On Tue, Apr 10, 2012 at 10:09 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Just because an entity isn't based in the EU / RIPE region doesn't mean that they are up to no good or that they don't have a valid reason to have an allocation
I'm not talking about *all* out of region allocations. However a company with the german GmbH in it and with an accomodation address in Panama .. The point is that if you see signs that a range is bad, and you also see signs of strangeness in the whois, sometimes it is a good idea to correlate them The same thing with ARIN or any other RIR whois .. if you find a UPS store maildrop with a bunch of /20s mapped to it .. and each successive /20 you find is entirely populated with "something bad" .. then a full text search of the RIR's db for all netblocks registered to that UPS store might be instructive. --srs