In message <6C247001-B2CB-4CFD-818B-E31EC48D9134@ripe.net>, at 16:01:41 on Tue, 10 Dec 2019, Daniel Karrenberg <dfk@ripe.net> writes
On 10 Dec 2019, at 13:15, Roland Perry wrote:
… How do I as (nowadays anyway, an outsider) access such historic snapshots of the IP address range, before today's ISP acquired them.
Is this a 'service' that RIPE NCC offers (and hence my question in this forum). …
Type in the prefix concerned.
Thanks, Daniel. As ever you are a star!
The ‘Anti-abuse’ tab lists some well known blacklists, also historically.
But shows nothing. (Nor had my earlier searches elsewhere) The block that a friend encountered yesterday, and made me decide to look into this further, was from Hootsuite, which is a social media management platform. Ones that had been previously mentioned by other users include Adobe, PayPal and Eventbrite.
The ‘ Database’ tab has registration and allocation history.
Which suggests an allocation to the ISP in July 2015...
The ‘Routing’ tab has routing history.
...and to customers in 11th March 2019. Which together *doesn't* match a theory of either recent acquisition, nor a hangover from dirty usage.
In my experience all this goes a long way to get a good picture of the address space concerned.
It would be helpful if you told the list whether this would have warned this particular end-user had they or their consultants looked at it.
Nothing leaps out at me. Which leaves the question of where the data being acted on by the undoubtedly active block lists originated. But could explain why it's apparently difficult to expunge, if it's of unknown source. The name 'Globalprotect' was also mentioned. My next theory is that it's not a poorly sanitised transfer of IP addresses, but some glitch in the blacklisting process. -- Roland Perry