IP到CIDR / IP范围 [英] IP to CIDR/IP-Range

问题描述

是否有人知道API /脚本为我提供了IP地址网络的CIDR？不是IP范围到CIDR！

Does anyone know of an API / Script which gives me the CIDR for the network of an IP address? Not IP-Range to CIDR!

背景：欺诈者在我的网站上注册并使用代理或网络托管服务商隐藏他的IP地址或伪造他的IP位置。现在，阻止他的IP地址毫无意义。我想锁定主机的整个网络进行注册。所以我需要让ip whois获得网络的CIDR。我希望自动化它。

Background: A fraudster registers on my site and use a proxy or a web hoster to hide his IP address or to fake his ip position. Now it makes little sense to just block his IP address. I want to lock the whole network of the hoster for registration. So I need to make a ip whois to get the CIDR of the network. I want to automate it.

推荐答案

IP地址由LIR（本地Internet注册表）发给最终用户。 LIR需要在其相应的RIR（地区互联网注册管理机构）数据库中注册任何指定地址空间的各种详细信息。有5个RIR（ARIN，RIPE NCC，APNIC，LACNIC和AfriNIC）负责世界不同地区。据我所知，他们都提供RESTful API，您可以使用它来获取所需的信息。

IP addresses are issued to the end users by the LIRs (Local Internet registry). LIRs are required to register various details for any assigned address space in their appropriate RIRs (Regional Internet registry) databases. There are 5 RIRs (ARIN, RIPE NCC, APNIC, LACNIC and AfriNIC) responsible for different parts of the world. As far as I know they all provide RESTful APIs you can use to get the info you need.

例如，如果IP来自欧洲，您可以使用RIPE API搜索inetnum或路由与某个IP地址相关的对象：

For example if the IP is from Europe, you can use RIPE API to search for inetnum or route objects which are related to some IP address:

http://rest.db.ripe.net/search?query-string=194.79.41.40

您将在 whois-resource 中获得多个对象，而您最感兴趣的是路由对象：

You will get multiple objects inside a whois-resource and the one that is most interesting to you is the route object:

<object type="route">
 <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/route/194.79.40.0/22AS35796"/>
 <source id="ripe"/>
 <primary-key>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="origin" value="AS35796"/>
 </primary-key>
 <attributes>
  <attribute name="route" value="194.79.40.0/22"/>
  <attribute name="descr" value="NBS"/>
  <attribute name="origin" value="AS35796" referenced-type="aut-num">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/aut-num/AS35796"/>
  </attribute>
  <attribute name="mnt-by" value="NBS-MNT" referenced-type="mntner">
   <link xlink:type="locator" xlink:href="http://rest.db.ripe.net/ripe/mntner/NBS-MNT"/>
  </attribute><attribute name="source" value="RIPE" comment="Filtered"/>
 </attributes>
</object>

请记住，此路由对象可以是一个比一个用户实际所属的更大的汇总范围to，但这是你能得到的最好的。

Keep in mind that this route object can be a summary scope that is larger then the one user actually belongs to, but this is the best you can get.

检查以下链接是否有其他RIR：

Check the following links for other RIRs:

• AFRINIC（非洲）：afrinic.net


• APNIC（亚太地区）：apnic.net


• ARIN（北美） ：arin.net


• LACNIC（拉丁美洲和加勒比海地区）：lacnic.net

• AFRINIC (Africa): afrinic.net
• APNIC (Asia Pacific): apnic.net
• ARIN (Northern America): arin.net
• LACNIC (Latin America and the Carribean): lacnic.net

编辑：
我应该在原来的答案中提到这一点，但我被API部分分心了。所有这些实际上是一个whois协议，它实现起来非常简单，特别是如果你正在处理解析JSON或XML需要一些工作的编程语言。

I should have mentioned this in my original answer but I got distracted by the API part. Behind all this is actually a whois protocol which is very simple to implement especially if you're dealing with programming languages where parsing the JSON or XML requires some work.

Whois协议使用TCP端口43，在连接到服务器之后，您只需要发送搜索密钥（在您的情况下是IP地址）。您将获得响应，服务器将终止连接。而已。您可以尝试 telnet whois.ripe.net 43 并在打开连接后发送 194.79.41.40 或其他IP由RIPE NCC发布。

Whois protocol uses TCP port 43 and after connecting to the server only thing you need to do is send the search key (in your case the IP address). You will get the response and the server will terminate the connection. That's it. You can try to telnet whois.ripe.net 43 and after opening the connection just send 194.79.41.40 or other IP issued by RIPE NCC.

whois的一个问题是没有中央数据库，你可以查询并总是得到结果，而你需要查询RIR发布了具体的IP。但是，即使您错过了正确的RIR并查询（例如）whois.iana.org以获取RIPE NCC发布的地址，您也将获得与发出该权限的whois服务器和组织（RIR）的响应。 IP。因此，您可以检查用户的地理位置统计信息，并确定最有可能获得结果的whois服务器的优先级，或使用响应选择要查询的第二个服务器。

One of the problems with whois is that there is no central database which you can query and always get the result, instead you need to query the RIR that issued the specific IP. But even if you 'miss' the right RIR and query (for example) the whois.iana.org for the address which is issued by RIPE NCC you will get the response with the right whois server and the organization (RIR) that issued the IP. So you can check the geolocation statistics for your users and prioritize one whois server that will most likely get you the result, or use the response to pick the second server to query.

另一个问题是响应没有标准化，所以你必须为5个whois服务器中的每一个做一个响应解析器。

One other problem is that the responses are not standardized so you will have to make a response parser for each of 5 whois servers.

这篇关于IP到CIDR / IP范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！