[arin-tech-discuss] matching ip addresses to owners of a domain
Karl Baum
karl.baum at gmail.com
Tue Mar 13 16:42:24 EDT 2012
Very nice tip! Thanks for your help!
-karl
On Mar 13, 2012, at 4:23 PM, David Huberman wrote:
> Hi Karl,
>
> Two things:
>
> 1) It turns out you can eliminate the false positives issue: just add the
> @ sign to the matrix parameter search:
>
> https://www.arin.net/rest/pocs;domain=@arin.net
>
>
> 2) One of the most common ways to represent an IP address range in a
> database is to have two columns: one for the start address, and one for
> the end address. Finding an address in the range is then simply a matter
> of formulating a query looking for an address greater than the start
> addresses and smaller than the end addresses. Care should be taken if the
> data types for the columns are strings, as the addresses need to be
> zero-padded for proper comparison to work. While this is simple to
> engineer, in most databases it does not scale well.
>
> Good luck with your project, and if you have any other REST-related
> questions, feel free to ask the list!
>
> Regards,
> David
>
> ---
> David R Huberman
> Principal Technical Analyst, ARIN
> 703-227-9866
>
>
>
>
>
>
>
> On 3/13/12 11:04 AM, "Karl Baum" <karl.baum at gmail.com> wrote:
>
> Whoah.. good point! I wouldn't have realized that.
>
> Not sure if this is off topic, but is there a recommended approach to
> storing these ip ranges locally within your database. I am using postgres
> on heroku and i noticed that it has first class support for ip addresses
> but not ip ranges unfortunately. Was thinking of just adding a rough for
> each element within the range, but that's not exactly ideal.
>
> Thanks again!
>
>
> On Mar 13, 2012, at 10:31 AM, David Huberman wrote:
>
>> Hi Karl,
>>
>> You're welcome; glad we could help! A quick helpful hint: when using
>> the matrix parameter search for domain names, you want to be careful of
>> false positives. If we ask:
>>
>> https://www.arin.net/rest/pocs;domain=arin.net
>>
>> ... we'll get a bunch of arin.net POCs, but we'll also get a false
>> positive: mandarin.net
>>
>> Best,
>> David
>>
>> ---
>> David R Huberman
>> Principal Technical Analyst, ARIN
>> 703-227-9866
>>
>> ________________________________________
>> From: Karl Baum [karl.baum at gmail.com]
>> Sent: Monday, March 12, 2012 10:41 PM
>> To: David Huberman
>> Cc: arin-tech-discuss at arin.net
>> Subject: Re: [arin-tech-discuss] matching ip addresses to owners of a
>> domain
>>
>> This is exactly what i needed. Thanks David!
>>
>> Sent from my iPad
>>
>> On Mar 12, 2012, at 5:14 PM, David Huberman <dhuberma at arin.net> wrote:
>>
>>> Karl,
>>>
>>> If you have a domain name, you can use our API to discover IP address
>>> registrations ("NETs") associated with POCs who have registered email
>>> addresses in that domain name. There are probably a number of ways to
>>> get
>>> from here to there, but here's one solution I came up with:
>>>
>>> 1) Paragraph 4.4.2 of the document:
>>>
>>> https://www.arin.net/resources/whoisrws/whois_api.html#whoisrws
>>>
>>> ... describes the use of matrix parameters. What we're interested in
>>> this
>>> first step is to discover a list of POCs who have email addresses in the
>>> given domain name. If our domain name is washgas.com, for example, we
>>> can
>>> query:
>>>
>>> http://whois.arin.net/rest/pocs;domain=washgas.com
>>>
>>> We get one match, an Ed Rudy from Washington Gas, and it shows us his
>>> POC
>>> handle is ERU10-ARIN.
>>>
>>> 2a) From there, we can search up the hierarchy and ask the API: show me
>>> all organization records ("ORGs") associated with these POCs, so that I
>>> can find NETs that are registered to the ORGs. Why do we ask this?
>>> Because
>>> ARIN's Whois is a relational database. NETs are registered to ORGs. ORGs
>>> have POCs who serve various roles (admin, tech, abuse, NOC). So to get
>>> to
>>> the NET from the POCs, we have to go via the ORG.
>>>
>>> Paragraph 4.4.1 of the documentation shows us how to search for
>>> referential data. Using our example, we take ERU10-ARIN and ask for all
>>> ORGs it's associated with:
>>>
>>> http://whois.arin.net/rest/poc/ERU10-ARIN/orgs
>>>
>>> The resulting list has 4 matches, but only 1 unique match: WGL-23, the
>>> ORG
>>> defining Washington Gas.
>>>
>>>
>>> 2b) Now we can search for the NETs associated with each of the unique
>>> matches. Using the same methodology, we search for NET data referencing
>>> the ORG. Witness:
>>>
>>> http://whois.arin.net/rest/org/WGL-23/nets
>>>
>>> The resulting list has 1 IP address registration: NET-208-76-232-0-1
>>>
>>> So we can take that and GET:
>>>
>>> http://whois.arin.net/rest/net/NET-208-76-232-0-1
>>>
>>> .. to programatically discover the starting and ending addresses and/or
>>> the CIDR.
>>>
>>>
>>> 3) Finally, to be complete in our queries, we should search for all NETs
>>> directly associated with these POCs. That way we capture any NETs that
>>> the POC is a contact on, but for which the POC is not a contact on the
>>> ORG. Using our example one more time:
>>>
>>> http://whois.arin.net/rest/poc/ERU10-ARIN/nets
>>>
>>> There aren't any matches for ERU10-ARIN, and for most POCs, this result
>>> set will be empty. But to get a complete picture, you would want to
>>> perform this search anyway.
>>>
>>> Hope this answer is helpful for you!
>>>
>>> Regards,
>>> David
>>>
>>> ---
>>> David R Huberman
>>> Principal Technical Analyst, ARIN
>>> 703-227-9866
>>>
>>>
>>>
>>> On 3/12/12 3:39 PM, "Karl Baum" <karl.baum at gmail.com> wrote:
>>>
>>> I am trying to use the arin api to match ip addresses of our users to
>>> certain companies within our database. For each company I only have a
>>> name and domain. Can i use Arin to associate an ip address with one of
>>> the company domains stored within our database?
>>>
>>> thx
>>>
>>> -karl
>>> _______________________________________________
>>> arin-tech-discuss mailing list
>>> arin-tech-discuss at arin.net
>>> http://lists.arin.net/mailman/listinfo/arin-tech-discuss
>>>
>>>
>>>
>>>
>
>
More information about the arin-tech-discuss
mailing list