In an effort to estimate the degree to which a block of Internet addresses
have been assigned the same PTR record,
I'm attempting to reassign the contents of randomly selected fields in the
retrieved addresses of the block.
I've found a script which generates a random number among the numerals 4
through 7: shuf -i 4-7 -n 1
Reference:
https://stackoverflow.com/questions/2556190/random-number-from-a-range-in-a-bash-script
Also another script to create a random four-digit hexadecimal number,
suitably modified: echo "#$(openssl rand -hex 2)" | tr -d '\#'
https://stackoverflow.com/questions/40277918/shell-script-to-generate-random-hex-numbers/40278205
These both produce the desired outputs, but I have been unable to write a
script which causes the randomly generated field
number from the output of the first function to replace that field with the
output from the second function.
This technique is based on my training in metallurgy, where averaging of
randomly selected fields in a microscopic view
can be proven mathematically to represent the property of the entire view.
Why I want to do this: The number of addresses in a block such as
field:field::/32 is too large to look up over several
lifetimes.
I've written a script which replaces the last field in the IPv6 address with
:0/112 so that the script which looks up the
PTR records has just 64K addresses & PTR's in its output. Repeating the
script for a hundred or so found IPv6 addresses
takes several hours, which is tolerably quick for my purposes. Repeating that
task for my suggested random changes in the
source IPv6 addresses within just the 4th through 7th fields will not usually
cause the search to stray outside the original
CIDR blocks of the source addresses. That would randomly sample the
originating CIDR block, all the more so, the more times
the proposed script is run.
I've done something like this by running my basic nmap search script on two
data sets for the same PTR record, one gleaned
from the Internet with a search on the hostname/PTR record, and the other
from a database of publicly available recent-visitor
data gathered without first applying hostname-lookup to the original visitor
addresses. Each address set was different from
the other, both had around a hundred addresses, and the outputs of each nmap
search script lists over six million identical
PTR records, making twelve million ... how many more are there ?
George Langford
