IP 到 CIDR/IP 范围 [英] IP to CIDR/IP-Range

问题描述

有谁知道提供 IP 地址网络 CIDR 的 API/脚本?不是 IP 范围到 CIDR！

Does anyone know of an API / Script which gives me the CIDR for the network of an IP address? Not IP-Range to CIDR!

背景:欺诈者在我的网站上注册并使用代理或网络托管服务来隐藏他的 IP 地址或伪造他的 IP 位置.现在，仅仅阻止他的 IP 地址毫无意义.我想锁定主机的整个网络进行注册.所以我需要制作一个 ip whois 来获取网络的 CIDR.我想自动化.

Background: A fraudster registers on my site and use a proxy or a web hoster to hide his IP address or to fake his ip position. Now it makes little sense to just block his IP address. I want to lock the whole network of the hoster for registration. So I need to make a ip whois to get the CIDR of the network. I want to automate it.

推荐答案

IP 地址由 LIR(本地 Internet 注册中心)颁发给最终用户.LIR 需要在其适当的 RIR(区域互联网注册)数据库中注册任何已分配地址空间的各种详细信息.有 5 个 RIR(ARIN、RIPE NCC、APNIC、LACNIC 和 AfriNIC)负责世界不同地区.据我所知，它们都提供了 RESTful API，您可以使用它来获取所需的信息.

IP addresses are issued to the end users by the LIRs (Local Internet registry). LIRs are required to register various details for any assigned address space in their appropriate RIRs (Regional Internet registry) databases. There are 5 RIRs (ARIN, RIPE NCC, APNIC, LACNIC and AfriNIC) responsible for different parts of the world. As far as I know they all provide RESTful APIs you can use to get the info you need.

例如如果IP来自欧洲，您可以使用RIPE API来搜索与某个IP地址相关的inetnum或route对象:

For example if the IP is from Europe, you can use RIPE API to search for inetnum or route objects which are related to some IP address:

http://rest.db.ripe.net/search?查询字符串=194.79.41.40

您将在 whois-resource 中获得多个对象，而您最感兴趣的是 route 对象:

You will get multiple objects inside a whois-resource and the one that is most interesting to you is the route object:

<object type="route">
 <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/route/194.79.40.0/22AS35796"/>
 <source id="ripe"/>
 <primary-key>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="origin" value="AS35796"/>
 </primary-key>
 <attributes>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="descr" value="NBS"/>
  <attribute name="origin" value="AS35796" referenced-type="aut-num">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/aut-num/AS35796"/>
  </attribute>
  <attribute name="mnt-by" value="NBS-MNT" referenced-type="mntner">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/mntner/NBS-MNT"/>
  </attribute><attribute name="source" value="RIPE" comment="Filtered"/>
 </attributes>
</object>

请记住，此路由对象可以是比用户实际所属的范围更大的汇总范围，但这是您可以获得的最佳范围.

Keep in mind that this route object can be a summary scope that is larger then the one user actually belongs to, but this is the best you can get.

检查其他 RIR 的以下链接:

Check the following links for other RIRs:

• AFRINIC(非洲):afrinic.net
• APNIC(亚太地区):apnic.net
• ARIN(北美):arin.net
• LACNIC(拉丁美洲和加勒比):lacnic.net

我应该在我的原始答案中提到这一点，但我被 API 部分分心了.这一切背后实际上是一个 whois 协议，它实施起来非常简单，特别是如果您正在处理解析 JSON 或 XML 需要一些工作的编程语言.

I should have mentioned this in my original answer but I got distracted by the API part. Behind all this is actually a whois protocol which is very simple to implement especially if you're dealing with programming languages where parsing the JSON or XML requires some work.

Whois 协议使用 TCP 端口 43，在连接到服务器后，您唯一需要做的就是发送搜索键(在您的情况下是 IP 地址).您将获得响应，服务器将终止连接.就是这样.您可以尝试telnet whois.ripe.net 43，打开连接后只需发送194.79.41.40或RIPE NCC发布的其他IP.

Whois protocol uses TCP port 43 and after connecting to the server only thing you need to do is send the search key (in your case the IP address). You will get the response and the server will terminate the connection. That's it. You can try to telnet whois.ripe.net 43 and after opening the connection just send 194.79.41.40 or other IP issued by RIPE NCC.

whois 的问题之一是没有中央数据库可以查询并始终获得结果，而是需要查询发布特定 IP 的 RIR.但是，即使您错过"了正确的 RIR 并查询(例如)由 RIPE NCC 发布的地址的 whois.iana.org，您也会通过正确的 whois 服务器和发布该地址的组织 (RIR) 获得响应知识产权.因此，您可以检查用户的地理位置统计信息，并优先考虑最有可能为您提供结果的 whois 服务器，或者使用响应选择第二台服务器进行查询.

One of the problems with whois is that there is no central database which you can query and always get the result, instead you need to query the RIR that issued the specific IP. But even if you 'miss' the right RIR and query (for example) the whois.iana.org for the address which is issued by RIPE NCC you will get the response with the right whois server and the organization (RIR) that issued the IP. So you can check the geolocation statistics for your users and prioritize one whois server that will most likely get you the result, or use the response to pick the second server to query.

另一个问题是响应没有标准化，因此您必须为 5 个 whois 服务器中的每一个创建一个响应解析器.

One other problem is that the responses are not standardized so you will have to make a response parser for each of 5 whois servers.

这篇关于IP 到 CIDR/IP 范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！