Whois referrals changed source IP
For those of you (TLD's only?) who receives whois referrals from whois.ripe.net and thought they would always come from 193.0.0.0/24, it now seems that even though whois.ripe.net is in that range, the referrals can come from at least 193.0.4.152 (as it does right now). For us, we only allow the -V3.2.0,$IP option (stating the origin IP) if from an "NCC IP#". For all other IP## using that option we would give an error. Our last request from 193.0.0.0/24 was received Nov 17 11:16:46. Would the NCC be kind enough to officially inform of which range(s) the requests can come from? (I doubt it's the entire 193.0.0.0/21, which are server networks.) (And to think that it was actually Verisign who mailed us to let us know they had a problem using our whois server, I find kind of funny). -- Robert Martin-Legène IT security manager DK Hostmaster A/S
Dear Robert, The RIPE NCC uses 193.0.0.0 - 193.0.7.255 range for its infrastructure, so whois.ripe.net might resolve into any IP address in this range: inetnum: 193.0.0.0 - 193.0.7.255 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands remarks: Used for RIPE NCC infrastructure. country: NL admin-c: AMR68-RIPE admin-c: RDK-RIPE tech-c: OPS4-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-MNT mnt-lower: RIPE-NCC-MNT changed: mally@ripe.net 20030522 source: RIPE If you have any more questions, please don't hesitate to contact <ripe-dbm@ripe.net>. Regards, Engin Gunduz ____________________________ RIPE Database Administration. On 2004-11-18 12:51:28 +0100, Robert Martin-Legene wrote:
For those of you (TLD's only?) who receives whois referrals from whois.ripe.net and thought they would always come from 193.0.0.0/24, it now seems that even though whois.ripe.net is in that range, the referrals can come from at least 193.0.4.152 (as it does right now).
For us, we only allow the -V3.2.0,$IP option (stating the origin IP) if from an "NCC IP#". For all other IP## using that option we would give an error.
Our last request from 193.0.0.0/24 was received Nov 17 11:16:46.
Would the NCC be kind enough to officially inform of which range(s) the requests can come from? (I doubt it's the entire 193.0.0.0/21, which are server networks.)
(And to think that it was actually Verisign who mailed us to let us know they had a problem using our whois server, I find kind of funny).
-- Robert Martin-Legène IT security manager DK Hostmaster A/S
participants (2)
-
Engin Gunduz
-
Robert Martin-Legene