[nsp-sec] "Vietnam Posts and Telecommunications" returned by cymru whois server

Rob Thomas robt at cymru.com
Wed Mar 26 17:34:45 EDT 2008 

Hi, Yiming.

Our whois (IP to ASN) data is based on sundry BGP feeds.  So if there's 
a leak of RFC1918 space into one of these peering sessions, our whois 
server tends to reflect that.

I see AS7643 announcing 10.0.0.0/8 starting at 2008-03-25 23:59:10 UTC, 
and continuing through the day.  It's leaking through AS4134.  The most 
recent announcement was 2008-03-26 05:32:05 UTC.

I'll see about having RFC1918 space automagically filtered out of the 
whois server.

Thanks,
Rob.


Gong, Yiming wrote:
> ----------- nsp-security Confidential --------
> 
> Oh, sorry for the misunderstanding, I meant these are private IPs but
> they are tagged as VNPT (AS 7643) by cymru's whois server.
> 
> Regards,
>  
> Yiming
>  
> 
>> -----Original Message-----
>> From: Bill Woodcock [mailto:woody at pch.net] 
>> Sent: Wednesday, March 26, 2008 3:48 PM
>> To: Gong, Yiming
>> Cc: nsp-security at puck.nether.net
>> Subject: Re: [nsp-sec] "Vietnam Posts and Telecommunications" 
>> returned by cymru whois server
>>
>>
>> On Mar 26, 2008, at 12:55 PM, Gong, Yiming wrote:
>>> I got an alert about a private IP scanning and I noticed an 
>>> interesting whois result from Cymru's whois server
>>> 7643    | 10.0.100.7       | VNN-AS-AP Vietnam Posts and
>>> Telecommunications (VNPT)   |
>>
>> My contacts in the VN-NIC, in presumptive order of likelihood of
>> response:
>>
>> Tran Kien <tkien at vnnic.net.vn>
>> Thu Thuy <thuthuy at vnnic.net.vn>
>> Nguyen Manh Thuan <manhthuan at vnnic.net.vn> Hoang Minh Cuong 
>> <hmcuong at vnnic.net.vn> <nhthang at vnnic.net.vn> <nhung at vnnic.net.vn>
>>
>> Good luck.
>>
>>                                  -Bill
>>
>>
>>
>>
>>
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________

-- 
Rob Thomas
Team Cymru
http://www.team-cymru.org/
ASSERT(coffee != empty);

More information about the nsp-security mailing list