wrote: I realize that there may be no way to contact many of these people, but, it is a step towards identifying problem networks. If badhosting.com is responsible for a given percentage of the garbage that comes through our pipes, and I can leverage user input to identify this, then I can use this to create more responsive filtering policies.. - Original Message - From: Gary E. Miller [EMAIL PROTECTED] To: John Underhill [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 5:15 PM Subject: Re: Big List of network owners? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo John! On Thu, 28 Oct 2004, John Underhill wrote: ... but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. And that is exactly why it will not happen. A lot of the registrars have gone over to the other side. Ever try to get any domain contact info out of nameking? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgWGE8KZibdeR3qURAhOxAJ95psP3g0yjv1Wr6vz5yPQPuCaE4gCdEP/e erE90DWlIxpcUFLljcMW98k= =dvcd -END PGP SIGNATURE-
Re: Big List of network owners?
Again guys.. just in the thinking out loud stage.. But it does surprise me that this information is not freely available, and accessible to all without hindrance, registration or obligations of any kind. There is the argument that this information could be used by the wrong people to do the wrong thing, but I am guessing many of those people already have this data. Arguably, the people most likely to be causing problems, are the very ones who seek anonymity through a process that is apparently not as defined and regulated as it needs to be in order to assure proper identification and subsequent accountability. It is all about that accountability, action and response. If badhosting.com insists on harboring CWS, spam engines, and the like, wouldn't it be better if everyone knew, down to the last host, every address they own? If this information were freely available, posted in plain view, script friendly, and a dynamic resource, I suspect a lot of problems could, (at least in part), be made to disappear, or at the very least, automated tracking systems, and abuse reports could be made to be more reliable. Every enterprise is absolutely dependent on its financial viability, if the owner of badhosting.com woke up on Monday morning to find half of north america was no longer visible to his clients, he would either a) grow a conscience, or, b) go out of business - either one would be just fine with me. John - Original Message - From: william(at)elan.net [EMAIL PROTECTED] To: John Underhill [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 6:02 PM Subject: Re: Big List of network owners? Please describe exactly what you want to do with the data. If its specific action based on some network name or per their ASN, I can probably deliver it (assuming this function has community value for more then just your needs). But providing entire list - is too open for abuse and also may violate RIR policies for not redistributing bulk whois data in bulk form. If you want to do it yourself - feel free to contact every RIR (its only 4 of them) and sign for bulk whois agreements (and RIPE and APNIC already provide their whois database free actually if you look around) and write scripts and program to put it all in the database format that you want. On Thu, 28 Oct 2004, John Underhill wrote: I realize that there may be no way to contact many of these people, but, it is a step towards identifying problem networks. If badhosting.com is responsible for a given percentage of the garbage that comes through our pipes, and I can leverage user input to identify this, then I can use this to create more responsive filtering policies.. - Original Message - From: Gary E. Miller [EMAIL PROTECTED] To: John Underhill [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 5:15 PM Subject: Re: Big List of network owners? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo John! On Thu, 28 Oct 2004, John Underhill wrote: ... but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. And that is exactly why it will not happen. A lot of the registrars have gone over to the other side. Ever try to get any domain contact info out of nameking? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgWGE8KZibdeR3qURAhOxAJ95psP3g0yjv1Wr6vz5yPQPuCaE4gCdEP/e erE90DWlIxpcUFLljcMW98k= =dvcd -END PGP SIGNATURE-
Re: Big List of network owners?
