Dave (and anyone that downloads lookup_as.c), Grab a newer version of traceroute.c -- There is a CLASSFULL piece of code within the 2.9.3 code-base used in lookup_as.c. The newer traceroute.c code removes the 192/8 & 128/8 testing. This is a cut-n-paste from the newer traceroute-nanog-6.3.0/traceroute.c. It can be cut-n-pasted into your code...
/* * Lookup origin of the net in radb. */
char *lookup_as(in) struct in_addr in; { static char query[100]; static unsigned char *addr_ptr; static char *sp; char *get_origin();
addr_ptr = (unsigned char *) (&in.s_addr);
#ifdef FORCE_NATURAL_MASK if (addr_ptr[0] >= 192) { sprintf (query, "%d.%d.%d.0",addr_ptr[0],addr_ptr[1],addr_ptr[2]); } else if (addr_ptr[0] >= 128) { sprintf (query, "%d.%d.0.0",addr_ptr[0],addr_ptr[1]); } else { sprintf (query, "%d.0.0.0",addr_ptr[0]); } #else sprintf (query,"%d.%d.%d.%d",addr_ptr[0],addr_ptr[1],addr_ptr[2],addr_ptr[3]); #endif /* FORCE_NATURAL_MASK */
sp = get_origin(query); /* printf("as_lookup: get_origin returned %d\n",sp); */ if (0==sp) { return((char *)&nullstring); } else { return(sp); }
}
Or you could use the following shell script... #!/bin/sh exec whois "$1@whois.ra.net" ...which is somewhat quicker and does what lookup_as.c does. Martin --------------------- At 10:07 AM 2/20/2003 -0500, David G. Andersen wrote:
On Thu, Feb 20, 2003 at 08:09:31AM -0500, William Allen Simpson quacked:
Anybody have a pointer to scripts to map IP to AS?
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets, and I'd like to start blocking routing to those irresponsible AS's that haven't blocked their miscreant customers.
You can use a quick perl wrapper around whois, or you could use this terribly ugly hacked up traceroute-ng that I wrote to do lookups:
http://nms.lcs.mit.edu/software/ron/lookup_as.c
Compile with
gcc -DSTANDALONE=1 lookup_as.c -o lookup_as -lm
And then run. It gets the job done, but it's ugly. :)
-Dave
-- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ I do not accept unsolicited commercial email. Do not spam me.