It has been a long time since I wrote my last blog post, Just a little busy with the job and my university but this last weekend I was having a rest time, meanwhile I's reading about Ipv6 addressing tips for ISP's [1] I was wondering why I didn't play with the Lacnic assignments in the past, sometimes you just learn how internet in general works and you can go more deeper than it is.The Ipv4 assignments could be used to scan and check for new vulnerabities[2][3] inside a specific area or territory of the world.
Trying to get more information about Colombian's ip assignments we know that internet is a big number of connections between different AS, ASs are generally Internet service providers but can also be large companies, universities, and other such organizations who act as independent entities on the Internet. These AS's are responsible for assigning individual IP addresses and routing traffic from individual machines out to and in from the wider Internet, So we want to get more information about the Ipv4 assignments and the best way to get this is going to the primary source for IP address data and it's the regional Internet registries which allocate and distribute IP addresses through organizations located in their respective service regions, This regions are:
- African Network Information Centre (AfriNIC)
- American Registry for Internet Numbers(ARIN)
- Asia-Pacific Network Information Centre (APNIC)
- Latin American and Caribbean Internet Address Registry (LACNIC)
- RIPE Network Coordination Centre (RIPE NCC)
According to wikipedia the main aims are to :
Every Regional Internet registry has it's own ftp service sharing information related to the assignments [5] and also a mirror of the other RI'r.
- Protect the unallocated IP number resource pool,
- Promote and protect the bottom-up policy development process of the Internet, and
- Act as a focal point for Internet community input into the RIf system.
As it's shown in the picture you can see all the content inside the /pub (public folder)
Checking all the directory structure, assignments are in /pub/stats/region |
In my case I'm interest in all the IP addressing assignments by Lacnic and specifically my country Colombia.
Just get delegated-lacnic-extended-latest and delegated-lacnic-extended-latest.md5 files wich are that contains all the information That we need to play with, also notice the update history and the date in the ftp.Getting files to play with |
You can get this result running a simple filter and cat I like the bash way so here it is :
cat delegated-lacnic-extended-latest|cut -d '|' -f 2|sort |uniq >country cat countryGrepping by Country:
Now to get the information in what we're interests we need to filter our file by country and IPv4 the file itself has a 8 column format as is explained above:
Column 1:Regional Internet registry (Lacnic in this case)
Column 2:Country Code (CO)
Column 3:Ip Class,Type Resource (ASN,IPV4,IPV6)
Column 4:Network Begin
Column 5:Ip Address Quantity
Column 6:Assignment Date.
Column 7:Organization Type
Column 8: unknow for me.
cat delegated-lacnic-extended-latest | grep -i "CO|IPV4"and after that we get something like this :
lacnic|CO|ipv4|66.231.64.0|4096|19870101|allocated|75710 lacnic|CO|ipv4|131.0.136.0|1024|20140711|allocated|220116 lacnic|CO|ipv4|131.0.168.0|1024|20140714|allocated|218493 lacnic|CO|ipv4|131.108.168.0|1024|20140902|allocated|30093We can get 375 entries but how many ipv4 addresses are assigned to CO in total?
off course this could be done filtering the 5 column and the IP to ASN Mapping Project
Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data available, and how to query, check out our IP to ASN Mapping Project.dding line per line in order to get the total number.
cat Colombia.txt |cut -d '|' -f5 |awk '{s+=$1} END {printf "%.0f", s}'17.263.593 in IPv4 assignments to Colombian Country until the last update of file.
In this amount of IPv4 Addresses we will be pretty interest in entities that don't waste time and money searching for you generally this type of entities are non-goverment such as universities, public schools but always without goverment asociation.Offcourse we can use a service to query for some basic AS information directly and for this I'm going to use the Team Cymru's nslookup.
The IP to ASN Mapping Project
Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data available, and how to query, check out our IP to ASN Mapping Project.Follow the steps given in the official website, using netcat is a better way to get this information, you can filter out the ips addresses using the next :
grep -i 'ipv4\|ipv6' Colombia.txt|cut -d '|' -f4 >ipsColombia.txtMaybe the previous won't work because you need to map an IPv6 address or prefix to a corresponding BGP Origin ASN.if you just want the ipv4 version :
grep -i 'ipv4' Colombia.txt|cut -d '|' -f4 >ipsColombia.txt
then add the begin and end word to the file.
netcat whois.cymru.com 43 < ipsColombia.txt | sort -n > asninfo.txt #ipv4, and ipv6
I hope that this information could be useful , cheers
c1b3rh4ck.
References
[1] http://portalipv6.lacnic.net/en/ipv6-addressing-tips-for-isps/
[2] http://www.sinfocol.org/2015/03/freak-on-colombian-domain-names-and-heartbleed-one-year-later/
[3] http://www.mcafee.com/us/resources/reviews/esg-vulnerability-manager.pdf
[4] http://cyber.law.harvard.edu/netmaps/methods.php
[5] ftp://ftp.lacnic.net/pub/stats
[6] http://www.team-cymru.org/IP-ASN-mapping.html
0 comentarios:
Post a Comment