to different Autonomous systems. Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number? I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number. Any clues on how i can get the AS number? Glen
On Mon, 28 Nov 2005, Glen Kent wrote: > to different Autonomous systems. > Is there a central/distributed database somewhere that can tell me > that this particular IP prefix (say x.y.z.w) has been given to foo AS > number? We have archives of much of that information (historical whois), and we've been working on databasing it, but that's unfunded work, so it's going slowly. Basically, we get bulk data from the five RIRs, and try to parse it into a structured database. For the ones like ARIN and LACNIC, that are coming out of a similar relational database, it's not too difficult work. For others, it's largely manual. > I tried searching through all the WHOIS records for a domain name. I > get the IP address but i dont get the AS number. > Any clues on how i can get the AS number? If you just want this for one thing, not lots, you can just track it down by hand. Check to see if the address space is being announced, and if so, by what AS. Then check the RIR whois for that AS, and see who it is. If it's not being announced, start looking through whois for substring matches against likely bits of the name of the owner of the address space. -Bill
On Sun, 27 Nov 2005, Bill Woodcock wrote:
> I tried searching through all the WHOIS records for a domain name. I > get the IP address but i dont get the AS number. > Any clues on how i can get the AS number?
If you just want this for one thing, not lots, you can just track it down by hand. Check to see if the address space is being announced, and if so, by what AS. Then check the RIR whois for that AS, and see who it is. If it's not being announced, start looking through whois for substring matches against likely bits of the name of the owner of the address space.
he might be satisfied with: mail.pch.net. 86400 IN A 206.220.231.1 :~> host -W 6 -R 10 -t txt 1.231.220.206.asn.routeviews.org 1.231.220.206.asn.routeviews.org text "3856" "206.220.228.0" "22" which is AS 3856 routing 206.220.228.0/22 ... which contains the /32 above.
* Christopher L. Morrow:
he might be satisfied with:
mail.pch.net. 86400 IN A 206.220.231.1
:~> host -W 6 -R 10 -t txt 1.231.220.206.asn.routeviews.org 1.231.220.206.asn.routeviews.org text "3856" "206.220.228.0" "22"
which is AS 3856 routing 206.220.228.0/22 ... which contains the /32 above.
asn.routeviews.org doesn't do longest-prefix matching, so you need a short Perl script to get the correct ASN, attached below. However, this is a bit slow thanks to the overhead of loading Net::DNS, see <http://www.enyo.de/fw/notes/perl-probleme.html> (German). #!/usr/bin/perl use warnings; use strict; use Net::DNS; if (@ARGV != 1 && $ARGV[0] !~ /^\d+\.\d+\.\d+\.\d+$/) { print STDERR "usage: ip2asn A.B.C.D\n"; exit 1; } my $suffix = 'asn.routeviews.org'; my $name = join '.', (reverse split /\./, $ARGV[0]), $suffix; my $res = Net::DNS::Resolver->new; my $packet = $res->query($name, 'TXT'); my @txt; @txt = $packet->answer if $packet; my ($longest_net, $longest_length, $longest_asn); for my $rr (@txt) { my ($asn, $net, $length) = $rr->char_str_list; if ((! defined $longest_length) || $length > $longest_length) { $longest_net = $net; $longest_length = $length; $longest_asn = $asn; } } if (defined $longest_asn && $longest_asn < 64511) { print "$longest_asn\n"; } else { print "0\n"; }
On Mon, 28 Nov 2005, Florian Weimer wrote:
* Christopher L. Morrow:
he might be satisfied with:
mail.pch.net. 86400 IN A 206.220.231.1
:~> host -W 6 -R 10 -t txt 1.231.220.206.asn.routeviews.org 1.231.220.206.asn.routeviews.org text "3856" "206.220.228.0" "22"
which is AS 3856 routing 206.220.228.0/22 ... which contains the /32 above.
asn.routeviews.org doesn't do longest-prefix matching, so you need a short Perl script to get the correct ASN, attached below. However,
which means host -t txt <ip> will return more than one record, yes? so he can just scan for the longest length in the return? (I am assuming he's not putting this into some gianormous automated monstrosity of course) -Chris
* Christopher L. Morrow:
asn.routeviews.org doesn't do longest-prefix matching, so you need a short Perl script to get the correct ASN, attached below. However,
which means host -t txt <ip> will return more than one record, yes?
Exactly.
so he can just scan for the longest length in the return?
This is what the Perl script does, yes.
On Sun, 27 Nov 2005, Bill Woodcock wrote:
On Mon, 28 Nov 2005, Glen Kent wrote:
to different Autonomous systems. Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
We have archives of much of that information (historical whois), and we've been working on databasing it, but that's unfunded work, so it's going slowly.
I've been doing something similar too with historic whois & routing data with purpose to interrelate it in the database, making it possible to search by date and by how ip prefix changed. Not very easy because of amount of data to properly process while keeping track of and creating cvs-like info in db.
Basically, we get bulk data from the five RIRs, and try to parse it into a structured database. For the ones like ARIN and LACNIC, that are coming out of a similar relational database, it's not too difficult work. For others, it's largely manual.
