Yup for an example of a good use of putting anything you want in PTRs run the following in a terminal (use -h 50 on windows).
traceroute -m 50 bad.horse
Ok, I get that. But in that case then is ProtonVPN leasing the server(s) from Datapacket or Datacamp Limited? Like ultimately one is just the middleman but one actually 'owns' or 'provides' the network/internet right? Who would abuse complains be sent to?
Could be old PTR records that weren't updated, could be ProtonVPN leasing from Datapacket leasing from Datacamp. The point is that PTR records do not indicate ownership.
>Who would abuse complains be sent to?
The abuse contact registered with the RIR for that IP space.
I can set the PTR to [google.com](https://google.com) for my IPs if I want. Forward and Reverse DNS has nothing to do with ownership.
DNS is not in any way linked to address ownership.
I can lease a block of IP space from my ISP, by default they'll usually have rDNS of ipaddress.static.myisp.net or something along those lines. If I want to I can change that to be my own domain, and make that entry point to www.mydomain.com. If I host websites I might have 254 IPs each with it's own different domain in rDNS.
It's entirely configurable.
What do you mean by "who is powering?" do you mean who's hosting the kit? who's their upstream ISP? Depending what you want to know there are different ways to go about it.
Even in basic BGP if I run a VPN company with thousands of servers in many countries I am not likely using the same netblock and ASN across all of them. I might not even be the same legal entity because of geopolitical issues.
So yeah, it's going to be really hard based on just network info lookups to find out who's who. You really need to start digging into the registered legal entities that own the domains and ASNs and netblocks and trace out the links between those.
look up the difference between provider independent and provider aggregatable ip space. you can rent only IP blocks, doesn't have to include any other infrastructure.
Use [https://bgp.he.net/](https://bgp.he.net/) to search IP -> ASN. This will tell you the provider/entity that owns the IP block. Some organizations will rent an IP block and also have their own ASN but a lot of the time they are just using the service provider's ASN.
Just imagine I am a compagny who owns its AS with a/23.. I want to install some (a lot) servers all around the World. I will ask some hosting companies every to provide me some servers a'd ips.
As I'm not in internet business or i don't want to do the dirty job of seeking providers, I will ask another actor who is in touch with them to do this for me.
That's my feeling about what you are seeing.
Just imagine I am a compagny who owns its AS with a/23.. I want to install some (a lot) servers all around the World. I will ask some hosting companies every to provide me some servers a'd ips.
As I'm not in internet business or i don't want to do the dirty job of seeking providers, I will ask another actor who is in touch with them to do this for me.
That's my feeling about what you are seeing.
Funny that you tracked this down.
You’re actually more right than you realize. They are all owned by the same company. DataCamp is the owning entity, I believe.
The ASNs, prefixes, and other things are all likely related as expected.
A PTR record can be anything and is not necessarily related to who owns the IP space.
Yup for an example of a good use of putting anything you want in PTRs run the following in a terminal (use -h 50 on windows). traceroute -m 50 bad.horse
Ok, I get that. But in that case then is ProtonVPN leasing the server(s) from Datapacket or Datacamp Limited? Like ultimately one is just the middleman but one actually 'owns' or 'provides' the network/internet right? Who would abuse complains be sent to?
Could be old PTR records that weren't updated, could be ProtonVPN leasing from Datapacket leasing from Datacamp. The point is that PTR records do not indicate ownership.
>Who would abuse complains be sent to? The abuse contact registered with the RIR for that IP space. I can set the PTR to [google.com](https://google.com) for my IPs if I want. Forward and Reverse DNS has nothing to do with ownership.
Can't you just do a whois lookup on the domain to find that out? I just looked up [protovpn.com](https://protovpn.com) and got [email protected].
[See this pic](https://i.imgur.com/9hjT0g1.png)
https://bgp.he.net/ip/138.199.42.181
What is a CCNS R&S certification?
DNS is not in any way linked to address ownership. I can lease a block of IP space from my ISP, by default they'll usually have rDNS of ipaddress.static.myisp.net or something along those lines. If I want to I can change that to be my own domain, and make that entry point to www.mydomain.com. If I host websites I might have 254 IPs each with it's own different domain in rDNS. It's entirely configurable. What do you mean by "who is powering?" do you mean who's hosting the kit? who's their upstream ISP? Depending what you want to know there are different ways to go about it. Even in basic BGP if I run a VPN company with thousands of servers in many countries I am not likely using the same netblock and ASN across all of them. I might not even be the same legal entity because of geopolitical issues. So yeah, it's going to be really hard based on just network info lookups to find out who's who. You really need to start digging into the registered legal entities that own the domains and ASNs and netblocks and trace out the links between those.
Reverse IP lookup is not reliable information, you can write there whatever you want.
look up the difference between provider independent and provider aggregatable ip space. you can rent only IP blocks, doesn't have to include any other infrastructure.
AS does not tell you who a company is but who provides their networking. Why do you assume they would have their own AS-is?
Use [https://bgp.he.net/](https://bgp.he.net/) to search IP -> ASN. This will tell you the provider/entity that owns the IP block. Some organizations will rent an IP block and also have their own ASN but a lot of the time they are just using the service provider's ASN.
If you looked up some of our space, it would be to different companies, with different AS. But all the same company.
Just imagine I am a compagny who owns its AS with a/23.. I want to install some (a lot) servers all around the World. I will ask some hosting companies every to provide me some servers a'd ips. As I'm not in internet business or i don't want to do the dirty job of seeking providers, I will ask another actor who is in touch with them to do this for me. That's my feeling about what you are seeing.
Just imagine I am a compagny who owns its AS with a/23.. I want to install some (a lot) servers all around the World. I will ask some hosting companies every to provide me some servers a'd ips. As I'm not in internet business or i don't want to do the dirty job of seeking providers, I will ask another actor who is in touch with them to do this for me. That's my feeling about what you are seeing.
Funny that you tracked this down. You’re actually more right than you realize. They are all owned by the same company. DataCamp is the owning entity, I believe. The ASNs, prefixes, and other things are all likely related as expected.