Home page logo

nanog logo nanog mailing list archives

Re: scripts to map IP to AS?
From: "Martin J. Levy" <mahtin () mahtin com>
Date: Thu, 20 Feb 2003 09:11:02 -0800

Dave (and anyone that downloads lookup_as.c),

Grab a newer version of traceroute.c -- There is a CLASSFULL piece of code within the 2.9.3 code-base used in 
lookup_as.c.  The newer traceroute.c code removes the 192/8 & 128/8 testing.  This is a cut-n-paste from the newer 
traceroute-nanog-6.3.0/traceroute.c.  It can be cut-n-pasted into your code...

*  Lookup origin of the net in radb.

char *lookup_as(in)
struct in_addr in;
 static char query[100];
 static unsigned char *addr_ptr;
 static char *sp;
 char *get_origin();

 addr_ptr = (unsigned char *) (&in.s_addr);

 if (addr_ptr[0] >= 192) {
   sprintf (query, "%d.%d.%d.0",addr_ptr[0],addr_ptr[1],addr_ptr[2]);
 } else if (addr_ptr[0] >= 128) {
   sprintf (query, "%d.%d.0.0",addr_ptr[0],addr_ptr[1]);
 } else {
   sprintf (query, "%d.0.0.0",addr_ptr[0]);
 sprintf (query,"%d.%d.%d.%d",addr_ptr[0],addr_ptr[1],addr_ptr[2],addr_ptr[3]);

 sp = get_origin(query);
/*  printf("as_lookup: get_origin returned %d\n",sp); */
 if (0==sp) {
    return((char *)&nullstring);
 } else {


Or you could use the following shell script...

        exec whois "$1 () whois ra net"

...which is somewhat quicker and does what lookup_as.c does.


At 10:07 AM 2/20/2003 -0500, David G. Andersen wrote:

On Thu, Feb 20, 2003 at 08:09:31AM -0500, William Allen Simpson quacked:

Anybody have a pointer to scripts to map IP to AS? 

There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets, 
and I'd like to start blocking routing to those irresponsible AS's 
that haven't blocked their miscreant customers.


 You can use a quick perl wrapper around whois, or you
could use this terribly ugly hacked up traceroute-ng that I
wrote to do lookups:


Compile with

  gcc -DSTANDALONE=1 lookup_as.c -o lookup_as -lm

And then run.  It gets the job done, but it's ugly. :)


work: dga () lcs mit edu                          me:  dga () pobox com
     MIT Laboratory for Computer Science           http://www.angio.net/
     I do not accept unsolicited commercial email.  Do not spam me.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]