Slashdot Mirror

You know, I hate it when I'm wrong. But..... Through the Blackberry Diagnostic Report, voila, a public IP. I also have ICMP enabled (it's the 6th line of the report), but this IP isn't pingable either. So they give us a public IP, and then push our web browsing through a proxy? I wonder how many middle-managements a day it takes to come up with some of these ideas.

    [sarcasm]Anyways, they're only sitting on a /10. It's not a big waste of resources or anything. [/sarcasm]

$whois 184.211.xxx.xxx

# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=184.211.xxx.xxx?showDetails=true&showARIN=false
#

NetRange: 184.192.0.0 - 184.255.255.255
CIDR: 184.192.0.0/10
OriginAS:
NetName: SPRINT-WIRELESS
NetHandle: NET-184-192-0-0-1
Parent: NET-184-0-0-0-0
NetType: Direct Allocation

Ladies and Gentlemen, I give you IANASNOW.

I know you meant roughly "I am not a social networking [or] online world [user]", but it does make me wonder whether Mark Zuckerberg can snow IANA with enough money to give him his very own IP address system. I mean, given the whole Newark school thing and that Facebook has its own AS number...

8.1. Principles
Number resources are nontransferable and are not assignable to any other organization unless ARIN has expressly and in writing approved a request for transfer. ARIN is tasked with making prudent decisions on whether to approve the transfer of number resources
It should be understood that number resources are not 'sold' under ARIN administration. Rather, number resources are assigned to an organization for its exclusive use for the purpose stated in the request, provided the terms of the Registration Services Agreement continue to be met and the stated purpose for the number resources remains the same. Number resources are administered and assigned according to ARIN's published policies.
Number resources are issued, based on justified need, to organizations, not to individuals representing those organizations. Thus, if a company goes out of business, regardless of the reason, the point of contact (POC) listed for the number resource does not have the authority to sell, transfer, assign, or give the number resource to any other person or organization. The POC must notify ARIN if a business fails so the assigned number resources can be returned to the available pool of number resources if a transfer is not requested and justified.

That seems clear to me.

"There is also a Transfers to Specified Recipients Policy to allow entities to monetize transfers of extra address space to specified recipients who qualify for the space."

"Monitization" of transfers? Sounds like the sale of IPV4 addresses is okay, at least those administered by the ARIN.

"There is also a Transfers to Specified Recipients Policy to allow entities to monetize transfers of extra address space to specified recipients who qualify for the space."

"Monitization" of transfers? Sounds like the sale of IPV4 addresses is okay, at least those administered by the ARIN.

I guess by use of VPNs, as it works now (see http://btguard.com/, https://www.ipredator.se/ etc). So essentially it won't get sold, but rented (it might get rented for indefinite amount of time for fixed one-time price, though - depending on the bussiness model chosen). Of course, your latency will go up compared to normal IPv4, but hey...

Also, you CAN transfer an IP range, and not just give it up.
See for example https://www.arin.net/resources/request/transfers.html, but other RIRs have similar policies. You just agree with potential customer that you'll transfer part of your IPs to them after they make a payment to you. So while you're not technically selling them IPs, practically you are (you're transfering them your IPs only after they give you their money). But it would be more "gray" than "black" market...

You're right, my bad. I was thinking of something else. /48s were for site assignments from ARIN.

https://www.arin.net/resources/request/ipv6_initial_assign.html

Still a /64 seems absurdly large for one end user.

UBM just gave back the 45.0.0.0/8 block . It's not a small block and it's available, only 256 of these blocks exists and once you pull out the 0.0.0.0, 127.0.0.0/8, 255.255.255.255 and multi-cast blocks this return counts. What other blocks have been returned and aren't counted as free?

Edited: whois 45.0.0.1
NetRange: 45.0.0.0 - 45.1.255.255
CIDR: 45.0.0.0/15
NetName: SHOWNET
NetHandle: NET-45-0-0-0-1
NetType: Direct Assignment
NameServer: DNS.INTEROP.NET
RegDate: 1991-09-09
Ref: http://whois.arin.net/rest/net/NET-45-0-0-0-1
OrgName: Interop Show Network

The IPv6 address you give up does not exist. It is guaranteed that nobody can connect to your printer because it is on non-existence IPv6 address.

whois 2001:453:da65:1:94ab:7c00:8cba:beb5
#
# Query terms are ambiguous. The query is assumed to be:
# "n 2001:453:da65:1:94ab:7c00:8cba:beb5"
#
# Use "?" to get help.
#

No match found for 2001:453:da65:1:94ab:7c00:8cba:beb5.

