Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IP to CIDR/IP-Range [closed]

Does anyone know of an API / Script which gives me the CIDR for the network of an IP address? Not IP-Range to CIDR!

Background: A fraudster registers on my site and use a proxy or a web hoster to hide his IP address or to fake his ip position. Now it makes little sense to just block his IP address. I want to lock the whole network of the hoster for registration. So I need to make a ip whois to get the CIDR of the network. I want to automate it.

like image 659
fxs Avatar asked Dec 31 '14 12:12

fxs


People also ask

How do I get IP range from CIDR?

The formula to calculate the number of assignable IP address to CIDR networks is similar to classful networking. Subtract the number of network bits from 32. Raise 2 to that power and subtract 2 for the network and broadcast addresses. For example, a /24 network has 232-24 - 2 addresses available for host assignment.

What is IP CIDR range?

What is CIDR? Classless Inter-Domain Routing (CIDR) is a range of IP addresses a network uses. A CIDR address looks like a normal IP address, except that it ends with a slash followed by a number. The number after the slash represents the number of addresses in the range.

What is IPv4 CIDR block?

An IPv4 CIDR block has a four groups of up to three decimal digits, 0-255, separated by periods, followed by a slash and a number from 0 to 32. For example, 10.0. 0.0/16. An individual IPv6 address is 128 bits, with 8 groups of 4 hexadecimal digits.

Why do IP addresses stop at 255?

The reason each number can only reach up to 255 is that each of the numbers is really an eight digit binary number (sometimes called an octet). In an octet, the number zero would be 00000000, while the number 255 would be 11111111, the maximum number the octet can reach.


1 Answers

IP addresses are issued to the end users by the LIRs (Local Internet registry). LIRs are required to register various details for any assigned address space in their appropriate RIRs (Regional Internet registry) databases. There are 5 RIRs (ARIN, RIPE NCC, APNIC, LACNIC and AfriNIC) responsible for different parts of the world. As far as I know they all provide RESTful APIs you can use to get the info you need.

For example if the IP is from Europe, you can use RIPE API to search for inetnum or route objects which are related to some IP address:

http://rest.db.ripe.net/search?query-string=194.79.41.40

You will get multiple objects inside a whois-resource and the one that is most interesting to you is the route object:

<object type="route">
 <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/route/194.79.40.0/22AS35796"/>
 <source id="ripe"/>
 <primary-key>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="origin" value="AS35796"/>
 </primary-key>
 <attributes>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="descr" value="NBS"/>
  <attribute name="origin" value="AS35796" referenced-type="aut-num">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/aut-num/AS35796"/>
  </attribute>
  <attribute name="mnt-by" value="NBS-MNT" referenced-type="mntner">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/mntner/NBS-MNT"/>
  </attribute><attribute name="source" value="RIPE" comment="Filtered"/>
 </attributes>
</object>

Keep in mind that this route object can be a summary scope that is larger then the one user actually belongs to, but this is the best you can get.

Check the following links for other RIRs:

  • AFRINIC (Africa): afrinic.net
  • APNIC (Asia Pacific): apnic.net
  • ARIN (Northern America): arin.net
  • LACNIC (Latin America and the Carribean): lacnic.net

Edit: I should have mentioned this in my original answer but I got distracted by the API part. Behind all this is actually a whois protocol which is very simple to implement especially if you're dealing with programming languages where parsing the JSON or XML requires some work.

Whois protocol uses TCP port 43 and after connecting to the server only thing you need to do is send the search key (in your case the IP address). You will get the response and the server will terminate the connection. That's it. You can try to telnet whois.ripe.net 43 and after opening the connection just send 194.79.41.40 or other IP issued by RIPE NCC.

One of the problems with whois is that there is no central database which you can query and always get the result, instead you need to query the RIR that issued the specific IP. But even if you 'miss' the right RIR and query (for example) the whois.iana.org for the address which is issued by RIPE NCC you will get the response with the right whois server and the organization (RIR) that issued the IP. So you can check the geolocation statistics for your users and prioritize one whois server that will most likely get you the result, or use the response to pick the second server to query.

One other problem is that the responses are not standardized so you will have to make a response parser for each of 5 whois servers.

like image 156
pajaja Avatar answered Sep 17 '22 02:09

pajaja