IP to CIDR/IP-Range [closed]

Question

Does anyone know of an API / Script which gives me the CIDR for the network of an IP address? Not IP-Range to CIDR!

Background: A fraudster registers on my site and use a proxy or a web hoster to hide his IP address or to fake his ip position. Now it makes little sense to just block his IP address. I want to lock the whole network of the hoster for registration. So I need to make a ip whois to get the CIDR of the network. I want to automate it.

Answer 1

IP addresses are issued to the end users by the LIRs (Local Internet registry). LIRs are required to register various details for any assigned address space in their appropriate RIRs (Regional Internet registry) databases. There are 5 RIRs (ARIN, RIPE NCC, APNIC, LACNIC and AfriNIC) responsible for different parts of the world. As far as I know they all provide RESTful APIs you can use to get the info you need.

For example if the IP is from Europe, you can use RIPE API to search for inetnum or route objects which are related to some IP address:

http://rest.db.ripe.net/search?query-string=194.79.41.40

You will get multiple objects inside a whois-resource and the one that is most interesting to you is the route object:

<object type="route">
 <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/route/194.79.40.0/22AS35796"/>
 <source id="ripe"/>
 <primary-key>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="origin" value="AS35796"/>
 </primary-key>
 <attributes>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="descr" value="NBS"/>
  <attribute name="origin" value="AS35796" referenced-type="aut-num">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/aut-num/AS35796"/>
  </attribute>
  <attribute name="mnt-by" value="NBS-MNT" referenced-type="mntner">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/mntner/NBS-MNT"/>
  </attribute><attribute name="source" value="RIPE" comment="Filtered"/>
 </attributes>
</object>

Keep in mind that this route object can be a summary scope that is larger then the one user actually belongs to, but this is the best you can get.

Check the following links for other RIRs:

• AFRINIC (Africa): afrinic.net
• APNIC (Asia Pacific): apnic.net
• ARIN (Northern America): arin.net
• LACNIC (Latin America and the Carribean): lacnic.net

---

Edit: I should have mentioned this in my original answer but I got distracted by the API part. Behind all this is actually a whois protocol which is very simple to implement especially if you're dealing with programming languages where parsing the JSON or XML requires some work.

Whois protocol uses TCP port 43 and after connecting to the server only thing you need to do is send the search key (in your case the IP address). You will get the response and the server will terminate the connection. That's it. You can try to telnet whois.ripe.net 43 and after opening the connection just send 194.79.41.40 or other IP issued by RIPE NCC.

One of the problems with whois is that there is no central database which you can query and always get the result, instead you need to query the RIR that issued the specific IP. But even if you 'miss' the right RIR and query (for example) the whois.iana.org for the address which is issued by RIPE NCC you will get the response with the right whois server and the organization (RIR) that issued the IP. So you can check the geolocation statistics for your users and prioritize one whois server that will most likely get you the result, or use the response to pick the second server to query.

One other problem is that the responses are not standardized so you will have to make a response parser for each of 5 whois servers.