Re: Turning off queries to SORBS

[Michelle Sullivan <mi...@sorbs.net>]

Bill Cole wrote:
> On 28 Jan 2016, at 8:54, Michelle Sullivan wrote:
>
> [...]
>
>>> Only the first is currently found in a the collection of authoritative
>>> nameservers for dnsbl.sorbs.net, but all of them have symmetric PTR/A
>>> records, implying that they aren't some sort of poisoning artifact.
>>> Also, the last 3 are in small blocks allocated by SoftLayer to GFI
>>> Software, the former owner of SORBS.
>> Where do you see GFI?  Nothing should show GFI (all the SL stuff is
>> owned by Proofpoint)
>
> Tell that to SL, e.g.:
>
> $ /opt/local/bin/whois 174.36.198.233
>
> [... ARIN record elided ...]
>
> Found a referral to rwhois.softlayer.com:4321.
>
> %rwhois V-1.5:003fff:00 rwhois.attcloudarchitect.com (by Network 
> Solutions, Inc. V-1.5.9.6)
> network:Class-Name:network
> network:ID:NETBLK-SOFTLAYER.174.36.192.0/18
> network:Auth-Area:174.36.192.0/18
> network:Network-Name:SOFTLAYER-174.36.192.0
> network:IP-Network:174.36.198.232/30
> network:IP-Network-Block:174.36.198.232-174.36.198.235
> network:Organization;I:GFI Software
Hehe... out of date rwhois server... you expect anything else? :P

(GFI were out of the picture 1 Jul 2011...! )

-- 
Michelle Sullivan
http://www.mhix.org/

Re: Turning off queries to SORBS

[Reindl Harald <h....@thelounge.net>]

Am 20.04.2016 um 14:30 schrieb Michelle Sullivan:
>> $ /opt/local/bin/whois 174.36.198.233
>>
>> [... ARIN record elided ...]
>>
>> Found a referral to rwhois.softlayer.com:4321.
>>
>> %rwhois V-1.5:003fff:00 rwhois.attcloudarchitect.com (by Network
>> Solutions, Inc. V-1.5.9.6)
>> network:Class-Name:network
>> network:ID:NETBLK-SOFTLAYER.174.36.192.0/18
>> network:Auth-Area:174.36.192.0/18
>> network:Network-Name:SOFTLAYER-174.36.192.0
>> network:IP-Network:174.36.198.232/30
>> network:IP-Network-Block:174.36.198.232-174.36.198.235
>> network:Organization;I:GFI Software
> Hehe... out of date rwhois server... you expect anything else? :P
>
> (GFI were out of the picture 1 Jul 2011...! )

the problem is most likely a /opt/local/bin/whois from the last century

[harry@rh:~]$ whois --version
Version 5.2.12.

[harry@rh:~]$ ls /usr/bin/whois.md
-rwxr-xr-x 1 root root 136K 2016-03-29 15:54 /usr/bin/whois.md

[harry@rh:~]$ /usr/bin/whois 174.36.198.233
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# The following results may also be obtained via:
# 
https://whois.arin.net/rest/nets;q=174.36.198.233?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange:       174.36.0.0 - 174.37.255.255
CIDR:           174.36.0.0/15
NetName:        SOFTLAYER-4-7
NetHandle:      NET-174-36-0-0-1
Parent:         NET174 (NET-174-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS36351
Organization:   SoftLayer Technologies Inc. (SOFTL)
RegDate:        2008-09-12
Updated:        2013-07-12
Ref:            https://whois.arin.net/rest/net/NET-174-36-0-0-1


OrgName:        SoftLayer Technologies Inc.
OrgId:          SOFTL
Address:        4849 Alpha Rd.
City:           Dallas
StateProv:      TX
PostalCode:     75244
Country:        US
RegDate:        2005-10-26
Updated:        2013-02-20
Ref:            https://whois.arin.net/rest/org/SOFTL

ReferralServer:  rwhois://rwhois.softlayer.com:4321

OrgTechHandle: IPADM258-ARIN
OrgTechName:   IP Admin
OrgTechPhone:  +1-214-442-0601
OrgTechEmail:  ipadmin@softlayer.com
OrgTechRef:    https://whois.arin.net/rest/poc/IPADM258-ARIN

OrgAbuseHandle: ABUSE1025-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-214-442-0601
OrgAbuseEmail:  abuse@softlayer.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE1025-ARIN

RAbuseHandle: ABUSE1025-ARIN
RAbuseName:   Abuse
RAbusePhone:  +1-214-442-0601
RAbuseEmail:  abuse@softlayer.com
RAbuseRef:    https://whois.arin.net/rest/poc/ABUSE1025-ARIN

RTechHandle: IPADM258-ARIN
RTechName:   IP Admin
RTechPhone:  +1-214-442-0601
RTechEmail:  ipadmin@softlayer.com
RTechRef:    https://whois.arin.net/rest/poc/IPADM258-ARIN

RNOCHandle: IPADM258-ARIN
RNOCName:   IP Admin
RNOCPhone:  +1-214-442-0601
RNOCEmail:  ipadmin@softlayer.com
RNOCRef:    https://whois.arin.net/rest/poc/IPADM258-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#



Verweis auf rwhois.softlayer.com:4321 gefunden.

%rwhois V-1.5:003fff:00 rwhois.attcloudarchitect.com (by Network 
Solutions, Inc. V-1.5.9.6)
network:Auth-Area:174.36.192.0/18
network:Class-Name:network
network:Street-Address:NA
network:City:NA
network:Postal-Code:27
network:Country-Code:SA
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@softlayer.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:2008-06-12 16:43:22
network:Updated:2014-01-20 07:00:50
network:Updated-By:ipadmin@softlayer.com

%ok