Adrian Stacey wrote: > Ben Aitchison wrote: > >> >> For instance, I want to figure out what country an AS number is in, >> without >> doing mass whois querys. >> >> Like for instance: >> % whois -h whois.apnic.net AS9800 >> >> Will tell me that that AS number is in China. I'd like to be able to >> (say) >> block all of China from accessing my SMTP port for instance. >> >> I've got a BGP dump of prefixes to AS numbers, so that I can figure out >> what IP subnets belong to which AS number. > > > Heheh, that reminds me of when I wanted to find a way to determine which > IP's were local (NZ) and which were international. After Waikato > stopped issuing the router dumps, I gave up... :(
Here is a possible way. West coast of America [chris@berty wn-2.4.3]$ ping www.ucla.edu PING www.ucla.edu (169.232.33.130) from 192.168.2.10 : 56(84) bytes of data. 64 bytes from www.ucla.edu (169.232.33.130): icmp_seq=0 ttl=240 time=167.371 msec 64 bytes from www.ucla.edu (169.232.33.130): icmp_seq=1 ttl=240 time=165.150 msec 64 bytes from www.ucla.edu (169.232.33.130): icmp_seq=2 ttl=240 time=164.786 msec --- www.ucla.edu ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/mdev = 164.786/165.769/167.371/1.142 ms Ping time over 150mS. East coast Australia [chris@berty wn-2.4.3]$ ping www.unsw.edu.au PING cruise.comms.unsw.edu.au (149.171.96.60) from 192.168.2.10 : 56(84) bytes of data. 64 bytes from cruise.comms.unsw.EDU.AU (149.171.96.60): icmp_seq=0 ttl=242 time=56.191 msec 64 bytes from cruise.comms.unsw.EDU.AU (149.171.96.60): icmp_seq=1 ttl=242 time=109.962 msec 64 bytes from cruise.comms.unsw.EDU.AU (149.171.96.60): icmp_seq=2 ttl=242 time=77.938 msec 64 bytes from cruise.comms.unsw.EDU.AU (149.171.96.60): icmp_seq=3 ttl=242 time=92.440 msec 64 bytes from cruise.comms.unsw.EDU.AU (149.171.96.60): icmp_seq=4 ttl=242 time=82.979 msec --- cruise.comms.unsw.edu.au ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/mdev = 56.191/83.902/109.962/17.642 ms Otago [chris@berty wn-2.4.3]$ ping ftp.otago.ac.nz PING celeborn.otago.ac.nz (139.80.64.4) from 192.168.2.10 : 56(84) bytes of data. 64 bytes from celeborn.otago.ac.nz (139.80.64.4): icmp_seq=0 ttl=56 time=49.633 msec 64 bytes from celeborn.otago.ac.nz (139.80.64.4): icmp_seq=1 ttl=56 time=47.135 msec 64 bytes from celeborn.otago.ac.nz (139.80.64.4): icmp_seq=2 ttl=56 time=45.394 msec 64 bytes from celeborn.otago.ac.nz (139.80.64.4): icmp_seq=3 ttl=56 time=46.660 msec --- celeborn.otago.ac.nz ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/mdev = 45.394/47.205/49.633/1.554 ms Auckland [chris@berty wn-2.4.3]$ ping ftp.auckland.ac.nz PING www2.auckland.ac.nz (130.216.191.125) from 192.168.2.10 : 56(84) bytes of data. 64 bytes from www2.auckland.ac.nz (130.216.191.125): icmp_seq=0 ttl=245 time=57.300 msec 64 bytes from www2.auckland.ac.nz (130.216.191.125): icmp_seq=1 ttl=245 time=30.635 msec --- www2.auckland.ac.nz ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/mdev = 30.635/43.967/57.300/13.334 ms So: < ~60mS in NZ; > ~70mS overseas I know this is not perfect because there will be some NZ places on slower ping times, but for those ones, one could trace the route and see if it goes through one of the relatively few egress from NZ points. -- C.
