Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Another little script I threw together - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another little script I threw together

For the day job, I sometimes need to gather info about an IP address that is being used to launch attacks.  I normally query several different whois servers to find this info.  Being the lazy individual that I am (and because I'm pretty comfortable in Perl), I wrote a little perl script (using a couple of nice packages that others had put together previously, all can be found on CPAN), to grab all the info at once.  The result is which gives me the following info (separated by |'s): the IP, the CIDR block (or net range) it belongs to, the 2 letter country code where it was allocated (understanding that the system itself may not be in that country), the country name spelled out (in case I can't remember what US stands for), the ASN the IP belongs to, the BGP prefix for that ASN, and who that ASN is registered to.  If you find this useful, great.  If you don't, please don't send me e-mail telling me it was stupid.  If you have suggestions for improvements, please do send those.



I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019


407 Posts
ISC Handler
dependency ... hell... need ... coffee.. :-)

5 Posts

Sign Up for Free or Log In to start participating in the conversation!