who_is_using_this_ip_address
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
who_is_using_this_ip_address [2014/01/11 15:16] – samer | who_is_using_this_ip_address [2014/01/11 15:28] – samer | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Who is Using This IP Address? ===== | ||
A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilized for instance to perform user localization and enable location-based services or user access control. In this context, a main technical challenge is to associate the IP address or prefix with its corresponding Autonomous System (AS). | A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilized for instance to perform user localization and enable location-based services or user access control. In this context, a main technical challenge is to associate the IP address or prefix with its corresponding Autonomous System (AS). | ||
Line 15: | Line 16: | ||
An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, | An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, | ||
- | {% img center /images/bgp-table.png | + | [{{ :bgp-table.png? |
- | However, having access to a DFZ BGP router is not easy in practice. Alternatively, | + | However, having access to a DFZ BGP router is not easy in practice. Alternatively, |
- | Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/ | + | Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/ |
$ telnet route-server.east.bb.allstream.net | $ telnet route-server.east.bb.allstream.net | ||
Line 42: | Line 43: | ||
Community: 15290:3356 15290:64995 15290:65050 15290:65506 | Community: 15290:3356 15290:64995 15290:65050 15290:65506 | ||
- | Despite its availabitlity, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script. | + | Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script. |
1- Team Cymru implements the `whois.cymru.com` server | 1- Team Cymru implements the `whois.cymru.com` server |
who_is_using_this_ip_address.txt · Last modified: 2014/02/15 23:31 by samer