[arin-tech-discuss] matching ip addresses to owners of a domain

Karl Baum karl.baum at gmail.com
Tue Mar 13 16:42:24 EDT 2012


Very nice tip!  Thanks for your help!

-karl

On Mar 13, 2012, at 4:23 PM, David Huberman wrote:

> Hi Karl,
> 
> Two things:
> 
> 1) It turns out you can eliminate the false positives issue: just add the
> @ sign to the matrix parameter search:
> 
> https://www.arin.net/rest/pocs;domain=@arin.net
> 
> 
> 2) One of the most common ways to represent an IP address range in a
> database is to have two columns: one for the start address, and one for
> the end address. Finding an address in the range is then simply a matter
> of formulating a query looking for an address greater than the start
> addresses and smaller than the end addresses. Care should be taken if the
> data types for the columns are strings, as the addresses need to be
> zero-padded for proper comparison to work. While this is simple to
> engineer, in most databases it does not scale well.
> 
> Good luck with your project, and if you have any other REST-related
> questions, feel free to ask the list!
> 
> Regards,
> David
> 
> ---
> David R Huberman
> Principal Technical Analyst, ARIN
> 703-227-9866
> 
> 
> 
> 
> 
> 
> 
> On 3/13/12 11:04 AM, "Karl Baum" <karl.baum at gmail.com> wrote:
> 
> Whoah.. good point!  I wouldn't have realized that.
> 
> Not sure if this is off topic, but is there a recommended approach to
> storing these ip ranges locally within your database.  I am using postgres
> on heroku and i noticed that it has first class support for ip addresses
> but not ip ranges unfortunately.  Was thinking of just adding a rough for
> each element within the range, but that's not exactly ideal.
> 
> Thanks again!
> 
> 
> On Mar 13, 2012, at 10:31 AM, David Huberman wrote:
> 
>> Hi Karl,
>> 
>> You're welcome; glad we could help!  A quick helpful hint:  when using
>> the matrix parameter search for domain names, you want to be careful of
>> false positives.  If we ask:
>> 
>> https://www.arin.net/rest/pocs;domain=arin.net
>> 
>> ... we'll get a bunch of arin.net POCs, but we'll also get a false
>> positive:  mandarin.net
>> 
>> Best,
>> David
>> 
>> ---
>> David R Huberman
>> Principal Technical Analyst, ARIN
>> 703-227-9866
>> 
>> ________________________________________
>> From: Karl Baum [karl.baum at gmail.com]
>> Sent: Monday, March 12, 2012 10:41 PM
>> To: David Huberman
>> Cc: arin-tech-discuss at arin.net
>> Subject: Re: [arin-tech-discuss] matching ip addresses to owners of a
>> domain
>> 
>> This is exactly what i needed.  Thanks David!
>> 
>> Sent from my iPad
>> 
>> On Mar 12, 2012, at 5:14 PM, David Huberman <dhuberma at arin.net> wrote:
>> 
>>> Karl,
>>> 
>>> If you have a domain name, you can use our API to discover IP address
>>> registrations ("NETs") associated with POCs who have registered email
>>> addresses in that domain name. There are probably a number of ways to
>>> get
>>> from here to there, but here's one solution I came up with:
>>> 
>>> 1) Paragraph 4.4.2 of the document:
>>> 
>>> https://www.arin.net/resources/whoisrws/whois_api.html#whoisrws
>>> 
>>> ... describes the use of matrix parameters. What we're interested in
>>> this
>>> first step is to discover a list of POCs who have email addresses in the
>>> given domain name. If our domain name is washgas.com, for example, we
>>> can
>>> query:
>>> 
>>> http://whois.arin.net/rest/pocs;domain=washgas.com
>>> 
>>> We get one match, an Ed Rudy from Washington Gas, and it shows us his
>>> POC
>>> handle is ERU10-ARIN.
>>> 
>>> 2a) From there, we can search up the hierarchy and ask the API: show me
>>> all organization records ("ORGs") associated with these POCs, so that I
>>> can find NETs that are registered to the ORGs. Why do we ask this?
>>> Because
>>> ARIN's Whois is a relational database. NETs are registered to ORGs. ORGs
>>> have POCs who serve various roles (admin, tech, abuse, NOC). So to get
>>> to
>>> the NET from the POCs, we have to go via the ORG.
>>> 
>>> Paragraph 4.4.1 of the documentation shows us how to search for
>>> referential data.  Using our example, we take ERU10-ARIN and ask for all
>>> ORGs it's associated with:
>>> 
>>> http://whois.arin.net/rest/poc/ERU10-ARIN/orgs
>>> 
>>> The resulting list has 4 matches, but only 1 unique match: WGL-23, the
>>> ORG
>>> defining Washington Gas.
>>> 
>>> 
>>> 2b) Now we can search for the NETs associated with each of the unique
>>> matches. Using the same methodology, we search for NET data referencing
>>> the ORG. Witness:
>>> 
>>> http://whois.arin.net/rest/org/WGL-23/nets
>>> 
>>> The resulting list has 1 IP address registration: NET-208-76-232-0-1
>>> 
>>> So we can take that and GET:
>>> 
>>> http://whois.arin.net/rest/net/NET-208-76-232-0-1
>>> 
>>> .. to programatically discover the starting and ending addresses and/or
>>> the CIDR.
>>> 
>>> 
>>> 3) Finally, to be complete in our queries, we should search for all NETs
>>> directly associated with these POCs.  That way we capture any NETs that
>>> the POC is a contact on, but for which the POC is not a contact on the
>>> ORG. Using our example one more time:
>>> 
>>> http://whois.arin.net/rest/poc/ERU10-ARIN/nets
>>> 
>>> There aren't any matches for ERU10-ARIN, and for most POCs, this result
>>> set will be empty.  But to get a complete picture, you would want to
>>> perform this search anyway.
>>> 
>>> Hope this answer is helpful for you!
>>> 
>>> Regards,
>>> David
>>> 
>>> ---
>>> David R Huberman
>>> Principal Technical Analyst, ARIN
>>> 703-227-9866
>>> 
>>> 
>>> 
>>> On 3/12/12 3:39 PM, "Karl Baum" <karl.baum at gmail.com> wrote:
>>> 
>>> I am trying to use the arin api to match ip addresses of our users to
>>> certain companies within our database.  For each company I only have a
>>> name and domain.  Can i use Arin to associate an ip address with one of
>>> the company domains stored within our database?
>>> 
>>> thx
>>> 
>>> -karl
>>> _______________________________________________
>>> arin-tech-discuss mailing list
>>> arin-tech-discuss at arin.net
>>> http://lists.arin.net/mailman/listinfo/arin-tech-discuss
>>> 
>>> 
>>> 
>>> 
> 
> 




More information about the arin-tech-discuss mailing list