search

ixmaps / website2017

Website for the IXmaps project
https://www.ixmaps.ca
GNU Affero General Public License v3.0
4 stars 2 forks source link

Wrong carrier for ISP - Bell instead of Telus #101

Open Andrew-Clement opened 6 years ago

Andrew-Clement commented 6 years ago

See hop 3 in TR 126556 IPaddr: 75.154.217.108 appears as Bell (577). WHOIS and hostname clearly indicate Telus.

How can this be?

Standard: Traceroute details: ID 126556 created on 2015-12-18 20:41:11-05  

Origin: Submitted by FML from V7Y 1B3 Destination: montrealmetropolis.ca [207.115.103.136]

Hop IP Address   Min. Latency Carrier Geolocation Geoprecision Hostname Flag
1 207.34.160.0   1 Telus North Vancouver BC Maxmind network-0.lindal.com Flag This IP
2 206.108.220.193   5 Telus Kelowna BC Maxmind host193.220.108.206.in-addr.arpa Flag This IP
3 75.154.217.108   5 Bell Seattle WA city level STTLWAWBCI01.bb.telus.com Flag This IP
Technical Hop IP Address Round Trip Times AS# Latitude Longitude Hostname Flag
1 207.34.160.0 -1 -1 1 2 852 49.3167 -123.067 network-0.lindal.com Flag This IP
2 206.108.220.193 -1 -1 5 18 852 49.9 -119.483 host193.220.108.206.in-addr.arpa Flag This IP
**3 75.154.217.108** -1 -1 5 6 577 47.61 -122.33 STTLWAWBCI01.bb.telus.com Flag This IP
colinmccann commented 6 years ago

IPs can get reassigned to different carriers. Remember that we only do the whois lookup once (when the IP is first added to the DB). This would likely be addressed if we did the mass cleanup that Anto suggested...

On Fri, Aug 18, 2017 at 2:35 AM, Andrew-Clement notifications@github.com wrote:

See hop 3 in TR 126556 IPaddr: 75.154.217.108 appears as Bell (577). WHOIS and hostname clearly indicate Telus.

How can this be?

Standard: Traceroute details: ID 126556 created on 2015-12-18 20:41:11-05

Origin: Submitted by FML from V7Y 1B3 Destination: montrealmetropolis.ca [207.115.103.136] Hop IP Address Min. Latency Carrier Geolocation Geoprecision Hostname Flag 1 207.34.160.0 1 Telus North Vancouver BC Maxmind network-0.lindal.com Flag This IP 2 206.108.220.193 5 Telus Kelowna BC Maxmind host193.220.108.206.in-addr.arpa Flag This IP 3 75.154.217.108 5 Bell Seattle WA city level STTLWAWBCI01.bb. telus.com Flag This IP

Technical Hop IP Address Round Trip Times AS# Latitude Longitude Hostname Flag
1 207.34.160.0 -1 -1 1 2 852 49.3167 -123.067
network-0.lindal.com Flag This IP
2 206.108.220.193 -1 -1 5 18 852 49.9 -119.483
host193.220.108.206.in-addr.arpa Flag This IP
*3 75.154.217.108* -1 -1 5 6 577 47.61 -122.33 *STTLWAWBCI01.bb.telus.com
http://STTLWAWBCI01.bb.telus.com* Flag This IP

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ixmaps/website2017/issues/101, or mute the thread https://github.com/notifications/unsubscribe-auth/AAuEmKrAEWSfBJXfhxUl5YyqcuzymKsvks5sZJXzgaJpZM4O6tpX .

-- Colin

Andrew-Clement commented 6 years ago

I too suspect that this is due to IPs being reassigned over time. This of course will gradually get worse over time.

@Anto are you around and interested in getting involved again?

agamba commented 6 years ago

I would like to add to Colin's comment that I find interesting that at the time of the collection of this TR, the router has a ASN from Bell (577), although the hostname indicated to be under a Telus domain (STTLWAWBCI01.bb.telus.com)

I've seen similar cases on my own network that is Tekksavvy but it is using Rogers network.

Note that in the current whois response for the ip , the OriginAS is now empty. We have the same result with the latest MM db, no asn reported.

NetRange: 75.152.0.0 - 75.159.255.255 CIDR: 75.152.0.0/13 NetName: TELUS NetHandle: NET-75-152-0-0-1 Parent: NET75 (NET-75-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: TELUS Communications Inc. (TACE) RegDate: 2006-08-01 Updated: 2012-02-24 Ref: https://whois.arin.net/rest/net/NET-75-152-0-0-1

Andrew-Clement commented 6 years ago

Thanks Anto, this is interesting and puzzling.

I presume the hostname and ASN are recorded at the time of first encounter with a particular IPaddr and not subsequently updated, so it must be that the Telus naming was already in place at that time, and subsequently the Bell ASN was removed. This is unfortunate as ideally ASN should be a reliable designator of ownership.

I understand that with a 'competitive' carrier like Teksavvy that it will use routers owned by the incumbent facilities provider like Rogers, and have seen examples of this, but I suppose this can occur between two incumbents, esp when one is offering services outside their regular territory, like Telus provide network access outside BC and Alberta. If so, this is the first example I've seen.