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

It will, ARIN will start handing out /28's. You think routers are choking on routes now, just wait. Edge networks that are multihomed will be ok, you can drop large swaths of announcements and still get plenty of diversity; in the core however....gonna suck for them. Or not...we'll see how it goes. https://www.arin.net/policy/nrpm.html#four10

ImmixGroup seems to have "been awarded a contract with the U.S. Department of Homeland Security (DHS) Immigration and Customs Enforcement (ICE) Cyber Crimes Center (C3)" http://www.immixgroup.com/news/pr_display.cfm?ID=117 . That would make a hoax unlikely.

Only problem is that ImmixGroup is not the owner of the domain, "seizedservers.com". The registration just says that. Resolve that to an IP, it's 74.81.170.110 which is the same as all the rest of the seized domains. Look at the name servers listed in the registrar for "seizedservers.com", they also belong to CaroNet (CaroNet Managed Hosting, Inc.)
NS1.SEIZEDSERVERS.COM 74.81.170.109
NS2.SEIZEDSERVERS.COM 74.81.170.108

http://toolbar.netcraft.com/site_report?url=http://seizedservers.com
http://whois.arin.net/rest/net/NET-74-81-170-0-1

These are all of theirs http://whois.arin.net/rest/org/CIL-56/nets

ImmixGroup seems to have "been awarded a contract with the U.S. Department of Homeland Security (DHS) Immigration and Customs Enforcement (ICE) Cyber Crimes Center (C3)" http://www.immixgroup.com/news/pr_display.cfm?ID=117 . That would make a hoax unlikely.

Only problem is that ImmixGroup is not the owner of the domain, "seizedservers.com". The registration just says that. Resolve that to an IP, it's 74.81.170.110 which is the same as all the rest of the seized domains. Look at the name servers listed in the registrar for "seizedservers.com", they also belong to CaroNet (CaroNet Managed Hosting, Inc.)
NS1.SEIZEDSERVERS.COM 74.81.170.109
NS2.SEIZEDSERVERS.COM 74.81.170.108

http://toolbar.netcraft.com/site_report?url=http://seizedservers.com
http://whois.arin.net/rest/net/NET-74-81-170-0-1

These are all of theirs http://whois.arin.net/rest/org/CIL-56/nets

They own the allocation, not the IP addresses themselves. They can transfer the allocation to another party for money but they can not own the addresses themselves.

https://www.arin.net/policy/nrpm.html

Address space not to be considered property

It is contrary to the goals of this document and is not in the interests of the Internet community as a whole for address space to be considered freehold property.

The policies in this document are based upon the understanding that globally-unique IPv6 unicast address space is allocated/assigned for use rather than owned.

I don't think this is as easy as you think. Search for "Cablevision" and you're suddenly in a maze of twisty little /24s, all alike.

GM has addresses to spare... http://whois.arin.net/rest/org/GMC-20/nets

Maybe this explains it. HP has a 16 million addresses for themselves:

http://whois.arin.net/rest/net/NET-15-0-0-0-1

And if that wasn't enough, they also have:

http://whois.arin.net/rest/org/HP/nets

Maybe this explains it. HP has a 16 million addresses for themselves:

http://whois.arin.net/rest/net/NET-15-0-0-0-1

And if that wasn't enough, they also have:

http://whois.arin.net/rest/org/HP/nets

The IP address is 208.47.185.205, it is registered to Quest:

etRange 208.47.184.0 - 208.47.185.255
CIDR 208.47.184.0/23
Name Q0403-208-47-184-0
Handle NET-208-47-184-0-1
Parent QWEST-INET-3 (NET-208-44-0-0-1)
Net Type Reassigned
Origin AS AS209
Nameservers
Organization SYNACOR (SYNAC-2)
Registration Date 2009-04-03
Last Updated 2009-04-03
Comments
RESTful Link http://whois.arin.net/rest/net/NET-208-47-184-0-1

Should be easy enough to generate DMCA reports. Just connect to a couple dozen highly populated torrents, check for SuddenLink IP addresses and then email off some official looking DMCA notices.

