[SLUG] (OT) IP number geographic locations
Is there a way of figuring out what IP numbers are located in .au? I know I can reverse look up and test for .au but that doesn't always work. I assume that somewhere there must be a list of allocations. TIA, David I'm really sorry.. this has NOTHING to do with subscriptions or spam... I couldn't think of anything to say... I was speechless!) -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
From: "David" <[EMAIL PROTECTED]> > > > Is there a way of figuring out what IP numbers are located in .au? > IP number allocations for '.au' is arbitrary dependent on the owner of the IP number. However, owners of IP numbers obtaining these numbers in Australia are assigned a range of 203.0.0.0 to 203.63.255.255 Once these Australian owners have their numbers they are free to assign their numbers to whatever suffix they require. So, '.au' may or may not be assigned a number in this range. > I know I can reverse look up and test for .au but that doesn't always > work. I assume that somewhere there must be a list of allocations. > Oscar Plameras http://www.acay.com.au/~oscarp/disclaimer.html -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
On Wed, Oct 01, 2003 at 08:15:23AM +1000, David wrote: > Is there a way of figuring out what IP numbers are located in .au? > > I know I can reverse look up and test for .au but that doesn't always > work. I assume that somewhere there must be a list of allocations. ARIN keeps a list of first-level allocations. A whois query to whois.arin.net for the IP address of interest should provide you with a record, from which you can retrieve the country code and see if it evaluates to AU. Try it - run 'whois 203.1.2.3 | grep "^country:"' in a terminal. Lovely. Repeat with any IP address you like, maybe even write a bit of awk or sed or something to strip out everything except the country code. Problem is, that ARIN (like most whois operators) doesn't want everyone hammering their whois servers, so if you make more than a certain number of queries in a certain time period, the server will just stop answering you for a while (a day or two, normally). Not what you're after, I'm sure. So some companies have stepped up to the plate to fill the void. There are several databases which have collated all of the ARIN info (or by some other means) and put it into a database for your use. You can get a lot of them by googling for "IP Address country database" (at least, it worked well for me about 20 seconds ago). Most of them appear to cost some money. Hope this speeds you on your quest. - Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] (OT) IP number geographic locations
> ARIN keeps a list of first-level allocations. A whois query > to whois.arin.net for the IP address of interest should > provide you with a record, from which you can retrieve the > country code and see if it evaluates to AU. Try it - run > 'whois 203.1.2.3 | grep "^country:"' in a terminal. > Lovely. Repeat with any IP address you like, maybe even > write a bit of awk > or sed or something to strip out everything except the country code. Once you find out who ARIN has allocated the IP range to, you can usually go and check their whois server. An example would be to do 'whois 203.1.2.3 @whois.apnic.net'. This will give you the name and address that APNIC have allocated the IP address to. Often these will be ISPs, some of whom have their own whois servers and so on. Tim White -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] (OT) IP number geographic locations
On Wed, 1 Oct 2003, Tim White wrote: > > ARIN keeps a list of first-level allocations. A whois query > > to whois.arin.net for the IP address of interest should > > provide you with a record, from which you can retrieve the > > country code and see if it evaluates to AU. Try it - run > > 'whois 203.1.2.3 | grep "^country:"' in a terminal. > > Lovely. Repeat with any IP address you like, maybe even > > write a bit of awk > > or sed or something to strip out everything except the country code. > > Once you find out who ARIN has allocated the IP range to, you can > usually go and check their whois server. > > An example would be to do 'whois 203.1.2.3 @whois.apnic.net'. This will > give you the name and address that APNIC have allocated the IP address > to. Often these will be ISPs, some of whom have their own whois servers > and so on. Thanks for suggestions. I guess I should not have been so cryptic in my question. Whois is not really an option because I'm trying to analyse a http log with thousands of entries. It's useful to know if the hit is local or foreign. It's not hard to find out where a given ip number comes from, but I was looking for a simple generic test - eg: all .au numbers are in the range 203.1.0.0 I'll keep looking. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
On Wed, Oct 01, 2003 at 11:16:25AM +1000, David wrote: > It's not hard to find out where a given ip number comes from, but I was > looking for a simple generic test - eg: all .au numbers are in the range > 203.1.0.0 One of the pre-compiled databases and a bit of script and you'll be away. I *think* that all of 203/8 is Australian, but sub-blocks within there could have been allocated elsewhere. Certainly 202/7 is allocated to APNIC, which is our part of the world. But unfortunately, you'll run into troubles because smaller blocks in various places can be allocated to Australian entities - do a whois on 150.101.1.1, for instance, to see the sort of chunks that get allocated to people. Not pretty. - Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
On Wed, 1 Oct 2003, David wrote:
> Is there a way of figuring out what IP numbers are located in .au?
>
> I know I can reverse look up and test for .au but that doesn't always
> work. I assume that somewhere there must be a list of allocations.
Good luck.
IP allocation is now so hodge-podge that one part of an IP block {a class
A netblock for example} could be in the US, one part in Singapore, one
part in Aust and other parts in Europe - or anywhere else.
VLSM makes life difficult. If I really want to find out where an IP is, I
traceroute to it and figure it out from the previous hop.
