Bug #13360
open
Not All AS Prefixes are returned by WHOIS
0%
Description
If you set up a rule to do WHOIS on AS4917, these are the prefixes returned by pfBlockerNG:
• 12.187.160.0/24
• 12.187.160.0/21
• 12.187.161.0/24
• 12.187.162.0/24
• 12.187.163.0/24
• 12.187.164.0/24
• 12.187.165.0/24
• 12.187.166.0/24
• 12.187.167.0/24
• 66.138.158.0/24
• 69.150.24.0/24
• 69.150.24.0/21
• 69.150.25.0/24
• 69.150.26.0/24
• 69.150.27.0/24
• 69.150.28.0/24
• 160.19.24.0/24
• 160.19.24.0/22
• 160.19.25.0/24
• 160.19.26.0/23
• 160.19.27.0/24However if you visit https://asn.cymru.com/cgi-bin/whois.cgi and query 12.232.86.1, you'll see that also belongs to AS4917. It looks like 12.232.86.0/24 (and possibly some others) are missing from the pfBlockerNG results.
Updated by Kris Phillips over 2 years ago
I can confirm that subnet should be part of that ASN. However, I cannot recreate this in pfBlockerNG. Are you running the stable or -devel branch?
Updated by Alex Knop over 2 years ago
Kris Phillips wrote in #note-1:
I can confirm that subnet should be part of that ASN. However, I cannot recreate this in pfBlockerNG. Are you running the stable or -devel branch?
I am running the stable branch. 2.6.0
Updated by Danilo Zrenjanin over 2 years ago
I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:
PfB_AS4917_v4 Table IP Address 12.18.187.0/24 12.187.160.0/21 12.200.76.0/24 12.232.86.0/24 66.138.158.0/24 69.150.24.0/21 146.88.30.0/24 160.19.24.0/24 160.19.24.0/23 160.19.25.0/24 160.19.26.0/24 160.19.26.0/23 160.19.27.0/24 209.37.217.0/24 216.99.194.0/24
Updated by Alex Knop over 2 years ago
Danilo Zrenjanin wrote in #note-3:
I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:
[...]
Hi,
That worked for AS4917 however the problem exists for an IP in AS16509.
AS | IP | AS Name
16509 | 108.139.38.181 | AMAZON-02, US
However 108.139.38.181 is not one that is returned by a whois on AS16509.......