This Sunday I was looking at global routing table dump and found AS1 announcing some very weird prefixes.
AS1 i.e Autonomous System Number 1 belongs to Level3 but as far as I know they are not actively using it. They use AS3356 globally (along with Global Crossing’s AS3549). I noticed quite a few prefixes of a Brazil based telecom provider - Netvip Telecomunicaes being announced by AS1. Some of entries in global routing table belonging to AS1 (as picked from BGP table dump of route-views archive):
Sometimes we see interesting IP’s in traceroute & they confuse lot of people.
I have seen this topic in discussion twice on NANOG and once on Linux Delhi user group. OK - let’s pick an example: anurag:~ anurag$ traceroute 18.104.22.168 traceroute to 22.214.171.124 (126.96.36.199), 64 hops max, 52 byte packets 1 router (10.10.0.1) 1.176 ms 0.993 ms 0.941 ms 2 188.8.131.52 (184.108.40.206) 20.626 ms 29.101 ms 19.216 ms 3 220.127.116.11 (218.
Sleepless night. Reading more about Quagga and it’s options.
In meanwhile a quick 5min script to enable domain to BGP/IP/ASN mapping. This script is using basic dig command (for finding IP address) and Team Cymru whois service for IP to ASN/block mapping.
#!/bin/bash \# Script for domain name to IP/ASN/BGP block mapping hostname=v4.whois.cymru.com IP=$(dig $1 a +short) whois -h $hostname " -c -p $IP" Yeah just 3 line script! Less code = more power!
Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru. Here’s the resource.
I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required. E.g
anurag@laptop:~$ whois -h v4.whois.cymru.com " -v 18.104.22.168" AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 15169 | 8.