1800vitamins.org has a web site at 12.180.219.234 which looks like
they would sell me vitamins should I or my dog need any.
Routeviews tells me that IP is in AS19111, routed via AS7018. AS7018
is AT&T which isn't surprising for a 12/8 address, but ARIN says
AS19111 doesn't exist. Huh?
Signed,
Confused
I do get some results from an online whois or two - https://ipinfo.io/AS19111
nbty.com is registered with Markmonitor so presumably they’re legit enough and large enough to afford brand protection. “Natures Bounty Inc” sounds like a reasonable name for a vendor of vitamins.
ASNumber: 19111
ASName: NBTY19111
ASHandle: AS19111
RegDate: 2016-02-01
Updated: 2016-02-01
Ref: https://whois.arin.net/rest/asn/AS19111
OrgName: NBTY, Inc.
OrgId: NATURE-24
Address: 60 Orville Drive
City: Bohemia
StateProv: NY
PostalCode: 11716
Country: US
RegDate: 2000-11-20
Updated: 2016-01-20
Ref: https://whois.arin.net/rest/org/NATURE-24
OrgAbuseHandle: MRO234-ARIN
OrgAbuseName: Roberts, Marlon
OrgAbusePhone: +1-631-200-5305
OrgAbuseEmail: mroberts@nbty.com
OrgAbuseRef: https://whois.arin.net/rest/poc/MRO234-ARIN
OrgTechHandle: MRO234-ARIN
OrgTechName: Roberts, Marlon
OrgTechPhone: +1-631-200-5305
OrgTechEmail: mroberts@nbty.com
OrgTechRef: https://whois.arin.net/rest/poc/MRO234-ARIN
OrgNOCHandle: MRO234-ARIN
OrgNOCName: Roberts, Marlon
OrgNOCPhone: +1-631-200-5305
OrgNOCEmail: mroberts@nbty.com
OrgNOCRef: https://whois.arin.net/rest/poc/MRO234-ARIN
I do get some results from an online whois or two - https://ipinfo.io/AS19111
nbty.com is registered with Markmonitor so presumably they’re legit enough and large enough to afford brand protection. “Natures Bounty Inc” sounds like a reasonable name for a vendor of vitamins.
ASNumber: 19111
ASName: NBTY19111
ASHandle: AS19111
RegDate: 2016-02-01
Updated: 2016-02-01
Ref: https://whois.arin.net/rest/asn/AS19111
OrgName: NBTY, Inc.
OrgId: NATURE-24
Address: 60 Orville Drive
City: Bohemia
StateProv: NY
PostalCode: 11716
Country: US
RegDate: 2000-11-20
Updated: 2016-01-20
Ref: https://whois.arin.net/rest/org/NATURE-24
OrgAbuseHandle: MRO234-ARIN
Note: ARIN has attempted to validate the data for this POC, but has received no response from the POC since 2017-01-19
At a guess… someone got ‘uncontctable’ and arin (after 2 yrs) pulled the resources.
In article <SG2PR03MB40538264B8C2976CF33B5161F51D0@SG2PR03MB4053.apcprd03.prod.outlook.com> you write:
-=-=-=-=-=-
I do get some results from an online whois or two - AS19111 The Nature's Bounty Co. details - IPinfo.io
I believe you, but isn't ARIN's list of North American ASNs supposed to be authoritiative?
Other than the funky ASN there doesn't seem anything particularly naughty about the site.
If POCs are unresponsive, and the bill goes unpaid, does ARIN note this in whois or just delete data from the db?
Does the answer to that change if the ASN was under an RSA, but allocated pre-ARIN?
In message <20200206013024.4B0B213C261D@ary.qy>,
1800vitamins.org has a web site at 12.180.219.234 which looks like
they would sell me vitamins should I or my dog need any.Routeviews tells me that IP is in AS19111, routed via AS7018. AS7018
is AT&T which isn't surprising for a 12/8 address, but ARIN says
AS19111 doesn't exist. Huh?
John you have no idea how many folks are using how many bogon ASNs
as we speak. Nobody does. Even the guy who is doing weekly routing
table reports isn't listing them all, I think, even after I talked
to him and convinced him to list more things as bogon announcements
than he formerly was listing. (I think his bogin lists are still not
nearly complete, e.g. if one takes into account bogon ASN announcments.)
Go to bgp.he.net and type in any number from 65000 upwards and look at
all of the effing route announcements! These are all invalid/reserved
AS numbers which *nobody* should be announcing routes for, at least not
into the global routing table. And yet the Internet is absolutely awash
in this garbage.
