IP-BGP
Introduction
A couple services have been established for mapping IP numbers to BGP prefixes and ASNs:
- Whois (TCP 43)
- DNS (UDP 53)
Three modes are supported origin, peer, and prefix. The data returned is basically the same except that the peer mode also lists the BGP peers for the ASN.
The data to support these services are collected from the following sources:
- AS Names: http://bgp.potaroo.net/as1221/asnames.txt
- BGP Feed: http://routeviews.org/
Whois
The whois interface is used as follows:
Whois/Origin
$ whois -h asn.shadowserver.org origin 17.112.152.32 714 | 17.112.0.0/16 | APPLE-ENGINEERING | US | APPLE.COM | APPLE COMPUTER INC
The output is as follows
ASN | Prefix | AS Name | CN | Domain | ISP
Whois/Peer
Using the peer mode is very similar:
$ whois -h asn.shadowserver.org peer 17.112.152.32 3356 7018 | 714 | 17.112.0.0/16 | APPLE-ENGINEERING | US | APPLE.COM | APPLE COMPUTER INC
The output is as follows
Peer(s) | ASN | Prefix | AS Name | CN | Domain | ISP
A more verbose mode is also available:
$ whois -h asn.shadowserver.org peer 4.5.6.4 verbose 3356 | 4.0.0.0/9 | LEVEL3 | US | DSL-VERIZON.NET | GTE.NET LLC 209 ASN-QWEST Qwest 293 ESNET Energy Sciences Network 701 UUNET MCI Communications Services, Inc. d/b/a Verizon Business 702 AS702 Verizon Business EMEA - Commercial IP service provider in Europe 1239 SPRINTLINK Sprint 1668 AOL-ATDN AOL Transit Data Network 2497 JPNIC-ASBLOCK AP JPNIC 2828 XO-AS15 XO Communications 2914 NTT-COMMUNICATIONS-2 NTT America, Inc. 3257 TISCALI BACKBONE Tiscali Intl Network BV 3303 SWISSCOM Swisscom Solutions Ltd 3333 RIPE-NCC AS RIPE Network Coordination Centre 3356 LEVEL3 Level 3 Communications 3549 GBLX Global Crossing Ltd. 3561 SAVVIS Savvis 4513 Globix Corporation 4637 REACH Reach Network Border AS 5459 LINX AS London Internet Exchange Ltd. 5511 OPENTRANSIT France Telecom 6079 RCN-AS RCN Corporation 6395 BROADWING Broadwing Communications Services, Inc. 6453 GLOBEINTERNET VSNL International 6461 MFNX MFN - Metromedia Fiber Network 7018 ATT-INTERNET4 AT&T WorldNet Services 8075 MICROSOFT-CORP---MSN Microsoft Corp 12956 TELEFONICA Telefonica Backbone Autonomous System
Whois/Prefix
$ whois -h asn.shadowserver.org prefix 8075 64.4.0.0/18 65.54.8.0/22 65.54.48.0/20 65.54.74.0/23 65.54.80.0/23 65.54.83.0/24 65.54.86.0/23 65.54.92.0/23 65.54.94.0/23 65.54.96.0/20 65.54.120.0/21 65.54.128.0/19 <<CHOPPED>>
Whois Batch Mode
The Whois server also supports batch mode where a list of IP addresses can be handled. For example:
begin origin 4.5.4.3 17.112.152.32 208.77.188.166 end
Use netcat, telnet, or perl to send your list to the whois server:
$ netcat asn.shadowserver.org 43 < /tmp/list 3356 | 4.0.0.0/9 | LEVEL3 | US | DSL-VERIZON.NET | GTE.NET LLC 714 | 17.112.0.0/16 | APPLE-ENGINEERING | US | APPLE.COM | APPLE COMPUTER INC 40528 | 208.77.188.0/22 | ICANN-LAX | - | - | -
DNS
The format for a DNS based origin lookup is:
$ dig +short 32.152.112.17.origin.asn.shadowserver.org TXT "714" "|" "17.112.0.0/16" "|" "APPLE-ENGINEERING" "|" "US" "|" "APPLE.COM" "|" "APPLE" "COMPUTER" "INC"
And the format for a ”peer’ lookup is:
$ dig +short 32.152.112.17.peer.asn.shadowserver.org TXT "3356" "7018" "|" "714" "|" "17.112.0.0/16" "|" "APPLE-ENGINEERING" "|" "US" "|" "APPLE.COM" "|" "APPLE" "COMPUTER" "INC"
http://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP
Other Res : BGP Monitoring http://www.team-cymru.org/Monitoring/BGP/