Here's their netblock! Get to work!

http://whois.arin.net/rest/net/NET-208-180-0-0-1

NetRange 208.180.0.0 - 208.180.255.255
CIDR 208.180.0.0/16
Name SUDDE-NETBLK-208-180-0-0
Handle NET-208-180-0-0-1
Parent NET208 (NET-208-0-0-0-0)
Net Type Direct Allocation
Origin AS
Nameservers NS2.SUDDENLINK.NET
NS1.SUDDENLINK.NET
Organization Suddenlink Communications (SUDDE)
Registration Date 1999-05-07
Last Updated 2006-08-10
Comments ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RESTful Link http://whois.arin.net/rest/net/NET-208-180-0-0-1

Should be easy enough to generate DMCA reports. Just connect to a couple dozen highly populated torrents, check for SuddenLink IP addresses and then email off some official looking DMCA notices.

Here's their netblock! Get to work!

http://whois.arin.net/rest/net/NET-208-180-0-0-1

NetRange 208.180.0.0 - 208.180.255.255
CIDR 208.180.0.0/16
Name SUDDE-NETBLK-208-180-0-0
Handle NET-208-180-0-0-1
Parent NET208 (NET-208-0-0-0-0)
Net Type Direct Allocation
Origin AS
Nameservers NS2.SUDDENLINK.NET
NS1.SUDDENLINK.NET
Organization Suddenlink Communications (SUDDE)
Registration Date 1999-05-07
Last Updated 2006-08-10
Comments ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RESTful Link http://whois.arin.net/rest/net/NET-208-180-0-0-1

One of the first things I saw was this: http://whois.arin.net/rest/net/NET-69-172-200-0-1 Network NetRange 69.172.200.0 - 69.172.201.255 CIDR 69.172.200.0/23 Name PEER1-DOSARREST-01 Handle NET-69-172-200-0-1 Parent PEER1-BLK-14 (NET-69-172-192-0-1) Net Type Reassigned Origin AS AS13768 Nameservers Customer DosArrest (C02492651) Registration Date 2010-05-12 Last Updated 2010-05-12 Comments DDoS Protection services RESTful Link http://whois.arin.net/rest/net/NET-69-172-200-0-1 (I know, I'll lose the formatting - just go to the link, alright?)

One of the first things I saw was this: http://whois.arin.net/rest/net/NET-69-172-200-0-1 Network NetRange 69.172.200.0 - 69.172.201.255 CIDR 69.172.200.0/23 Name PEER1-DOSARREST-01 Handle NET-69-172-200-0-1 Parent PEER1-BLK-14 (NET-69-172-192-0-1) Net Type Reassigned Origin AS AS13768 Nameservers Customer DosArrest (C02492651) Registration Date 2010-05-12 Last Updated 2010-05-12 Comments DDoS Protection services RESTful Link http://whois.arin.net/rest/net/NET-69-172-200-0-1 (I know, I'll lose the formatting - just go to the link, alright?)

We first need to get BGP on board - only a small percentage of ASNs are announcing both ipv4 and ipv6 space. If i was supreme dictator of the internet I would tell ARIN that in 7 years, no multihomed ASN renewals would be accepted unless the ASN announces at least one prefix in IPv6. By doing this you would force the core network infrastructure to begin migrating and userland would eventually follow...

Steveb - No supreme dictator, but there is an ARIN policy process and *anyone* in the community can submit proposals... https://www.arin.net/policy/pdp.html

What does a nslookup have to do with anything ? Someone's been watching too many "Hacker" movies.

to find the ISP that the IP address is assigned to, you have to start with ARIN (assuming this guy is in the US). Go to ARIN's WHOIS query page at https://ws.arin.net/whois/ -- that'll get you started.

Then, find out of the IP address has been reassigned via the ISP. if the ISP reassigned them via SWIP, the ARIN WHOIS tool will show you the assignments, in order from top to bottom. If the ISP has reassigned the ip address via RWHOIS, then you need to query the ISP's RWHOIS server. The easiest way to do this is to find the RWHOIS server via ARIN's WHOIS tool, then go to http://projects.arin.net/rwhois/prwhois.html -- that's as close as you're going to get with public information.

