search

SichangHe / internet_route_verification

RPSLyzer: Parse Routing Policy Specification Language from IRR and compare BGP routes against it
MIT License
1 stars 0 forks source link

Possible access to Nic.br & non-standard RPSL attribute #156

Open SichangHe opened 6 months ago

SichangHe commented 6 months ago 
$ whois -h whois.lacnic.net AS268199
% IP Client: 103.252.172.12

% Copyright (c) Nic.br
%  The use of the data below is only permitted as described in
%  full by the Use and Privacy Policy at https://registro.br/upp ,
%  being prohibited its distribution, commercialization or
%  reproduction, in particular, to use it for advertising or
%  any similar purpose.
%  2024-05-01T09:11:00-03:00 - IP: 103.252.172.12

aut-num:     AS268199
owner:       Rios Network
responsible: ALEF NATAN DE SOUZA RIOS
owner-c:     ANSRI69
routing-c:   ANSRI69
abuse-c:     ANSRI69
created:     20180426
changed:     20220804
inetnum:     45.235.196.0/22
inetnum:     2804:4d7c::/32
as-in:       from AS28186 100 accept ANY
as-in:       from AS262999 100 accept ANY
as-out:      to AS28186 announce AS-RIOSNETWORK
as-out:      to AS262999 announce AS-RIOSNETWORK

nic-hdl-br:  ANSRI69
person:      ALEF NATAN DE SOUZA RIOS
created:     20150515
changed:     20220805

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/ , respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), registrant (tax ID), ticket,
% provider, CIDR block, IP and ASN.

Notice that they do have a server (whois.registro.br) and they are using as-in instead of import:. What is going on here, @cunha?

SichangHe commented 6 months ago

I did doublecheck lacnic.db. No use of as-in: as-out: in there.

SichangHe commented 6 months ago

It seems that whois.lacnic.net queries other registry for answer. I tried whois -h whois.lacnic.net AS61519 and it took 11s for it to respond. (Or, maybe they are just inefficient.)

They also have generated aut-nums:

aut-num:        AS265553
descr:          LACNIC generated autnum for INSTITUTO FEDERAL DE TELECOMUNICACIONES
as-name:        AS265553
tech-c:         EGF10
remarks:        LACNIC generated autnum for MX-IFTE-LACNIC
mnt-by:         MNT-MX-IFTE-LACNIC
changed:        20201111
source:         LACNIC

Edit: I looked through lacnic.db and apparently all the later aut-nums are in this this format.