Try to think of a word that is the absolute antonym of "hygiene" and
that's the global routing table.
This stuff would be funny if only it wasn't so sick and pathetic.
Even if we forget about all of the morons who are -using- these invalid
ASNs for actually routing bits to their IPs, you have to ask yourself:
Who are all of the morons who are -peering- with these invalid ASNs?
Regards,
rfg
P.S. Remember, out of all of the networking engineers in the entire world,
by definition, half of them are of below average intelligence.
P.S. Remember, out of all of the networking engineers in the entire world,
by definition, half of them are of below average intelligence.
Unfortunately there is no basis for that claim as networking engineers are
not uniformly randomly selected from the population as a whole.
Well, aside from the fact that I don't like such statements (they just
don't feel warm and fuzzy to me), his meaning was pretty clear. So to
be pedantic, just tack "WRT other engineers" on the end of that and
the statement holds.
-Wayne
For all of the people who have elected to pick on me for my less
that diplomatic assertion(s), I can only suggest that your time and
effort would be more well spent by looking at the hard data that
I suggested that everyone look at, and then looking to see if any of
the bogus ASNs being used, day in and day out, are being peered
with by your own upstreams, and if so, composing an appropriately
diplomatic email to said upstreams, asking them why they are peering
with bogon ASN(s).
I do not feel that it is a stretch to say that all of this use of
bogon ASNs is arguably even more shameful than the widespread lack
of adherence to BCP 38, owing to the ease with which it may be seen
and documented. It represents yet another, and equally or perhaps
even more egregious violation of Internet norms which endangers us
all, and all of our customers, every bit as much as the widespread
and inexcusable failures to conform to BCP 38.
The Internet needs to grow up. This isn't a little government funded
science experiment anymore. We have a whole planet's full of end users
watching now, and history will not be kind to those who continue to
shirk their responsibilities to the common man in the interests of
lining their own pockets in the short term.
Regards,
rfg
Try to think of a word that is the absolute antonym of "hygiene" and
> that's the global routing table.
> This stuff would be funny if only it wasn't so sick and pathetic.
> Even if we forget about all of the morons who are -using- these invalid
> ASNs for actually routing bits to their IPs, you have to ask yourself:
> Who are all of the morons who are -peering- with these invalid ASNs?
> Regards,
> rfg
> P.S. Remember, out of all of the networking engineers in the entire world,
> by definition, half of them are of below average intelligence.
You would sound much more credible if you'd step down the high horse and
stop insulting the very same people you're supposed to work with.
plonk
It’s not clear to me that HE having reserved AS numbers in THEIR routing table is actually a problem. These AS numbers are actually reserved for private use. Perhaps they have a customer who wants to do BGP but doesn’t want to register their own AS number and is single-homed to HE. In this case, HE can assign them a reserved AS number to use for the session and as long as HE strips that AS number when it leaves THEIR network, things are working as intended.
In message <CAJ_LqoEjvu3F02aNVrtsXStJumjiwK4UtX4v4n0RNf-rEmCjog@mail.gmail.com>,
It's not clear to me that HE having reserved AS numbers in THEIR routing
table is actually a problem. These AS numbers are actually reserved for
private use. Perhaps they have a customer who wants to do BGP but doesn't
want to register their own AS number and is single-homed to HE. In this
case, HE can assign them a reserved AS number to use for the session and as
long as HE strips that AS number when it leaves THEIR network, things are
working as intended.
It is not in the least bit clear that such stripping is in fact occuring,
and if anything the available evidence seems to suggest that it may not be.
The key point is accountability. In the case of bogon ASNs, no one is
responsible, and an aggreived or offended party cannot easily find out
even who to discuss the matter with if they are being hacked, attacked,
or spammed from a range of IPs being routed by a bogon ASN.
Regards,
rfg
P.S. It does not seem to be the case that only HE internal sensors
are the only ones seeing some of these routes. Here is what RIPEstat
is telling me right now about routes being announced by AS65000, just
to name one bogon ASN out of many:
46.102.148.0/22
212.93.181.0/24
168.205.156.0/24
93.118.40.0/22
2806:288:800::/40
190.15.126.0/23
197.6.0.0/16
31.207.16.0/20
188.240.32.0/22
89.36.232.0/22
89.42.48.0/23
89.40.108.0/23
188.210.94.0/23
197.5.0.0/18
31.207.8.0/21
82.97.196.0/23
84.247.32.0/22
82.97.192.0/23
213.150.187.0/24
193.124.240.0/22
89.35.164.0/22
197.9.0.0/16
197.4.0.0/16
194.58.24.0/22
93.115.102.0/23
212.93.182.0/24
185.125.64.0/22
81.91.16.0/21
197.7.0.0/16
89.38.106.0/23
186.32.9.0/24
109.232.251.0/24
93.115.48.0/22
31.219.177.0/24
194.135.48.0/22
86.105.160.0/22
89.46.132.0/22
195.122.244.0/24
89.43.68.0/23
2803:ea80::/36
80.240.108.0/23
197.8.0.0/16
188.214.40.0/21
194.58.216.0/22
213.150.185.0/24
You're concerned with policing his tone instead of dealing with the
massive security failure -- on the part of *many* of us -- that this
represents?