Once you have the ISP (or the delegate), you have enough information to go to a prosecutor or a judge to get a warrant. A previous ISP I worked for was more than willing to provide this kind of user data but we required a warrant so that we knew we were doing no harm.

Just remember to keep the IP address logs AND time/date of login, in case he's got a dynamic ip address or hopping from starbucks-to-starbucks.

What does a nslookup have to do with anything ? Someone's been watching too many "Hacker" movies.

to find the ISP that the IP address is assigned to, you have to start with ARIN (assuming this guy is in the US). Go to ARIN's WHOIS query page at https://ws.arin.net/whois/ -- that'll get you started.

Then, find out of the IP address has been reassigned via the ISP. if the ISP reassigned them via SWIP, the ARIN WHOIS tool will show you the assignments, in order from top to bottom. If the ISP has reassigned the ip address via RWHOIS, then you need to query the ISP's RWHOIS server. The easiest way to do this is to find the RWHOIS server via ARIN's WHOIS tool, then go to http://projects.arin.net/rwhois/prwhois.html -- that's as close as you're going to get with public information.

Once you have the ISP (or the delegate), you have enough information to go to a prosecutor or a judge to get a warrant. A previous ISP I worked for was more than willing to provide this kind of user data but we required a warrant so that we knew we were doing no harm.

Just remember to keep the IP address logs AND time/date of login, in case he's got a dynamic ip address or hopping from starbucks-to-starbucks.

> They gave us a /29 saying that was the smallest they can do.
That's because that is the smallest block that ARIN permits you to report as reassigned
    [ https://www.arin.net/resources/request/reassignments.html ]

According to ARIN, AS666 is assigned to CSTA-CISCO-AS (US Army Combat Systems Test Activity). It doesn't appear to be in current use, but it wouldn't take long to activate it. Still, attaching its assignment directly to this bill would seem to indicate a high degree of precognition, since it was assigned just shy of 30 years ago.

I find it amusing that Cisco's name appears in the registration name as well. Seems fitting.

Transfers outside of the community adopted policies are fraud, report them here https://www.arin.net/resources/fraud/ and watch the resources be reclaimed. To the extent that you think the policy should/should not be changed, then get involved on the ARIN public policy process https://www.arin.net/participate/index.html. /John

Transfers outside of the community adopted policies are fraud, report them here https://www.arin.net/resources/fraud/ and watch the resources be reclaimed. To the extent that you think the policy should/should not be changed, then get involved on the ARIN public policy process https://www.arin.net/participate/index.html. /John

Nope.

Unless you are allocated a block of /29 worth or more IP addresses, documenting the re-assignment is not required.

Also, the rules are different for accounting for residential ISP customers.

Instead of counting hosts, the number of ports, number of dial-up clients per city, and lists of URLs for websites are counted.

An underlying assumption behind that process is dial-up users are each assigned 1 IP address.

So 'allowing 5 IPs' to a DSL/dial-up user is a bit unusual

That's already been thought of. As an ISP, you don't get to just make up whatever rules you want to determine how many IPs you can assign, beyond a certain point, you have to apply RFC 2050, per the name resource policies:

Because it is.

In actuality, need is defined as the minimum number of IP addresses that will be required within a certain period of time in the future, according to Network Engineering plans that get submitted to ISPs (LIRs and RIRs) in order to apply for IPs; efficient utilization means utilizing 80% of the IPs to address internet hosts. IPs that will be required in the near future are needed and part of the justification.

Currently 25% immediate utilization is required after 6 months, 50% required after 1 year.

All existing IP allocations must be 80% utilized.

ARIN NRPM, 4.2.3.1. Efficient utilization ISPs are required to apply a utilization efficiency criterion in providing address space to their customers.

ARIN NRPM, 4.2.3.6 Reassignment to multihomed downstream customers: Under normal circumstances an ISP is required to determine the prefix size of their reassignment to a downstream customer according to the guidelines set forth in RFC 2050.
Specifically, a downstream customer justifies their reassignment by demonstrating they have an immediate requirement for 25% of the IP addresses being assigned, and that they have a plan to utilize 50% of their assignment within one year of its receipt.

4.2.3.3. Contiguous blocks: if a customer moves to another service provider or otherwise terminates a contract with an ISP, it is recommended that the customer return the network addresses to the ISP and renumber into the new provider's address space. The original ISP should allow sufficient time for the renumbering process to be completed before requiring the address space to be returned.