Its not 100% clear for LACNIC & ARIN either. ARIN & LACNIC do allow for common organization that is a db parent for both ASN and an ip block but there are actually number of organizations with multiple Org IDs and with ASN being under different org (also same same sometimes happens for IPv6 allocations) and cases of organizations buying each and ending up with multiple ones (but only using one asn) are common. -- William Leibzon Elan Networks william@elan.net
> > Basically, we get bulk data from the five RIRs, and try to parse > > it into a structured database. For the ones like ARIN and LACNIC, that > > are coming out of a similar relational database, it's not too difficult > > work. For others, it's largely manual. > > Its not 100% clear for LACNIC & ARIN either. ARIN & LACNIC do allow for > common organization that is a db parent for both ASN and an ip block but > there are actually number of organizations with multiple Org IDs and with > ASN being under different org (also same same sometimes happens for IPv6 > allocations) and cases of organizations buying each and ending up with > multiple ones (but only using one asn) are common. Yes, we've got a table of organization-to-OrgID, particularly since one organization will have different OrgIDs not only within one RIR, but in different RIRs, even. My only point was that it's a lot easier to get data back into a database if it came out of a database in the first place. Then all you have to do is understand the relationship model between the objects, and understand what limitations it has and how it maps into one's own superset of that. -Bill
try whois.radb.net On 11/28/05, Glen Kent <glen.kent@gmail.com> wrote:
to different Autonomous systems.
Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number.
Any clues on how i can get the AS number?
Glen
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Mon, 28 Nov 2005, Glen Kent wrote:
to different Autonomous systems.
Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
IP prefixes are not "given" to AS numbers. They are assigned & allocated to organizations that can choose to announce it themselves (in which case you may search for ASN name with same organization name as who the ip block is is assigned to) or have their ISP announce it (in this case ISPs often register ip block in RR - may appear in whois.radb.net).
I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number. Any clues on how i can get the AS number?
I suspect what you're really asking is who is announcing a particular ip address in BGP. If you want to do it by whois, I recommend this: whois -h riswhois.ripe.net <ip-address> -- William Leibzon Elan Networks william@elan.net
"Glen" == Glen Kent <glen.kent@gmail.com> writes:
Glen> to different Autonomous systems. No. Wrong. IP addresses are allocated to network providers, or to end-user networks. The recipient of a block of IP addresses (by direct allocation/assignment from ARIN or by a PI assignment from some other registry) can get their provider to announce the block, in which case the AS number will change any time they change providers, or indeed they can get several providers to announce parts of the block. Or they can choose to get an AS number of their own and announce it themselves. They might announce part of it themselves and have a provider announce other parts, and so on. There is no fixed relationship between addresses and ASNs. Glen> Is there a central/distributed database somewhere that can tell Glen> me that this particular IP prefix (say x.y.z.w) has been given Glen> to foo AS number? To find out what AS is actually announcing a given IP address, the place to look is in the routing tables themselves, or information services which draw their data from routing tables. One such is whois.cymru.com: % whois -h whois.cymru.com 216.168.0.0 ASN | IP | Name 11697 | 216.168.0.0 | NET-SUPERNEWS - Supernews Another is the asn.routeviews.org DNS zone: % host -t txt 0.0.168.216.asn.routeviews.org. 0.0.168.216.asn.routeviews.org text "11697" "216.168.0.0" "19" Both of these tell you who _IS_ announcing the space, not who _SHOULD BE_ announcing it. Routing registries such as RADB tell you another story; they tell you who _thinks_ that they _should_ be announcing it or allowing it to be announced. The quality of such data is poor at best; often it is nonexistent. Never trust the RADB data to be either correct or complete. There is currently no fully reliable way for a third party to answer the question "should AS N be announcing prefix X". The history of netblock thefts shows that even network providers have a hard time answering the question "should my customer C be announcing prefix X". -- Andrew, Supernews http://www.supernews.com
IP prefixes are NOT allocated to AS numbers, they are allocated to Organizations just like AS numbers. Perhaps this is part of why you can't find such a list. Owen --On November 28, 2005 11:45:58 AM +0530 Glen Kent <glen.kent@gmail.com> wrote:
to different Autonomous systems.
Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number.
Any clues on how i can get the AS number?
Glen
-- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery.
I suggest this should be common across ripe, apnic and lacnic, Routing Information Service http://www.ripe.net/ris/riswhois.html that should help the current situation with services already in place -Henry --- Owen DeLong <owen@delong.com> wrote:
IP prefixes are NOT allocated to AS numbers, they are allocated to Organizations just like AS numbers.
Perhaps this is part of why you can't find such a list.
Owen
--On November 28, 2005 11:45:58 AM +0530 Glen Kent <glen.kent@gmail.com> wrote:
to different Autonomous systems.
Is there a central/distributed database somewhere
that can tell me
that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number.
Any clues on how i can get the AS number?
Glen
-- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery.
On Mon, 28 Nov 2005, Henry Linneweh wrote: > I suggest this should be common across ripe, apnic and > lacnic, Routing Information Service They're orthoganal, so what you suggest is in fact the status quo. RIS, Route-Views, and PCH collect and archive routing information for prefixes and ASNs allocated/assigned from all five RIRs indiscriminately. -Bill
On Mon, 28 Nov 2005, Glen Kent wrote:
to different Autonomous systems.
Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
Prefixes aren't assigned to ASNs. They're assigned to organizations/networks. Those entities may have several ASNs or no ASN of their own. You can see what ASN(s) annnounce what prefixes by looking at BGP. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 28-Nov-2005, at 01:15, Glen Kent wrote:
to different Autonomous systems.
No, but...
Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number?
I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number.
... if you want to know which AS is originating a prefix which covers a particular address right now, you can always use whois.cymru.com: [halibut:~]$ whois -h whois.cymru.com 203.97.1.241 ASN | IP | Name 4768 | 203.97.1.241 | CLIX-NZ TelstraClear Ltd [halibut:~]$ Joe
participants (11)
-
Andrew - Supernews
-
Bill Woodcock
-
Christopher L. Morrow
-
Florian Weimer
-
Glen Kent
-
Henry Linneweh
-
Joe Abley
-
Jon Lewis
-
Owen DeLong
-
Suresh Ramasubramanian
-
william(at)elan.net