[RFCI-Discuss] whois records with single ip address (CIDR aaa.bbb.ccc.ddd/32)

egor duda rfci-discuss@lists.megacity.org
Wed, 9 Oct 2002 21:47:54 +0400 

Hi!

Wednesday, 09 October, 2002 you wrote:

>> RJ> At 14:53 +0400 on 2002-10-09, egor duda wrote:
>> >> The problem, however, is the following. The CIDR of this whois record
>> >> is aaa.bbb.ccc.ddd/32. Other addresses (taken in random) in
>> >> 218.234.58.O/24 network have the same contact information, so spam

BC> The KRNIC database entries are not describing a /32.  It would seem that
BC> anything in 218.234.58.128/25 has not been assigned by HANANET further
BC> down, or that HANANET has not contacted KRNIC to have the KRNIC database
BC> updated.  The information remaining in the KRNIC output is the Org info
BC> for 218.234/15 and 218.236/14 .

BC> Unfortunately, the KRNIC database doesn't mention that its the Org details
BC> for the parent range (and what that range is), and you need to go to the
BC> RIR database (whois.apnic.net) to find out.

BC> Compare the KRNIC output of 218.234.58.125 with 218.234.58.129:
[...]
BC> Note that the IP range is, unfortunately, unspecified.  This does not
BC> entail that it is a /32 .

BC> So you've got two problems, being:

BC>         a) HANANET haven't updated the KRNIC database (if you're receiving
BC>            crap from 218.234.58.128/25
BC>         b) The KRNIC database doesn't supply parent IP ranges (odd, I'd
BC>            swear that they used to).

The latter depends on IP address. For some, they (KRNIC) return parent
range, for some, they don't. That's what made me think that those
records are /32.

Of course, they may be stored internally, at KRNIC, as /25 or
something, but from my (client's) point of view, when i don't see the
range, i can only assume that given contact information is valid for
this address only, i.e. from my point of view it's essentially /32.

BC> Neither of which, on its own, warrants an ipwhois listing.

Of course not. I didn't mean that this alone allows whole network to
be listed in RBL. The question is: Is there any alternative way to
retrieve information about parent range so that _this_ range can be
listed in ipwhois.

Formally speaking, a list of 128 results of whois queries to KRNIC for
addresses in /25 network, all of them containing security@hanaro.com,
and a single bounce from this address is, i suppose, valid evidence.
Yet it's clearly not practical, neither for reporter, nor (more
important) for RBL maintainer.

Egor.                                           mailto:deo@logos-m.ru