RFC 2050.

If I were ARIN, I would start making v4 addresses and v6 addresses cheap.

To an ISP it is actually FREE to get IPv6 Addresses initially, ant then there is a wavier until 2012.

Fee Schedule

IPv6 Initial Allocation and IPv6 Assignment
ARIN charges a fee for the initial IPv6 allocation from ARIN to an ISP. This fee is currently waived for IPv4 subscribers. For organizations that aren't IPv4 subscribers, the fee is lowered by current fee waivers.

ARIN charges a fee for an IPv6 assignment (whether initial or additional) to an end-user. There are currently no fee waivers for IPv6 assignments.

If I were ARIN, I would start making v4 addresses and v6 addresses cheap.

To an ISP it is actually FREE to get IPv6 Addresses initially, ant then there is a wavier until 2012.

Fee Schedule

IPv6 Initial Allocation and IPv6 Assignment
ARIN charges a fee for the initial IPv6 allocation from ARIN to an ISP. This fee is currently waived for IPv4 subscribers. For organizations that aren't IPv4 subscribers, the fee is lowered by current fee waivers.

ARIN charges a fee for an IPv6 assignment (whether initial or additional) to an end-user. There are currently no fee waivers for IPv6 assignments.

There is a strong movement on the public internet registries such as ARIN, RIR, etc, supporting privacy of IP address allocation data. In the future, it is very likely that registry policy may shift in favor of these supporters of internet privacy.

The result will be you cannot do so much as a WHOIS lookup to find out who these spammers might be if the privacy advocates/spammer have their way, only with a court order...

Good luck getting that when the spammer lives in a different country, where spam isn't illegal.

No, because once every /24 in those f****ers block gets on enough blacklists, they get a few more hosts to justify a bigger block, fill out a form to RETURN the IP addresses they got. Their old IPs will be assigned to someone else, and after the exchange their old IPs for a fresh new block of IPs they have even more /24s than before, and none of them blocked.

Now only the new guy (that happens to be so unlucky as to get their old IPs) is blocked.

Of course the f'ers will pretend to be legitimate extremely well, and make it as hard as possible for people to see reason to ban their whole block.. (E.g. The "shell" ISP will create "fake" separation from spammers who "received space" from their block)

They may do all kinds of weird s**** to make it look like it's not just one spammer.

Alternatively, they just apply for more space, using more shell companies, lather, rinse, and repeat. Until IPv4 is exhausted, that is.

If they have no problem lying once... it's not the least bit difficult to create 30 more fake companies (or even, make them real companies -- if the spam effort is profitable enough).

This is all assuming they are getting the IPs from the RIRs in the first place, which I doubt is the most common.. that could be too easy to track, since these allocations generally get published very visibly.

LIR ips are just fine for them, and much easier to get.

Also, the RIRs are basically powerless to stop this. Contrary to the article, it's not necessarily about "LIRs being lax".

Once a block of IP addresses is assigned, it is not as if the LIR or RIR can revoke it and force its use to cease.

Revoking IP addresses doesn't magically make them unreachable on the internet -- once the spammer convinced their ISP to announce the address space, they don't need (any longer) to prove they got the IPs legitimately, until/unless they get more ISPs.

The article's terminology is wrong. An LIR is just another name for an ISP. Verizon is an LIR, Level3 is an LIR, Cogent is an LIR, AT&T, Sprint, etc, are all LIRs, any ISP that receives ISP allocations of addresses which are issued to them for the sole purpose of sub-delegating for use with their services, is called an LIR.

Maybe the article means the spammers are getting IP delegations from an ISP LIR, that would make sense. It is very easy to believe, they could do this en masse with very little effort, in fact.

If you buy internet services from an ISP like Verizon, and claim to have X hosts, they will have a very hard time rejecting a request from their customer for those IPs.

For a simple /24 or two, most won't ask for much documentation, as long as the price is right, it's not customer-friendly to try that.

The tough questions don't start getting asked, until a request for a larger number of IPs is made, which is sensible. Level of justification and documentation commensurate with the expected usage.

The LIR/ISP will SWIP the listing or list the claimed owner on their RWHOIS Servers, but it won't appear as public knowledge in the RSS feeds, that such and such /24 has been allocated.

