Friday, July 03, 2009

Service Provider Corporation

If you've seen Service Provider Corporation IP addresses in your logs and then tried to find information about the company you'll end up here:

http://www.wdspco.org/

OrgName: Service Provider Corporation
OrgID: SPC-10
Address: 442 Route 202-206 North
Address: # 485
City: Bedminster
StateProv: NJ
PostalCode: 07921-0523
Country: US

NetRange: 166.128.0.0 - 166.255.255.255
CIDR: 166.128.0.0/9
NetName: NETBLK-CDPD-B
NetHandle: NET-166-128-0-0-1

This is an organization that allocates IP addresses to various wireless providers. Presumably some odd traffic on our server is from AT&T since the user agent appears to be IPhones. However the IPhones are acting a little strange and using a lot of different IP addresses for what appears to be the same web request. I could be wrong. We'll have to dig into this a bit more...

The other problem with this organization is that it actually hides the true source of the traffic in some cases. Someone on this network actually hacked into my web mail provider one time and apparently was reading my email. This organization states on their web site on a page that is not search engine friendly:

The WDSPCo NIC administers and maintains the IP address blocks that are leased from ARIN. The NIC assigns IP address blocks to WDSPCo members on request in accordance to the WDSPCo IP Management rules and the ARIN IP rules.

The NIC is also responsible for the WDSPCo DNS server. The NIC maintains the server. They also update with member server information for the reverse DNS lookup table for the leased IP blocks. When requesting a new block of IP addresses, members can supply their DNS server names so that the NIC can assign those server names to the IP block on the DNS server at the time of allocation. IP blocks can be leased without DNS server assignments.


The problem here is that some of the traffic coming from this IP range appears to be under the cover of this organization's name and you cannot truly report the source of the bad traffic to the company from whence it came if the IPs have been leased to someone else and not appropriately identified. In my opinion this organization should be forced by law to list both their name AND the name of the wireless company that is sending traffic to your sites.