On Tue, Apr 16, 2019 at 5:19 PM Nimrod Levy <nimrod@nimrod.is-a-geek.net> wrote:
On Tue, Apr 16, 2019, 16:52 Ross Tajvar <ross@tajvar.io> wrote:
I think it's clear that the IPs belong to Telia, but I understood James's point to be that the router using the IP in question may belong to China Unicom. (I agree with that, I was not thinking clearly this morning.) As this is an interconnect link, one side must belong to Telia and the other to China Unicom. The question, then, is which side are we looking at? Well, first I want to know how big the subnet is. I assume either /30 or /31. So, I do a reverse DNS lookup on all the IPs in the surrounding /30 block: 62.115.170.56 - sjo-b21-link.telia.net 62.115.170.57 - chinaunicom-ic-341501-sjo-b21.c.telia.net 62.115.170.58 - las-b24-link.telia.net 62.115.170.59 - chinaunicom-ic-341499-las-b24.c.telia.net That looks like two /31s. Only one IP in each has the name of China Unicom in it, so that one is probably in use by China Unicom, and the other is probably in use by Telia.
that was my point yes.
I think we're making a lot of assumptions about how well PTR records are maintained. All of this could be totally accurate. Or...not...
this is totally true :) but... if the next hop after chinaunicom-ic-341501-sjo-b21.c.telia.net is a CU ip... it's better than average chance that the chinaunicom-ic-341501-sjo-b21.c.telia.net address is a telia /30 (or /31) on the ptp link between CU/Telia. That Telia owns the ip space and that PROBABLY the customer identification is correct. (cu) -chris