[Intelmq-dev] Possible License Conflict for ASN-Lookup Bot
L. Aaron Kaplan
kaplan at cert.at
Fri Apr 15 20:29:49 CEST 2016
On 2016/04/15 16:04, Thomas Hungenberg <th at cert-bund.de> wrote:
> On 01.04.2016 14:41, L. Aaron Kaplan wrote:
> > yes. We can replace it by a separate BGP table feed + a bot which queries this.
> > See also the certtools/quagga-whois code.
>
> I'm not a BGP/routing expert and I wonder what's the best way to deal with
> cases like this:
>
> We are currently using Team Cymru's IP to ASN mapping service for our reports.
> Their service is afaik also based on BGP data and maps 31.7.176.0 to AS201011.
>
> This is also what you get when querying riswhois.ripe.net:
> route: 31.7.176.0/20
> origin: AS201011
I can't talk about the precision of Team Cymru's DB.
However, the RIPE DB is about assignments whereas the BGP data / BGP routing tables of course is about current announcements.
These might differ (though they should not ;-)
There is another way: run your own BGP full feed mirror and query it live:
https://github.com/certtools/whois-quagga
Hope it helps,
a.
>
> However, there is a more specific /21 netblock registered with RIPE and
> RIPE Whois returns a different ASN for this IP:
>
> inetnum: 31.7.176.0 - 31.7.191.255
> [...]
> route: 31.7.176.0/21
> origin: AS33891
>
> - Thomas
>
> CERT-Bund Incident Response & Malware Analysis Team
>
> _______________________________________________
> Intelmq-dev mailing list
> Intelmq-dev at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
More information about the Intelmq-dev
mailing list