<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>If you have a security/privacy problem that you want to solve playing wack-a-mole with public IP information, you now have two problems.<br><br><div style="direction: inherit;">--</div><div style="direction: inherit;">Eric</div></div><div><br>On 27 Dec 2016, at 13:46, Tim Kleefass <<a href="mailto:tim@haitabu.net">tim@haitabu.net</a>> wrote:<br><br></div><blockquote type="cite"><div><span>On 27/12/2016 13:11, Lukas Tribus wrote:</span><br><blockquote type="cite"><blockquote type="cite"><span> Die IXP website list the IP address within the customer portal, so you</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span> need to login to the IXP customer portal to see the IP addresses of the</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span> peers.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>That may be true for some IXP's, but most of them provide the list of</span><br></blockquote><blockquote type="cite"><span>members including IP addresses in the Euro-IX JSON format.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Like:</span><br></blockquote><blockquote type="cite"><span><a href="https://my.ams-ix.net/api/v1/members.json">https://my.ams-ix.net/api/v1/members.json</a></span><br></blockquote><blockquote type="cite"><span><a href="https://www.ecix.net/content/member-lists/memberlist_FRA.json">https://www.ecix.net/content/member-lists/memberlist_FRA.json</a></span><br></blockquote><span></span><br><span>Okay, I wasn't aware of that.</span><br><span>Then it doesn't make sense to hide the IP address in peeringdb.</span><br><span></span><br><blockquote type="cite"><span>And as mentioned before, scanning the reverse dns zone will also</span><br></blockquote><blockquote type="cite"><span>very likely lead to the next-hop IP's, as do traceroutes.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>This is a public information, hiding it at peeringdb does not make it</span><br></blockquote><blockquote type="cite"><span>private.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>But if people insist, I guess allowing that particular organisations to</span><br></blockquote><blockquote type="cite"><span>hide the actual address for unauthenticated pdb users may make sense.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>But please do not allow empty IP fields in the database.</span><br></blockquote><span></span><br><span>+1</span><br><span></span><br><span> -Tim</span><br><span></span><br><span>_______________________________________________</span><br><span>Pdb-tech mailing list</span><br><span><a href="mailto:Pdb-tech@lists.peeringdb.com">Pdb-tech@lists.peeringdb.com</a></span><br><span><a href="http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech">http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech</a></span><br></div></blockquote></body></html>