Finding ASN from IP address
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78 etc, gathered from my system logs. What is the best way of doing this? I thought about something along the lines of: install routing software (zebra?) pass software the IP's, get it to spit back a string from which I can grab the ASN Two problems being I don't know which software to install that can do that, or where to get a copy of the current routing table, so that I can feed that to the software. Suggestions appreciated. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com EFnet: irc.mindspring.com
On Thu, Oct 09, 2003 at 09:49:32AM -0700, Avleen Vig wrote:
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
Team Cymru is offering a IP to ASN Whois service: ***************** Fellow networkers, � Team Cymru is happy to announce the availability of a public whois server dedicated to mapping IP numbers to ASNs, located at whois.cymru.com.� You can find the link to this tool at: � http://www.cymru.com/BGP/whois.html � This link has been added to our main BGP data page available at: � http://www.cymru.com/BGP/index.html � We have also extended the functionality of this daemon to support BULK IP submissions for those who wish to further optimize their queries with netcat. � Following is a quick overview of how to use it: � $ whois -h whois.cymru.com <IP> � Where <IP> is replaced by the IP you'd like to map, like so: � $ whois -h whois.cymru.com 4.2.2.1 ��� ASN |�������������� IP | Name �� 3356 |��������� 4.2.2.1 | LEVEL3 Level 3 Communications � You can also include port information, and/or timestamps in your queries.� Be sure to include quotes around your queries, or the daemon will interpret your request as multiple lines: � $ whois -h whois.cymru.com "4.2.2.1 -0600 GMT" ��� ASN |�������������� IP |����������� Info | Name �� 3356 |��������� 4.2.2.1 |������ -0600 GMT | LEVEL3 Level 3 Communications � For instructions on how to submit BULK queries via netcat, simply issue the following command: � $ whois -h whois.cymru.com help � We hope you find this tool useful.� Stay tuned for more features!� � If you have any comments or suggestions as to how we might improve this service, feel free to let us know! � Thanks, Steve, for Team Cymru http://www.cymru.com -- Stephen Gill
On 10/9/03 9:49 AM, "Avleen Vig" <lists-nanog@silverwraith.com> wrote:
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
Well, if you are not adverse to using a pre-existing tool, the Team CYMRU folks have been kind enough to provide a server that does just that. whois -h whois.cymru.com 66.119.192.4 ASN | IP | Name 16713 | 66.119.192.4 | NOANET-WA Northwest Open Acces Mike -- Michael K. Smith NoaNet 206.219.7116 (work) 206.579.8360 (cell) mksmith@noanet.net http://www.noanet.net
Avleen Vig writes on 10/9/2003 10:19 PM:
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
Rob Thomas (cymru.com) has something like this - see below. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
* To: apops@apops.net * Subject: [apops] New Team Cymru IP2ASN whois server * From: Rob Thomas <robt@cymru.com> * Date: Fri, 26 Sep 2003 01:56:11 -0500 (CDT) * List-archive: <http://www.apnic.net/mailing-lists/apops/> * List-help: <mailto:apops-request@apops.net?subject=help> * List-id: Asia Pacific Operators Forum <apops.apops.net> * List-post: <mailto:apops@apops.net> * List-subscribe: <http://mailman.apnic.net/mailman/listinfo/apops>,<mailto:apops-request@apops.net?subject=subscribe> * List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/apops>,<mailto:apops-request@apops.net?subject=unsubscribe> * Sender: apops-admin@apops.net
Fellow networkers,
Team Cymru is happy to announce the availability of a public whois server dedicated to mapping IP numbers to ASNs, located at whois.cymru.com. You can find the link to this tool at:
http://www.cymru.com/BGP/whois.html
This link has been added to our main BGP data page available at:
http://www.cymru.com/BGP/index.html
We have also extended the functionality of this daemon to support BULK IP submissions for those who wish to further optimize their queries with netcat.
Following is a quick overview of how to use it:
$ whois -h whois.cymru.com <IP>
Where <IP> is replaced by the IP you'd like to map, like so:
$ whois -h whois.cymru.com 4.2.2.1 ASN | IP | Name 3356 | 4.2.2.1 | LEVEL3 Level 3 Communications
You can also include port information, and/or timestamps in your queries. Be sure to include quotes around your queries, or the daemon will interpret your request as multiple lines:
$ whois -h whois.cymru.com "4.2.2.1 -0600 GMT" ASN | IP | Info | Name 3356 | 4.2.2.1 | -0600 GMT | LEVEL3 Level 3 Communications
For instructions on how to submit BULK queries via netcat, simply issue the following command:
$ whois -h whois.cymru.com help
We hope you find this tool useful. Stay tuned for more features!
If you have any comments or suggestions as to how we might improve this service, feel free to let us know!
Thanks, Rob, for Team Cymru. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
There's a paper on just this problem from SIGCOMM 2003: http://www.acm.org/sigcomm/sigcomm2003/papers.html#p365-mao On Thursday, Oct 9, 2003, at 09:49 US/Pacific, Avleen Vig wrote:
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
I thought about something along the lines of: install routing software (zebra?) pass software the IP's, get it to spit back a string from which I can grab the ASN
Two problems being I don't know which software to install that can do that, or where to get a copy of the current routing table, so that I can feed that to the software.
Suggestions appreciated.
-- Avleen Vig Systems Administrator Personal: www.silverwraith.com EFnet: irc.mindspring.com
On 10/9/2003 at 12:49 PM, "Avleen Vig" <lists-nanog@silverwraith.com> wrote:
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
http://www.spamshield.org/#tools : ip-leecher.pl And damn you, if you don't use your own router instead of the route-servers for more than a few 100 queries per day :) bye,Kai
Avleen,
I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
I thought about something along the lines of: install routing software (zebra?) pass software the IP's, get it to spit back a string from which I can grab the ASN
Starting from the routing table is indeed the best approach. We recently studied this problem and found that an approach based on whois queries to an IRR only returns the correct result in ~80% of the cases, whereas using routing tables returns the correct result in ~99% of the cases. See: http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-tt-as-tracero... for more details. We're expanding the software used for this study into a public service right now and hope to announce this to the public shortly. Henk ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal@ripe.net RIPE Network Coordination Centre WWW: http://www.ripe.net/home/henk P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ That problem that we weren't having yesterday, is it better? (Big ISP NOC)
participants (7)
-
Avleen Vig
-
Eric Anderson
-
Henk Uijterwaal (RIPE-NCC)
-
Jeff Wasilko
-
Kai Schlichting
-
Michael K. Smith
-
Suresh Ramasubramanian