When processing cflowd and wanting to resolve IP nets as well as ASNs as quickly as possible is there a trick to do the lookups rather than trying RIPE, ARIN, APNIC (and perhaps others) in a cyclical manner?
The guys at geektools.com have a whois server that attempts to locate the proper authority and redirect the query automatically based on the provided data, and it works with IP addresses. It does break whenever the output from the different whois servers get modified, but its just a perl script so they fix it. Every operator should have this script. http://www.geektools.com/software.html They have a web front-end at http://www.geektools.com/cgi-bin/proxy.cgi if you don't want to install the script, but the script is definitely the way to go for most operators. I won't say anything about how handy a referral-based LDAP system with a standardized schema would be for all of this. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/