Re: [PLUG] cname lookups

chris barry on 13 Oct 2006 20:57:57 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] cname lookups

From: chris barry <cbarry@silverstorm.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] cname lookups

Date: Fri, 13 Oct 2006 16:57:42 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

On Thu, 2006-10-12 at 22:42 -0400, Michael C. Toren wrote: > On Thu, Oct 12, 2006 at 08:28:50PM -0400, Toby DiPasquale wrote: > > UPenn owns 5 /16's. I don't know what they all are, but I know they own > > 5 of them. > > It's easy enough to determine by peeking at the BGP announcements. > First, find a single IP address the network in question is announcing, > for example by querying DNS for the IP address of a primary MX: > > [mct@ellesmere ~]$ mx upenn.edu > upenn.edu mail is handled by 0 nisc.net.isc.upenn.edu. > > [mct@ellesmere ~]$ host nisc.net.isc.upenn.edu. > nisc.net.isc.upenn.edu has address 128.91.2.210 > > Next, determine which ASN is announcing a BGP route covering that address, > by logging into a public route server: > > route-server.savvis.net>sh ip bgp 128.91.2.210 > BGP routing table entry for 128.91.0.0/16, version 136280 > Paths: (1 available, best #1) > Not advertised to any peer > 209 55, (aggregated by 55 192.84.2.254) > 208.172.146.30 from 208.172.146.30 (208.174.15.163) > Origin IGP, localpref 100, valid, internal > Originator: 208.174.15.163, Cluster list: 208.172.146.29 > > The fifth line of the above indicates that this IP address is announced by > AS55, and whois confirms that this ASN is registered to upenn.edu. Now, > it's as simple as searching for routes which are announced by that ASN: > > route-server.savvis.net>sh ip bgp regex _55$ > [...] > Network Next Hop Metric LocPrf Weight Path > *>i128.91.0.0 208.172.146.30 100 0 209 55 i > *>i130.91.0.0 208.172.146.30 100 0 209 55 i > *>i158.130.0.0/17 208.172.146.30 100 0 209 55 i > *>i158.130.128.0/17 208.172.146.30 100 0 209 55 i > *>i165.123.0.0 208.172.146.30 100 0 209 55 i > *>i192.84.2.0 208.172.146.30 100 0 209 55 i > > So, as of the time of this writing they're announcing four /16s and > one /24. > > > I'll bet other schools have some, too (e.g. MIT, Stanford, etc). > > MIT was fortunate enough to have legacy Class A space, 18/8 :-) > > -mct > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug Thanks for this quick little tutorial. Appreciated. -- Regards, Principal Engineer Qlogic Corporation O:610-233-4870 C:267-242-9306 ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] cname lookups
From: "Sean C. Sheridan" <scs@CampusClients.com>

Re: [PLUG] cname lookups
From: Stephen Gran <steve@lobefin.net>

Re: [PLUG] cname lookups
From: "Sean C. Sheridan" <scs@CampusClients.com>

Re: [PLUG] cname lookups
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] cname lookups
From: "Sean C. Sheridan" <scs@CampusClients.com>

Re: [PLUG] cname lookups
From: gabriel rosenkoetter <gr@eclipsed.net>

Re: [PLUG] cname lookups
From: Toby DiPasquale <toby@cbcg.net>

Re: [PLUG] cname lookups
From: "Michael C. Toren" <mct@toren.net>

Prev by Date: Re: [PLUG] OT: Alternate Ink Cartridges

Next by Date: RE: [PLUG] OT: Alternate Ink Cartridges

Previous by thread: Re: [PLUG] cname lookups

Next by thread: Re: [PLUG] cname lookups

Index(es):

Date

Thread