Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Another little script I threw together - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another little script I threw together

For the day job, I sometimes need to gather info about an IP address that is being used to launch attacks.  I normally query several different whois servers to find this info.  Being the lazy individual that I am (and because I'm pretty comfortable in Perl), I wrote a little perl script (using a couple of nice packages that others had put together previously, all can be found on CPAN), to grab all the info at once.  The result is ip-as-geo.pl which gives me the following info (separated by |'s): the IP, the CIDR block (or net range) it belongs to, the 2 letter country code where it was allocated (understanding that the system itself may not be in that country), the country name spelled out (in case I can't remember what US stands for), the ASN the IP belongs to, the BGP prefix for that ASN, and who that ASN is registered to.  If you find this useful, great.  If you don't, please don't send me e-mail telling me it was stupid.  If you have suggestions for improvements, please do send those.

 

---Jim

Jim

397 Posts
ISC Handler
dependency ... hell... need ... coffee.. :-)
Erik

5 Posts Posts
neat!
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!