Orbit

Hi Tarau,

You can use "Whois Look Up" to find out whose IP addresses these are. It depends on whether they are legitimate users etc or squatting etc. See: http://www.whois.net/

You can also ask the relevant RIR about them if in doubt.

You will have to have legitimate grounds to block them. It also depends on the laws in your country and what it says about blocking.

The US and Japan for instance have two different approaches. In the US, the ISPs can simply take them down after giving Notice and in Japan, a notice is served on them as to give an opportunity of why not to take them down.

However, if they are not paying but squatting, block them - caveat is to seek legal counsel from your company's lawyers first.

Kind Regards,

On Tue, Mar 13, 2012 at 12:18 PM, Tarau Bauia tbauia@gmail.com wrote:

I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips; 109.123.106.250 87.106.240. 109.123.106.250 82.165.143.243 87.106.240.241 87.106.13.62 82.165.143.242 82.165.143.243 213.171.205.238 Is there any problem if I block these ips or network?

--

---

Tarau Bauia KIT http://www.kit.edu.ki Betio Tarawa

---

---

pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog

Dear Tarau,

I might need your expertise on these ip addresses that looks like they are using up our bandwidth if you know these unknown ips; 109.123.106.250

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 13213 | 109.123.106.250 | 109.123.64.0/18 | GB | ripencc | 2009-10-12 | UK2NET-AS UK-2 Ltd Autonomous System

109.123.106.250 has the DNS RR db11.spamcatcher.net pointed to it.

http://www.spamcatcher.net/mail/client/fd.html

87.106.240.

Typo?

82.165.143.243

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 82.165.143.243 | 82.165.0.0/16 | DE | ripencc | 2003-08-06 | ONEANDONE-AS 1&1 Internet AG

82.165.143.243 also has the DNS RR db11.spamcatcher.net pointed to it.

87.106.240.241

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 87.106.240.241 | 87.106.0.0/16 | DE | ripencc | 2005-08-10 | ONEANDONE-AS 1&1 Internet AG

db11.spamcatcher.net again.

87.106.13.62

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 87.106.13.62 | 87.106.0.0/16 | DE | ripencc | 2005-08-10 | ONEANDONE-AS 1&1 Internet AG

87.106.13.62 has the DNS RR sn3.mailshell.net pointed to it. That's the same thing as spamcatcher.net.

82.165.143.242

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 82.165.143.242 | 82.165.0.0/16 | DE | ripencc | 2003-08-06 | ONEANDONE-AS 1&1 Internet AG

82.165.143.242 has the DNS RR sn3.mailshell.net pointed to it as well.

213.171.205.238

AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 8560 | 82.165.143.243 | 82.165.0.0/16 | DE | ripencc | 2003-08-06 | ONEANDONE-AS 1&1 Internet AG

db11.spamcatcher.net again.

All of the hosts above are Linux boxes, it appears.

Is there any problem if I block these ips or network?

You might want to reach out to the folks at spamcatcher and share some log snippets with them. You can then ask them about the traffic and its purpose.

Thanks, Rob.