If I have something horrible going on with a service/server/network/etc.
that I'm responsible for and I don't catch it, then I'm grateful to
anyone who reports it -- because they've caught my mistake, which is
helpful to me and to everyone impacted by it. I'll worry about my
bruised ego later, it won't be the first time. Or the last.
---rsk
According to ARIN Who-Was they’ve had this ASN assigned and removed multiple times.
Created 11-20-2000 19111 NATURES-BOUN AS19111 NATURE-24
Registration Removed 12-12-2006
Created 01-04-2007 19111 NATURES-BOUN AS19111 NATURE-24
Registration Removed 07-14-2009
Created 07-22-2009 19111 NATURES-BOUN AS19111 NATURE-24
Modified 01-09-2012 19111 NATURES-BOUN AS19111 NATURE-24
Registration Removed 04-07-2015
Created 02-01-2016 19111 NBTY19111 AS19111 NATURE-24
Registration Removed 04-11-2017
I’m assuming this is due to non-payment each time.
Given events including the IPv4 runout etc perhaps it's long overdue
that the RIRs should hire a professional big-name (we used to call
them Big 5) accounting firm to audit or at least review IP address,
ASN, etc. allocation.
I am not talking about money, I am talking about resource allocation.
That would be a step towards accountability.
It would likely be a lot better than "someone on NANOG noticed a
discrepancy let's shout at each other about it for a few days."
The "rules" really aren't that difficult even if the details of
technical management can be.
A modern accounting firm could find the talent to grasp how it all
should work and review how it has worked and is working.
I've worked with accountants, they know things like what we'd call in
a phrase "game theory" (you cut, I choose, etc) regarding resource
allocation, memorialization (is the record-keeping broken?), "forcing"
organizations to fix outright bugs in rules and record-keeping,
internal accountability (e.g., who has access to critical records?
what's the process when an error or fraud occurs?), proper reporting,
etc.
It wouldn't be cheap.
But as an easy suggestion I'd recommend that ISOC help with the
funding for such a project. There could be other sources.
Or possibly, I haven't a clue how the numbers might work, a $10 or $20
new annual resource allocation surcharge to underwrite such auditing.
It would be a new and potentially valuable service so, within reason,
justified.
Did I miss something? I thought the discrepancy being pointed out was that resources that were not currently allocated/assigned were still being actively used and actively accepted by people who should have rejected them. Private address space and private ASNs are one case, resources that have not yet been allocated or were once allocated and have been reclaimed are another.
An accounting audit of ARIN resource management process is not going to help the fact that people are accepting routes they should not be accepting.
I suspect I did miss something.
—Sandy
It could measure the extent of the problem and would be within what I
suggested.
For example if there were only one AS being abused that would make it
a different priority than 1,000 or 10,000 (some seem to be implying a
number like that) being abused.
Do we have that number?
And tracking the trend.
+1
I fully agree, not to mention, but probably a bit more tricky to manage, so many resources holder, eg universities or similar, using just a /24 out of a /16, legacy of course !
Funny enough bumped last week into a computing uni that was in the above exemple...and no IPv6... grrr
I am replying to the original post as I am only answering John's question below.
I believe you, but isn’t ARIN’s list of North American ASNs supposed to be authoritiative?
Other than the funky ASN there doesn’t seem anything particularly naughty about the site.
If POCs are unresponsive, and the bill goes unpaid, does ARIN note this in whois or just delete data from the db?
If POCs are unresponsive, the lack of response is noted in Whois per NRPM 3.6 <https://www.arin.net/participate/policy/nrpm/#3-6-annual-validation-of-arin-s-public-whois-point-of-contact-data>
If the bill goes unpaid, then the resources will eventually be subject to being revoked per the RSA - https://www.arin.net/resources/fees/returns/
Does the answer to that change if the ASN was under an RSA, but allocated pre-ARIN?
Makes no difference whatsoever.
FYI,
/John
John Curran
President and CEO
American Registry for Internet Numbers