Re: BGP hijack from 23724 -> 4134 China?

[James Hess <mysidia () gmail com>]

On Thu, Apr 8, 2010 at 9:35 PM, Brielle Bruns <bruns () 2mbit com> wrote:

> I grabbed that access-list from the routers directly, so thats why it's been
> generated already.  If there's a tool for UNIX/Linux that can generate the
> wildcard masks from CIDR in bulk for use in creating ACLs, I'd be happy to
> put it up on the page.

UNIX/Linux users can probably accomplish using simple scripting,
since there are perl modules  such as   NetAddr::IP  available.
eg

#!/usr/bin/perl
use Net::CIDR qw/cidradd/;
use NetAddr::IP;
@list=();
while (<>) {
    chomp;
    while ( $_ =~ s/^\s*([a-fA-F0-9:.]+)\/(\d+)\s*/ / ) {
        @list = cidradd($1 . '/' . $2, @list);
    }
}
for (@list) {      $ip = new NetAddr::IP($_);
      print "access-list 199 deny " . $ip->addr() . " " . $ip->wildcard() . "\n"
;
}




--
-J