Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another little script I threw together

Published: 2008-07-02
Last Updated: 2008-07-02 21:14:43 UTC
by Jim Clausing (Version: 1)
2 comment(s)

For the day job, I sometimes need to gather info about an IP address that is being used to launch attacks.  I normally query several different whois servers to find this info.  Being the lazy individual that I am (and because I'm pretty comfortable in Perl), I wrote a little perl script (using a couple of nice packages that others had put together previously, all can be found on CPAN), to grab all the info at once.  The result is ip-as-geo.pl which gives me the following info (separated by |'s): the IP, the CIDR block (or net range) it belongs to, the 2 letter country code where it was allocated (understanding that the system itself may not be in that country), the country name spelled out (in case I can't remember what US stands for), the ASN the IP belongs to, the BGP prefix for that ASN, and who that ASN is registered to.  If you find this useful, great.  If you don't, please don't send me e-mail telling me it was stupid.  If you have suggestions for improvements, please do send those.

 

---Jim

Keywords: perl whois info
2 comment(s)
Diary Archives