On 01.04.2016 14:41, L. Aaron Kaplan wrote:
yes. We can replace it by a separate BGP table feed + a bot which queries this. See also the certtools/quagga-whois code.
I'm not a BGP/routing expert and I wonder what's the best way to deal with cases like this:
We are currently using Team Cymru's IP to ASN mapping service for our reports. Their service is afaik also based on BGP data and maps 31.7.176.0 to AS201011.
This is also what you get when querying riswhois.ripe.net: route: 31.7.176.0/20 origin: AS201011
However, there is a more specific /21 netblock registered with RIPE and RIPE Whois returns a different ASN for this IP:
inetnum: 31.7.176.0 - 31.7.191.255 [...] route: 31.7.176.0/21 origin: AS33891
- Thomas
CERT-Bund Incident Response & Malware Analysis Team