DaZZa
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
On Wed, 1 Oct 2003, Matthew Palmer wrote: > On Wed, Oct 01, 2003 at 08:15:23AM +1000, David wrote: > > Is there a way of figuring out what IP numbers are located in .au? > > > > I know I can reverse look up and test for .au but that doesn't always > > work. I assume that somewhere there must be a list of allocations. > > ARIN keeps a list of first-level allocations. A whois query to > whois.arin.net for the IP address of interest should provide you with a > record, from which you can retrieve the country code and see if it evaluates > to AU. Try it - run 'whois 203.1.2.3 | grep "^country:"' in a terminal. > Lovely. Repeat with any IP address you like, maybe even write a bit of awk > or sed or something to strip out everything except the country code. > > Problem is, that ARIN (like most whois operators) doesn't want everyone > hammering their whois servers, so if you make more than a certain number of > queries in a certain time period, the server will just stop answering you > for a while (a day or two, normally). Not what you're after, I'm sure. I assumed you meant "whois @whois.arin.net" and you could basically cache the NetRange: part depending on your application. EG if you just care whether it's Australia or not. -- -- Electronic Hobyist, Former Arcadia BBS nut, Occasonal nudist, Linux Guru, SLUG/AUUG/Linux Australia member, Sydney Flashmobber, BMX rider, Walker, Raver & rave music lover, Big kid that refuses grow up. I'd make a good family pet, take me home today! Do people actually read these things? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
One fast way to do this is via Perl - try installing any of these from CPAN: Geo::IP Geo::IP::PurePerl Geo::IPfree Cheers, Gavin On Wed, Oct 01, 2003 at 10:11:46AM +1000, Tim White wrote: > > ARIN keeps a list of first-level allocations. A whois query > > to whois.arin.net for the IP address of interest should > > provide you with a record, from which you can retrieve the > > country code and see if it evaluates to AU. Try it - run > > 'whois 203.1.2.3 | grep "^country:"' in a terminal. > > Lovely. Repeat with any IP address you like, maybe even > > write a bit of awk > > or sed or something to strip out everything except the country code. > > Once you find out who ARIN has allocated the IP range to, you can usually go > and check their whois server. > > An example would be to do 'whois 203.1.2.3 @whois.apnic.net'. This will give > you the name and address that APNIC have allocated the IP address to. Often > these will be ISPs, some of whom have their own whois servers and so on. -- Open Fusion P/L - Open Source Business Solutions [ Linux - Perl - Apache ] ph: 02 9875 5032fax: 02 9875 4317 web: http://www.openfusion.com.aumob: 0403 171712 - Fashion is a variable, but style is a constant - Programming Perl -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] (OT) IP number geographic locations
On Wed, 2003-10-01 at 10:46, David wrote: > Thanks for suggestions. I guess I should not have been so cryptic in my > question. Whois is not really an option because I'm trying to analyse a > http log with thousands of entries. It's useful to know if the hit is > local or foreign. > > It's not hard to find out where a given ip number comes from, but I was > looking for a simple generic test - eg: all .au numbers are in the range > 203.1.0.0 It's not possible to tell where a host is coming from based upon its IP address and the entry in whois. For example, IBM have a single allocation, they use that for their entire global network. Similarly for other multinationals. The records are also not maintained particularly well -- you'll find most users of the Internet >7 years are all registered in the US. But why look at the IP address? TCP maintains an estimate of the round-trip time for a connection. Australia pretty much only connects to other countries through the west coast of the USA, a latency of >90ms. So any TCP connection with a RTT ~> 200ms is pretty certain to be foreign. The Web100 project has kernel hacks to let you get this data from the kernel and utilities to let you log all TCP connections. Alternatively, you could use you ISP's BGP routing table. Most ISPs mark routes with a community stating what PoP learned the route. So if you pull in a feed you can look up the IP address and see if it was learned by one of their overseas PoPs. Both of these methods are non-trivial to implement. Which is usually about the stage that most people decide that they don't need geographic web stats. We use something like the second tactic to prevent overseas hosts from using mirror.aarnet.edu.au (since there's another copy of the software 14,000Km closer). It's not perfect as some Australian ISPs like to route data from their Australian customers through the USA. -- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Network Engineer Email: [EMAIL PROTECTED] Australian Academic & Research Network www.aarnet.edu.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] (OT) IP number geographic locations
On 2 Oct 2003, Glen Turner wrote: > On Wed, 2003-10-01 at 10:46, David wrote: > > > It's not hard to find out where a given ip number comes from, but I was > > looking for a simple generic test - eg: all .au numbers are in the range > > 203.1.0.0 > > It's not possible to tell where a host is coming from > based upon its IP address and the entry in whois. > For example, IBM have a single allocation, they use > that for their entire global network. Similarly for > other multinationals. The records are also not > maintained particularly well -- you'll find most > users of the Internet >7 years are all registered > in the US. Depends if they provide internal allocations to countries or not. It suffices to say that nothing is 100% with the internet. Like you I would have thought BGP probably the best gamble but what's stopping people using another country's satelites & dialup connections. Plus basically you're trusting anonymous third parties to provide information about routing even with BGP. It's just they have a vested interest in getting it at least mostly correct. > But why look at the IP address? TCP maintains an > estimate of the round-trip time for a connection. > Australia pretty much only connects to other > countries through the west coast of the USA, a > latency of >90ms. So any TCP connection with > a RTT ~> 200ms is pretty certain to be foreign. > The Web100 project has kernel hacks to let you > get this data from the kernel and utilities to > let you log all TCP connections. you gotta be kidding right? by that logic our office must be on the moon at the moment. We're converting our ADSL over and for the moment are stuck on a modem that's rather saturated. Even going a few hops back up the route could be problematic, although I suppose going from the other end would be sufficient. -- -- Electronic Hobyist, Former Arcadia BBS nut, Occasonal nudist, Linux Guru, SLUG/AUUG/Linux Australia member, Sydney Flashmobber, BMX rider, Walker, Raver & rave music lover, Big kid that refuses grow up. I'd make a good family pet, take me home today! Do people actually read these things? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] (OT) IP number geographic locations
> Is there a way of figuring out what IP numbers are located in .au? Use the "Spike" program from Goldeneye. Stuart. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
