Security Basics mailing list archives

RE: Identifying all the AS on a particular CIDR block

From: "Burton Strauss" <Burton () FelisCatus org>
Date: Fri, 12 Aug 2005 11:46:37 -0500

You can do it - sort of.  But it's VERY difficult and will not give good
quality.

The various registries and RADB make AS level whois queries available
through the command lines ... you'll need to walk the space as you get
answers back.

HOWEVER, the answers you will get are only as good as their input data which
is quite poor.  The various regional registries (ARIN, RIPE et al) only know
about major blocks announced by their customers.  RADB aggregates a lot of
data, but their picture is based on the core routers they're pulling bgp
data from.  Again aggregated.

(1) From the IANA list figure out what registry to look at:

http://www.iana.org/assignments/ipv4-address-space

gives:

024/8   May 01   ARIN - Cable Block                  (Formerly IANA - Jul
95)

Normally you would start querying and start walking... but 24/8 data isn't
available.

$ whois -h whois.radb.net 26.0.0.0/24
[Querying whois.radb.net]
[whois.radb.net]
route:         26.0.0.0/8
descr:         DISA Operations
               DISA / D3
               11440 Isaac Newton Sq.
               Reston, VA 22090-5087  
origin:        AS568 
mnt-by:        MAINT-AS568 
changed:       netreg () nic mil 20011009
source:        DoDNIC

See the 'origin:' line?  That's your (possibly aggregated) ASN.  But AFAIK
there's very little data in 24/8, probably because it's busted up among 100s
of Cable ISPs.

Try it on 24.0.0.0/8 and there's nothing there.

-----Burton


-----Original Message-----
From: Michael Painter [mailto:tvhawaii () shaka com] 
Sent: Thursday, August 11, 2005 1:45 AM
To: Paul Ryan; 'Security-Basics'
Subject: Re: Identifying all the AS on a particular CIDR block

----- Original Message ----- 
From: "Paul Ryan" <pryan () rogers wave ca>
To: "'Security-Basics'" <security-basics () securityfocus com>
Sent: Tuesday, August 09, 2005 8:31 AM
Subject: Identifying all the AS on a particular CIDR block

Hi all - I am performing a risk analysis on and have the need to list all
the ASN making use of various /8 - so for example

24.0.0.0/8 broken down into the ASN using this block ...any ideas ...


Sounds difficult.  Have you looked here?

http://www.fixedorbit.com/

--Michael

Current thread:

Identifying all the AS on a particular CIDR block Paul Ryan (Aug 10)
- Re: Identifying all the AS on a particular CIDR block Michael Painter (Aug 12)
  - RE: Identifying all the AS on a particular CIDR block Timothy Dillman (Aug 15)
  - RE: Identifying all the AS on a particular CIDR block Burton Strauss (Aug 15)
- Re: Identifying all the AS on a particular CIDR block routerg (Aug 12)
- Re: Identifying all the AS on a particular CIDR block Devdas Bhagat (Aug 15)