On 2016/04/15 16:04, Thomas Hungenberg th@cert-bund.de wrote:
On 01.04.2016 14:41, L. Aaron Kaplan wrote:
yes. We can replace it by a separate BGP table feed + a bot which queries this. See also the certtools/quagga-whois code.
I'm not a BGP/routing expert and I wonder what's the best way to deal with cases like this:
We are currently using Team Cymru's IP to ASN mapping service for our reports. Their service is afaik also based on BGP data and maps 31.7.176.0 to AS201011.
This is also what you get when querying riswhois.ripe.net: route: 31.7.176.0/20 origin: AS201011
I can't talk about the precision of Team Cymru's DB. However, the RIPE DB is about assignments whereas the BGP data / BGP routing tables of course is about current announcements. These might differ (though they should not ;-)
There is another way: run your own BGP full feed mirror and query it live: https://github.com/certtools/whois-quagga
Hope it helps, a.
However, there is a more specific /21 netblock registered with RIPE and RIPE Whois returns a different ASN for this IP:
inetnum: 31.7.176.0 - 31.7.191.255 [...] route: 31.7.176.0/21 origin: AS33891
- ThomasCERT-Bund Incident Response & Malware Analysis Team
Intelmq-dev mailing list Intelmq-dev@lists.cert.at http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev