common checks performed when passing on an IPv4 PA allocation from one end-customer to another
Hi, when one end-customer has been using for example /24 IPv4 allocation for a while and returns this(for example changes an ISP) to LIR, then are there some good practices before handing out this same /24 to a new customer? I guess LIR should: 1) remove all the DNS PTR records, classless of classful delegations 2) check if some of the IP addresses are in DNSBL(maybe the previous customer was a spammer). Example with 93.184.216.0/24: $ for ip in {0..255}.216.184.93;\
do for addr in \ cbl.abuseat.org \ dnsbl.inps.de \ no-more-funn.moensted.dk \ dnsbl.sorbs.net \ bl.spamcannibal.org \ bl.spamcop.net \ psbl.surriel.com \ dnsrbl.swinog.ch; \ do dig @8.8.8.8 "$ip"."$addr" +short | grep -q "^127.0.0." && \ echo "DNSBL-Alarm: $ip is listed on $addr"; done; done $
Anything else? regards, Martin
Hi, as far as I know, some large US Internet companies like Google, Facebook or Amazon restrict access to some services for certain regions like Crimea or countries like Iran or North Korea. Do they rely on services like MaxMind? Or do they use some other method to check the geographical location of IP address? If yes, then is there an API to check if an address is allowed to use Google, Facebook, etc services or not? thanks, Martin On 9/17/13, Martin T <m4rtntns@gmail.com> wrote:
Hi,
when one end-customer has been using for example /24 IPv4 allocation for a while and returns this(for example changes an ISP) to LIR, then are there some good practices before handing out this same /24 to a new customer? I guess LIR should:
1) remove all the DNS PTR records, classless of classful delegations 2) check if some of the IP addresses are in DNSBL(maybe the previous customer was a spammer). Example with 93.184.216.0/24:
$ for ip in {0..255}.216.184.93;\
do for addr in \ cbl.abuseat.org \ dnsbl.inps.de \ no-more-funn.moensted.dk \ dnsbl.sorbs.net \ bl.spamcannibal.org \ bl.spamcop.net \ psbl.surriel.com \ dnsrbl.swinog.ch; \ do dig @8.8.8.8 "$ip"."$addr" +short | grep -q "^127.0.0." && \ echo "DNSBL-Alarm: $ip is listed on $addr"; done; done $
Anything else?
regards, Martin
On 28 Apr 2015, at 10:32, Martin T <m4rtntns@gmail.com> wrote:
Hi,
as far as I know, some large US Internet companies like Google, Facebook or Amazon restrict access to some services for certain regions like Crimea or countries like Iran or North Korea. Do they rely on services like MaxMind? Or do they use some other method to check the geographical location of IP address? If yes, then is there an API to check if an address is allowed to use Google, Facebook, etc services or not?
you could use ripe atlas selecting nodes in countries you require and destination facbook/google/amazon servers and check results Colin
Colin, this is a good idea, but in this case the network I am interested in does not have a RIPE Atlas probe. regards, Martin On 4/28/15, Colin Johnston <colinj@gt86car.org.uk> wrote:
On 28 Apr 2015, at 10:32, Martin T <m4rtntns@gmail.com> wrote:
Hi,
as far as I know, some large US Internet companies like Google, Facebook or Amazon restrict access to some services for certain regions like Crimea or countries like Iran or North Korea. Do they rely on services like MaxMind? Or do they use some other method to check the geographical location of IP address? If yes, then is there an API to check if an address is allowed to use Google, Facebook, etc services or not?
you could use ripe atlas selecting nodes in countries you require and destination facbook/google/amazon servers and check results
Colin
In general, are there any other similar databases to DNSBL(used for fighting against spam) system? For example lets say that some institution holds a public database of IP addresses of web-servers which (regularly) serve malware and anyone can check if their IP addresses are listed there. Or for example public database of IP addresses of botnet members. The reason I ask is the same- I would like to be 100% sure that when I hand out a range of IPv4 addresses, which were previously used by some other customer, then those addresses were not abused in any way and new customer will not have any trouble with those addresses. thanks, Martin On Tue, Apr 28, 2015 at 4:23 PM, Martin T <m4rtntns@gmail.com> wrote:
Colin,
this is a good idea, but in this case the network I am interested in does not have a RIPE Atlas probe.
regards, Martin
On 4/28/15, Colin Johnston <colinj@gt86car.org.uk> wrote:
On 28 Apr 2015, at 10:32, Martin T <m4rtntns@gmail.com> wrote:
Hi,
as far as I know, some large US Internet companies like Google, Facebook or Amazon restrict access to some services for certain regions like Crimea or countries like Iran or North Korea. Do they rely on services like MaxMind? Or do they use some other method to check the geographical location of IP address? If yes, then is there an API to check if an address is allowed to use Google, Facebook, etc services or not?
you could use ripe atlas selecting nodes in countries you require and destination facbook/google/amazon servers and check results
Colin
participants (2)
-
Colin Johnston
-
Martin T