{"id":1547,"date":"2022-01-13T22:25:01","date_gmt":"2022-01-13T22:25:01","guid":{"rendered":"https:\/\/www.ishygddt.xyz\/~blog\/?p=1547"},"modified":"2022-03-08T13:58:12","modified_gmt":"2022-03-08T19:58:12","slug":"whois-look-up-asn-from-the-command-line","status":"publish","type":"post","link":"http:\/\/www.ishygddt.xyz\/~blog\/2022\/01\/whois-look-up-asn-from-the-command-line","title":{"rendered":"[DRAFT] WHOIS: look up ASN from the command-line"},"content":{"rendered":"

Since<\/a> Marco d'Itri's whois(1)<\/code> v5.5.0 released in July 2019, most sysadmins no longer need to do trial-and-error or detectivework to guess which of the 5 RIR<\/abbr>s<\/a> controls the IP attacking you and then hunt down the appropriate WHOIS server\u2014the -I<\/code> flag will now do that annoying accounting on your behalf:<\/p>\n

-I<\/code><\/dfn> First query whois.iana.org<\/code> and then follow its referral to the whois server authoritative for that request. This works for IP addresses, AS numbers[,] and domains. BEWARE:<\/strong> this implies that the IANA server will receive your complete query.<\/p><\/blockquote>\n

a bare-bones example:<\/p>\n

whois -a -I 1.1.1.1 | grep -i -E '^origin'<\/code><\/pre>\n
and, for a highly<\/em> applied example:<\/p>\n
dig +short archive.is \\\n| xargs -n 1 whois -a -I \\\n| sed -n 's\/^[Oo]rigin\\(AS\\)\\?:\\s\\+\\(AS[0-9]\\+\\)$\/\\2\/p' | uniq \\\n| xargs -n 1 whois -I \\\n| less -F<\/code><\/pre>\n
(OpenBSD has supported this since<\/a> whois(1)<\/code> v1.34, released in November 2004; FreeBSD has supported this since<\/a> Release 11.0.0, released in October 2016; NetBSD has supported this since<\/a> whois(1)<\/code> v1.27, released in February 2020.)<\/p>\n
Without -I<\/code><\/h2>\n
If you want to eschew the IANA query and \"DIY\" it by brute force, here's the key to that:<\/p>\n
for h in whois.arin.net whois.ripe.net whois.apnic.net whois.lacnic.net;\n  do whois -a -h "$h" 200.3.14.10 \\\n  | grep -i -E '^origin' && break;\ndone<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Since Marco d'Itri's whois(1) v5.5.0 released in July 2019, most sysadmins no longer need to do trial-and-error or detectivework to guess which of the 5 RIRs controls the IP attacking you and then hunt down the appropriate WHOIS server\u2014the -I<\/code> flag will now do that annoying accounting on your behalf<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,101],"tags":[81,80,79],"class_list":["post-1547","post","type-post","status-publish","format-standard","hentry","category-drafts","category-writeups","tag-as-number","tag-iana","tag-whois"],"_links":{"self":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts\/1547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/comments?post=1547"}],"version-history":[{"count":33,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts\/1547\/revisions"}],"predecessor-version":[{"id":2077,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts\/1547\/revisions\/2077"}],"wp:attachment":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/media?parent=1547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/categories?post=1547"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/tags?post=1547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}