networked day to day technical issues


How to find out all of the ip addresses of an Europe based ISP

You may want to block ip traffic from a particular Internet Services Provider due to different reasons , like for example a lot of crawlers and spammers are hosted there.
For Europe based providers this can be done querying RIPE NCC database : "The RIPE Database contains registration information for networks in the the RIPE NCC service region and related contact details" . This is something which can't be avoided and the data there is genuine.

To query either use the web interface or better the whois Linux/*nix command line client. For this you need to already know the AS (Autonomous System) number for that provider and this can be easily established if you know an ip address from that particular provider

$ whois -- yyy.yyy.yyy.yyy | grep '^origin:' | awk {'print $2'}
$ whois -h -- -i or ASxxxx | grep '^route:'| awk {'print $2'}

Where of course you will replace yyy.yyy.yyy.yyy with the ip address and ASxxxx will be the AS number for that provider.\

From here you can easily integrated the commands above in a script and push the output as deny rules to a router/firewall or to Iptables if using linux

If you have hundreds of prefixes which you need to add to iptables then you can use something like mipclases in order to aggregate prefixes in supernets and also decrease the number of lookups needed in iptables

Even more, if you need a BGP compatible tool (at least with Cisco and Zebra/Quagga) then check out irrpt which does a lot more than what was discussed above.