2

When under (a security) attack, it might be useful for the victim to first identify the source IP, then potentially contact the offending ISP. There seem to be plenty of tools for the part where an IP can be mapped to an ASN.

How do we go about mapping ASN to specific contact information? Some research has yielded services like ipinfo.io

But I would like a downloadable dataset which can be used offline (the victim may be knocked offline).

Thanks

sandyp
  • 1,146
  • 1
  • 9
  • 17
  • Yes. If there is a potential to prioritize an AS from another (which there is), the contact information is useful. Regardless, a DDoS attack was intended to be just a use case. There would be plenty others. – sandyp Apr 16 '15 at 19:50
  • A quick Google search yielded: https://www.arin.net/resources/request/bulkwhois.html but frankly, I handle this situation by using a secondary internet connection to do a whois lookup – schroeder Apr 16 '15 at 19:57

1 Answers1

1

Contacts of an AS or an IP network are stored in databases of the respective regional Internet registries. Each database is available for download on a RIR Web or FTP site. For example, here's all the data for the Asia/Pacific region.

Note that a contact data may change as time goes by. You'd probably want to update those once in a week or so. Also, from my experience, a huge portion of this contact data is just outdated garbage, and even ISPs which do maintain correct abuse contact data mostly won't help you to mitigate the network flood.

Moreover, in a specific case of a DDoS attack (since it's mentioned in the question tag) IP sources might be just spoofed, so there's no point in reaching arbitrary ISPs anyway.

ximaera
  • 3,395
  • 8
  • 23