Again so what is it you'are asking: 1. Function to list ip blocks for the same organization that often causes abuse reports for your customers? - see spews and spamhaus lists, for biggest abusers they do pretty good job of tracking any ip blocks assigned to them 2. Function to list ip blocks announced by the same organization per ASN? - you can already do it yourself - sh ip bgp regexp _asn_) And yes if somebody wants to abuse public database, they'll find a way to get the data they want - but at least on the surface it should not be easy. So even if one bad guy already has this data, I'm not interested in making it easy for another bad guy to get it. On Thu, 28 Oct 2004, John Underhill wrote: Again guys.. just in the thinking out loud stage.. But it does surprise me that this information is not freely available, and accessible to all without hindrance, registration or obligations of any kind. There is the argument that this information could be used by the wrong people to do the wrong thing, but I am guessing many of those people already have this data. Arguably, the people most likely to be causing problems, are the very ones who seek anonymity through a process that is apparently not as defined and regulated as it needs to be in order to assure proper identification and subsequent accountability. It is all about that accountability, action and response. If badhosting.com insists on harboring CWS, spam engines, and the like, wouldn't it be better if everyone knew, down to the last host, every address they own? If this information were freely available, posted in plain view, script friendly, and a dynamic resource, I suspect a lot of problems could, (at least in part), be made to disappear, or at the very least, automated tracking systems, and abuse reports could be made to be more reliable. Every enterprise is absolutely dependent on its financial viability, if the owner of badhosting.com woke up on Monday morning to find half of north america was no longer visible to his clients, he would either a) grow a conscience, or, b) go out of business - either one would be just fine with me. John - Original Message - From: william(at)elan.net [EMAIL PROTECTED] To: John Underhill [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 6:02 PM Subject: Re: Big List of network owners? Please describe exactly what you want to do with the data. If its specific action based on some network name or per their ASN, I can probably deliver it (assuming this function has community value for more then just your needs). But providing entire list - is too open for abuse and also may violate RIR policies for not redistributing bulk whois data in bulk form. If you want to do it yourself - feel free to contact every RIR (its only 4 of them) and sign for bulk whois agreements (and RIPE and APNIC already provide their whois database free actually if you look around) and write scripts and program to put it all in the database format that you want. On Thu, 28 Oct 2004, John Underhill wrote: I realize that there may be no way to contact many of these people, but, it is a step towards identifying problem networks. If badhosting.com is responsible for a given percentage of the garbage that comes through our pipes, and I can leverage user input to identify this, then I can use this to create more responsive filtering policies.. - Original Message - From: Gary E. Miller [EMAIL PROTECTED] To: John Underhill [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 5:15 PM Subject: Re: Big List of network owners? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo John! On Thu, 28 Oct 2004, John Underhill wrote: ... but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. And that is exactly why it will not happen. A lot of the registrars have gone over to the other side. Ever try to get any domain contact info out of nameking? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgWGE8KZibdeR3qURAhOxAJ95psP3g0yjv1Wr6vz5yPQPuCaE4gCdEP/e erE90DWlIxpcUFLljcMW98k= =dvcd -END PGP SIGNATURE-
Re: Big List of network owners?
tom, i happen to have kept the internet manager's phonebook, the August 1990 bbn/nnsc publication of the whois data. you're welcome to ocr it and see how many of the contact data are still valid. on a spot check: for my own entry only the email address still is still correct, sob's phone and email are as current (but i am not sure about snail), ohta-san's data are different, john schnizlein sure has moved, and only jis's email is the same. the introduction, among other things, says Many of the network administrators listed in this book expressed concern about receiving additional solicitations, advertisements, and junk fax as a result of being listed. We are asking companies to respect the administrators' wishes, and not use this book for marketing purposes. Thank you! so such abuses of the whois data were of concern then. note the word additional. sigh my rotting memory says i was receiving uce when i was using an arpanet addresses, uucp !path, and a fidonet node number. i don't think i got uce on telenet's telemail service, but now you're back to the '70s. and attempts at automation of problem reporting have a similarly long history. their accuracy has not improved significantly, and the number of garbage emails i get from them is about the same as the direct spam. the best thing about them is that they are easier to procmail. i wish i could remember which beatles' (i think it was) song had the refrain we have all been here before. randy
Re: Big List of network owners?
On Thu, 28 Oct 2004, Randy Bush wrote: i wish i could remember which beatles' (i think it was) song had the refrain we have all been here before. close, but California, harmony Deja Vu (David Crosby) If I had ever been here before I would probably know just what to do Don't you? If I had ever been here before On another time around the wheel I would probably know just how to deal With all of you And I feel like I've been here before Feel like I've been here before And you know it makes me wonder What's going on under the ground - mmh Do you know? Don't you wonder? What's going on down under you Na na na na na We have all been here before We have all been here before We have all been here before We have all been here before We have all been here before We have all been here before from DeJaVu (1970)
Re: Big List of network owners?
i wish i could remember which beatles' (i think it was) song had the refrain we have all been here before. close, but California, harmony well, at least we learn who has a better memory than i :-) the winners are, in order of appearance in my mailbox, Joe Abley, Charles Cala, and, of course, Queen Lucy. and yes, it was csny. and i even have the cd. i think i'll unearth it for the drive to town to get some missing ingredients for a chile verde which i have a major hankering to make for dinner. randy