ISP RWHOIS servers are commonly broken and poorly maintained -- the spammer's new subdelegation may not even become public knowledge.

What's so special about 139 and 445? What do they do normally, and why would blocking them help?

Here's a list of assigned port numbers: https://www.arin.net/knowledge/rfc/rfc1700.txt

You mean something like http://lists.arin.net/pipermail/arin-issued/?

Not digitally signed, but it's easy enough to validate the source from the source IP and headers anyway for this kind of thing. The main item of note would be the deletes, as they indicate a return of address space.

In North America, at least, an organization applying to receive IP addresses has to sign a contract with the registry (ARIN), before any IP addresses will be assigned. Some of the terms of this agreement are designed to prevent "selling" or "sublet'ing" ip space.

Also, guess what... if the registrant of record fails to pay the bill, ARIN permanently revokes the IP address resources after a certain period of time. This is like leasing a property for 99 years from someone who doesn't own the property.

Some of the provisions of the contract include:

9. NO PROPERTY RIGHTS
Applicant acknowledges and agrees that the number resources are not property (real, personal, or intellectual) and that Applicant does not acquire any property rights in or to any number resources by virtue of this Agreement or otherwise. Applicant further agrees that it will not attempt, directly or indirectly, to obtain or assert any trademark, service mark, copyright, or any other form of property rights in any number resources in the United States or any other country.

(i) Except as provided in 15(a)(ii), Applicant may not assign or delegate this Agreement or any of its rights or obligations under it, including without limitation the exclusive right to use the number resources allocated or assigned to it, without ARINâ(TM)s express written permission,

(ii) The event of any transaction (whether a merger, acquisition, or sale) in which Applicantâ(TM)s controlling managerial and/or voting interest changes during the term of this Agreement shall be considered an assignment, so long as the Applicant provides ARIN with written notification within thirty (30) days of such assignment.

(iii) Any attempt by Applicant to assign this Agreement or any rights or obligations under it, other than as provided in this Section 15(a), will be of no force or effect.

So the first question I'd want answered would be: which backbone provider do those blocks belong to?

A whole lot of different ones. They're ARIN's PI multihoming block.

I may be mistaken, but it's my understanding that IPv6 addresses, unlike IPv4 addresses, include information about the backbone provider, so you really can't get your own allocation from ARIN and expect an ISP to route it for you. It doesn't (or isn't supposed to) work like that, for good reason. So, if the missing blocks are people who aren't backbone providers but have some kind of back-door deal with Sprint and/or Hurricane Electric, Verizon may be in the right.

You wouldn't have been mistaken before 2006. ARIN does allow you to get your own IPv6:

https://www.arin.net/policy/proposals/2005_1.html

I believe RIPE is following suit next month.

Here ya go, mate...

http://ws.arin.net/whois/?queryinput=Microsoft

*Sigh* Shouldn't you be embarrassed to be so willfully ignorant of reality?

The whole "no, we're not really running out of IPv4" argument has been thoroughly debunked. The IANA free pool is down to 28 /8s. The IANA allocates, on average, 10 /8s per year. So in roughly three years, the IANA free pool will be depleted. The RIR pools will be depleted roughly 12-18 months after that.

The RIRs do replenish their pool by voluntarily returns of unused address blocks and by revoking address space (usually for failure of payment of membership fees by the address holder). According the ARIN, they have 1.08 /8s of voluntarily returned space, and 85 /16s of revoked space. See this presentation - https://www.arin.net/participate/meetings/reports/ARIN_XXIII/pdf/wednesday/rsd.pdf for more details.

In short, addresses are going out faster than they're coming back.

https://ws.arin.net/whois/?queryinput=!%20NET-69-253-0-0-1

CIDR: 69.253.0.0/16
NetType: Reassigned

Out of this larger block:

https://ws.arin.net/whois/?queryinput=!%20NET-69-240-0-0-1

I'm thinking it could be the smaller provider with that /16 that is proxying DNS instead of comcast itself, possibly a small company that is leasing this and using some filter software of their to keep employees from browsing NSFW sites.

https://ws.arin.net/whois/?queryinput=!%20NET-69-253-0-0-1

CIDR: 69.253.0.0/16
NetType: Reassigned

Out of this larger block:

https://ws.arin.net/whois/?queryinput=!%20NET-69-240-0-0-1

I'm thinking it could be the smaller provider with that /16 that is proxying DNS instead of comcast itself, possibly a small company that is leasing this and using some filter software of their to keep employees from browsing NSFW sites.

