Re: IP ranges used in North America, Hawaii, and Alaska?

On Fri, 20 Jan 2006, in the Usenet newsgroup comp.os.linux.security, in article
<7FcAf.11397$Dh.4345@dukeread04>, spm wrote:

>Moe Trin said:
>
> fugue - (fyoog) n. A polyphonic musical form in which a theme stated
> sequentially and in imitation is developed in contrapuntal form.
>
>Sorry ... colloquial use ... around here it means 'brainfog' ... I didn't
>realize this usage was not widely known ... must have been a local area
>thing ... (g)

colloquial use in Usenet is a problem, because you are writing for
people who may not even have this language as primary or even secondary
use. "Technical English" is bad enough before you start bringing in
terms like "the computer is wedged".... huh? ;-)

>Moe Trin said: Did you try a 'whois' query of the addresses?
>
>Yes. IANA Reserved. That was why I asked if these are always bogus if you
>see an IP that is supposedly reserved making a connection.

What was the address? If an authoritative whois server (for IP addresses,
that would be the ones from AFRINIC, APNIC, ARIN, LACNIS and RIPE) says
the address is reserved, you shouldn't be seeing it. On the other hand,
there are a number of whois services (geektools.com and samspade.org being
but two) who may be providing answers from their cache/records/what-ever,
and those must be taken with some caution. Also, you need to watch the
wording used - RFC3330 lists a number of "Special-Use IPv4 Addresses"
such as 10.0.0.0/8, which some might call "reserved for private use",
although that isn't the official terminology.

While whois servers should not make mistakes about reserved address space,
it's not unheard of for typos to occur. When AFRINIC started last year,
for two weeks the zone files (but not a whois query response) was
announcing a 10.0.1.1xx address range as being assigned to Uganda. In
similar fashion, RIPE was reporting a host address, rather than an entire
network because they fumble-fingered the network mask value on a database
entry used by the whois server (but this was not wrong in the zone file).
That was also corrected relatively quickly.

It's not impossible for something fishy to be happening. Whois data is
after all, just registration information. There have on several occasions
been cases of IP hijacking, where some system starts sending out incorrect
routing information to the Internet at large. This is usually detected
and corrective action taken in a relatively short period, but it's
certainly not unknown.

Old guy
.

Relevant Pages

  • /etc/whois.conf being ignored
    ... I'm running whois version 4.6.9 by Marco d'Itri on SuSE 9.1 pro. ... interpret each line as a regex followed by a whois server name. ... If the regex matches the query it will use the given whois server. ... different top level domain registries without me having to know ...
    (alt.os.linux.suse)
  • Re: WHOIS 1.6 updated
    ... Or check the ICANN copy of the root zone file ... you seem to think that the WHOIS provided with TCPIP Services is far ... Whois Server Version 1.3 ... I have about 170 TLDs covered with my software, ...
    (comp.os.vms)
  • Re: WHOIS 1.6 updated
    ... You FUD hp trying to promote your whois then when caught refuse to stop ... With TCPIP services whois putting in the whois server. ... NODE03> whois -h name.space.xs2.net my.space ...
    (comp.os.vms)
  • Re: [FUD4] Warp City gone?!
    ... > Whois Server Version 1.3 ... > with many different competing registrars. ... Whois on NetSol does throw up the ... ther observations about the WarpCity site). ...
    (comp.os.os2.advocacy)