-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's *very* hard to do it with an automated system, as such automated
look-ups are against the Terms of Service for every single RIR out there.
Exactly why is this hard to do?
I would think that it's actually very easy to do when
sub-allocations are SWIP'ed.
- - ferg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would think that it's actually very easy to do when
sub-allocations are SWIP'ed.
Not that I'm really defending this policy, but sub-allocations are very often not SWIPed. I'd say 75% or more of the time I'm looking a problem IP address it is part of a /19 or larger block with no sub-allocation.
For example, I know for a fact that 70.167.38.132 is part of a netblock assigned to a business (I believe it is a /28 or /27). It is routed to them over a DS1 or similar cable equivalent. They run a handful of servers behind including public hosting a half dozen corporate web sites and a mail server. Clearly these addresses have been assigned to this business.
Yet:
owenc@corp:~$ whois 70.167.38.132Cox Communications Inc. NETBLK-COX-ATLANTA-10 (NET-70-160-0-0-1)
70.160.0.0 - 70.191.255.255
Cox Communications Inc. NETBLK-WI-OHFC-70-167-32-0 (NET-70-167-32-0-1)
70.167.32.0 - 70.167.63.255
No rwhois server available.
And Cox is actually better than some. That's only a /19. I've seen much larger blocks than this. Somehow I doubt if we pulled that with our /20 I doubt we'd have a /19 now.
Chris