scripts to map IP to AS?
Martin J. Levy
mahtin at mahtin.com
Thu Feb 20 17:11:02 UTC 2003
Dave (and anyone that downloads lookup_as.c),
Grab a newer version of traceroute.c -- There is a CLASSFULL piece of code within the 2.9.3 code-base used in lookup_as.c. The newer traceroute.c code removes the 192/8 & 128/8 testing. This is a cut-n-paste from the newer traceroute-nanog-6.3.0/traceroute.c. It can be cut-n-pasted into your code...
>/*
> * Lookup origin of the net in radb.
> */
>
>char *lookup_as(in)
>struct in_addr in;
>{
> static char query[100];
> static unsigned char *addr_ptr;
> static char *sp;
> char *get_origin();
>
> addr_ptr = (unsigned char *) (&in.s_addr);
>
>#ifdef FORCE_NATURAL_MASK
> if (addr_ptr[0] >= 192) {
> sprintf (query, "%d.%d.%d.0",addr_ptr[0],addr_ptr[1],addr_ptr[2]);
> } else if (addr_ptr[0] >= 128) {
> sprintf (query, "%d.%d.0.0",addr_ptr[0],addr_ptr[1]);
> } else {
> sprintf (query, "%d.0.0.0",addr_ptr[0]);
> }
>#else
> sprintf (query,"%d.%d.%d.%d",addr_ptr[0],addr_ptr[1],addr_ptr[2],addr_ptr[3]);
>#endif /* FORCE_NATURAL_MASK */
>
> sp = get_origin(query);
>/* printf("as_lookup: get_origin returned %d\n",sp); */
> if (0==sp) {
> return((char *)&nullstring);
> } else {
> return(sp);
> }
>
>}
Or you could use the following shell script...
#!/bin/sh
exec whois "$1 at whois.ra.net"
...which is somewhat quicker and does what lookup_as.c does.
Martin
---------------------
At 10:07 AM 2/20/2003 -0500, David G. Andersen wrote:
>On Thu, Feb 20, 2003 at 08:09:31AM -0500, William Allen Simpson quacked:
>>
>> Anybody have a pointer to scripts to map IP to AS?
>>
>> There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
>> and I'd like to start blocking routing to those irresponsible AS's
>> that haven't blocked their miscreant customers.
>>
>> http://isc.sans.org/port_details.html?port=1434
>
> You can use a quick perl wrapper around whois, or you
>could use this terribly ugly hacked up traceroute-ng that I
>wrote to do lookups:
>
> http://nms.lcs.mit.edu/software/ron/lookup_as.c
>
>Compile with
>
> gcc -DSTANDALONE=1 lookup_as.c -o lookup_as -lm
>
>And then run. It gets the job done, but it's ugly. :)
>
> -Dave
>
>--
>work: dga at lcs.mit.edu me: dga at pobox.com
> MIT Laboratory for Computer Science http://www.angio.net/
> I do not accept unsolicited commercial email. Do not spam me.
More information about the NANOG
mailing list