I just ran the ICSI test from a host on Comcast's network in the Metro DC area (inside the 69.255.0.0/16 space) and port 53 was not redirected according to the results.

Ports blocked were:
135 (RPC)
139 (NetBIOS)
445 (SMB)

No blocks to anything else, although I have periodically experienced blocks on the common SIP negotiation ports (5060, 5061, etc.) that stop my VoIP from working until I change the port in use. I'm not sure what that's all about, and whether it's malice or just some sort of incompetent rate-limiting thing on Comcast's part.

Oh, heavens no, I'm glad there's no such thing for us.

For an example, while you can't say UserA on 209.66.116.123 did something wrong, ARIN search shows 209.66.116.123 is part of MediaSentry's allotment ( http://ws.arin.net/whois/?queryinput=209.66.116.123 )

In very basic terms. I'm sure I'm omitting some technical and legal details.

Actually, IP address allocations are handled by ARIN (http://www.arin.net/) and other regional registries (like RIPE http://www.ripe.net/) and the NRO (http://www.nro.net/). If you consider them the Phone Company, then ICANN is simply the Yellow and White Pages.

Proper method is searching ARIN (like http://www.arin.net/whois/) to see who owns the IP.
Comcast would be like
Comcast Business Communications, Inc. CBC-CM-4 (NET-74-92-0-0-1)

(with the netblock based on which IP you're looking up..they own more than a few).

The easy way would be to just do a DNS lookup on them and see if the reverse dns ends in *.comcast.net or *.comcastbusiness.net

Since it took me only about 3 seconds to find this:
http://www.arin.net/registration/guidelines/ipv6_assignment.html

I can only assume you are trolling.

Where did you get your IPv4 netblock and AS number from? It's from them that you get your IPv6. If you deal directly with ARIN, then you are already an LIR.

Since you claim to be an end user, get yourself a PI block from your current LIR and start negotiating a BGP link to one of your upstreams that has v6 transit. At worst, tunnel your IPv6 BGP session to one of the tunnel providers until you can get native transit. Make sure your announcements show up in looking glasses before putting AAAA records externally on your sites.

# be an existing, known ISP in the ARIN region or have a plan for making at least 200 /48 assignments to other organizations within five years

You always answer yes to this, just about anyone should have expansion plans to have 200 new customers in 5 years. It's not like they are going to check on you in 5 years, allocations are only revoked for bankruptcies and occasionally for blocks that haven't been seen ever.

the AC

>>Are you not an ISP?
No, I am not an ISP. I have 3 Internet connections & utilize BGP with my IPv4 space.

If I'm going to setup IPv6, I'm setting it up with proper addressing. Meaning address space that I can use internally & when IPv6 becomes more viable on the Internet, I can continue to use the same addressing without NAT. Correct me if I am wrong, but it was my understanding that IPv6 was to allow me to use routable addresses on all my devices since there is soooo much space. That I did not use NAT or private space with IPv6. I don't need IPv6, but I could set it up & begin to get it going on my network - steps towards getting to IPv6 on my Internet side too.

Here is the document I've read;
http://www.arin.net/registration/guidelines/ipv6_initial_alloc.html

>>To qualify for an initial allocation of IPv6 address space, your organization must meet the following requirements:

# be an LIR / ISP;

I am not a LIR/ISP. I am an end user.

# plan to provide IPv6 connectivity to organizations to which it will assign IPv6 address space, by advertising that connectivity through its single aggregated address allocation;

nope

# be an existing, known ISP in the ARIN region or have a plan for making at least 200 /48 assignments to other organizations within five years

nope

So am I reading this document wrong? Is it superceded, and ARIN's just failed to mention that on the document? If I am wrong and I can get IPv6 space, then I welcome the information correcting me.

this author actually dug a bit deeper and found a trail that leads from the owners of most of these internet cables all the way back to some very, very large companies in the U.S. and in the U.K. Which companies you ask? Who is behind this?

Well, that's the topic for my next post. You'll have to subscribe to my RSS feed and stay tuned for my findings. Don't worry, the wait will be short.