[Tutor] IP numbers and Python

Lloyd Kvam pythontutor@venix.com
Wed, 27 Feb 2002 18:09:16 -0500


You will probably want to run whois directly on an IP address:
	whois 63.79.56.12@whois.arin.net	(my IP address)
<returns>:
[whois.arin.net]
UUNET Technologies, Inc. (NETBLK-UUNET63) UUNET63   63.64.0.0 - 63.127.255.255
Turnpike Technologie (NETBLK-UU-63-79-56) UU-63-79-5663.79.56.0 - 63.79.63.255

To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
</returns>

Then you would follow up with:
	whois "!netblk-uu-63-79-56"@whois.arin.net
and
	whois "!netblk-uunet63"@whois.arin.net

whois is found on unix (and linux) systems.  I do not know where to get it
for Windows.  That's why I used the web site in my earlier post.

Besides ARIN which covers the Americas and more, there are registries:
	RIPE NCC 	(Europe)
	and APNIC 	(Asia / Pacific)
with servers:
	@whois.ripe.net
	@whois.apnic.net



Kojo Idrissa wrote:

> On Wed, 27 Feb 2002 09:54:01 -0800
> 
>> Another alternative is a self-contained router. I've seen a 4-port from
>> LinkSys that has a firewall for a couple-hundred dollars. Has a nice
>> browser-based interface, etc.
> 
> 
> I saw one of these at my local MicroCenter.  $99 for a four port-er.  
> I'm in the process of building a home network and I considered getting 
> one to share my DSL with the network. 
> Now, (to bring this back on topic) what would be interesting would be a 
> Python script that parsed your firewall log files for the IPs (and/or 
> any other info you wanted), then used the DNS lookup site Llyod (I 
> think) mentioned to get some idea of where the scans are coming from.  
> You could even get fancy and have it create a graph of some 
> sort...percentage of scans/attacks from various addresses or address 
> block owners or ISPs.  You could even keep track of the information over 
> time, to see what trends develop.  I'm pretty sure all the functionality 
> for this exists in various Python modules. 
> Hmmm...I just might try that myself once I get my home network up and 
> running.  Sounds like a good project for someone wanting to get into 
> Networking.  (That would be me...)
> 
> Don't you love it when a seemingly off-topic post gives birth to new ideas?
> :-)
> 
> _______________________________________________
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
> 


-- 
Lloyd Kvam
Venix Corp.
1 Court Street, Suite 378
Lebanon, NH 03766-1358

voice: 
603-443-6155
fax: 
801-459-9582