Experimental BGP Ranking output added

BGP Ranking is an experimental services from CIRCL to get a rank about the number of matches against public blacklist for an ASN. The minimal value is 1 (no match) to a floating value increasing with the number of matches. The services is also displaying the number of match compared to the total public blacklist used. For more info: http://www.terena.org/activities/tf-csirt/meeting32/dulaunoy-bgpranking.pdf
CIRCL · Apr 2, 2011 · 702405e · 702405e
1 parent a08f8ae
commit 702405e
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 22 deletions.
diff --git a/README b/README
@@ -8,9 +8,10 @@ received.
 ## Features
 
 - Display abuse and contact for each hop
+- Display CIRCL BGP Ranking services (experimental)
 - Can highligh specific country to match CSIRT's constituency
 - Output RBL entries for each hop
-- Output Google Maps traceroute (e.g. http://www.foo.be/traceroute-circl/test.html )
+- Output Google Maps traceroute (e.g. [a sample output](http://www.foo.be/traceroute-circl/test.html) )
 - Show ASN origin from RIPE RIS and origin.asn.cymru.com sources
 
 ## Usage
@@ -21,21 +22,19 @@ received.
         perl traceroute-circl -i australia.gov.au -m out.js
         perl traceroute-circl -i www.w3c.org -o"-I -v"
 
-        traceroute-circl v0.2
+        traceroute-circl v0.3
         usage: traceroute-circl [options] 
         options                                                             
         -d, --debug         Debug mode                                      
         -i, --ip            IP address to lookup                            
         -r, --rbl           RBL domain to lookup                            
+        -b, --bgpranking    Output CIRCL BGP Ranking for each ASN
         -o, --addoptions    Additional option to traceroute
         -c, --country       Country ISO code to highlight (!!) in the output
         -f, --fullcountry   Display full country name                       
         -m, --geomap        Output file for the google map                  
         -h, --help          This help message                               
-            --man           Display documentation                           
-
-        You must at least specify an IP address to lookup
-
+            --man           Display documentation
 
 ## Dependencies
 
@@ -51,7 +50,7 @@ received.
 
 ## Authors
 
-Copyright (C) 2010 Alexandre Dulaunoy
+Copyright (C) 2010-2011 Alexandre Dulaunoy
 
-Copyright (C) 2010 CIRCL Computer Incident Response Center Luxembourg (smile gie)
+Copyright (C) 2010-2011 CIRCL Computer Incident Response Center Luxembourg (smile gie)
 
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ received.
 ## Features
 
 - Display abuse and contact for each hop
+- Display CIRCL BGP Ranking services (experimental)
 - Can highligh specific country to match CSIRT's constituency
 - Output RBL entries for each hop
 - Output Google Maps traceroute (e.g. [a sample output](http://www.foo.be/traceroute-circl/test.html) )
@@ -21,21 +22,19 @@ received.
         perl traceroute-circl -i australia.gov.au -m out.js
         perl traceroute-circl -i www.w3c.org -o"-I -v"
 
-        traceroute-circl v0.2
+        traceroute-circl v0.3
         usage: traceroute-circl [options] 
         options                                                             
         -d, --debug         Debug mode                                      
         -i, --ip            IP address to lookup                            
         -r, --rbl           RBL domain to lookup                            
+        -b, --bgpranking    Output CIRCL BGP Ranking for each ASN
         -o, --addoptions    Additional option to traceroute
         -c, --country       Country ISO code to highlight (!!) in the output
         -f, --fullcountry   Display full country name                       
         -m, --geomap        Output file for the google map                  
         -h, --help          This help message                               
-            --man           Display documentation                           
-
-        You must at least specify an IP address to lookup
-
+            --man           Display documentation
 
 ## Dependencies
 
@@ -51,7 +50,7 @@ received.
 
 ## Authors
 
-Copyright (C) 2010 Alexandre Dulaunoy
+Copyright (C) 2010-2011 Alexandre Dulaunoy
 
-Copyright (C) 2010 CIRCL Computer Incident Response Center Luxembourg (smile gie)
+Copyright (C) 2010-2011 CIRCL Computer Incident Response Center Luxembourg (smile gie)
 
diff --git a/bin/traceroute-circl b/bin/traceroute-circl
@@ -2,8 +2,8 @@
 #
 # traceroute-circl - Traceroute improved wrapper for CSIRT and CERT operators
 #
-# Copyright (C) 2010 CIRCL Computer Incident Response Center Luxembourg (smile gie)
-# Copyright (C) 2010 Alexandre Dulaunoy
+# Copyright (C) 2010-2011 CIRCL Computer Incident Response Center Luxembourg (smile gie)
+# Copyright (C) 2010-2011 Alexandre Dulaunoy
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -38,11 +38,12 @@ my $ris     = Net::Whois::RIS->new();
 my $opt     = new Getopt::Compact(
     name    => 'traceroute-circl',
     modes   => [qw(debug)],
-    version => '0.2',
+    version => '0.3',
     struct  => [
-        [ [qw(i ip)],         qq(IP address to lookup),            ':s' ],
-        [ [qw(r rbl)],        qq(RBL domain to lookup),            ':s' ],
-        [ [qw(o addoptions)], qq(Additional option to traceroute), ':s' ],
+        [ [qw(i ip)],         qq(IP address to lookup),                  ':s' ],
+        [ [qw(r rbl)],        qq(RBL domain to lookup),                  ':s' ],
+        [ [qw(b bgpranking)], qq(Output CIRCL BGP Ranking for each ASN), ':s' ],
+        [ [qw(o addoptions)], qq(Additional option to traceroute),       ':s' ],
         [
             [qw(c country)],
             qq(Country ISO code to highlight (!!) in the output), ':s'
@@ -112,9 +113,16 @@ while (<TRACEROUTE>) {
         if ( !defined($ra) )  { $raok = "No A record for PTR"; }
         if ( $ra == $tip )    { $raok = "OK"; }
         if ( !defined($ptr) ) { $raok = "N/A"; }
+        my $asn = $ris->getOrigin();
+        my $bgpranking;
+
+        if ( defined( $opts->{bgpranking} ) ) {
+            $asn =~ s/^AS//g;
+            $bgpranking = GetBGPRanking($asn);
+        }
         $r .=
             "  ASN (RIS):"
-          . $ris->getOrigin() . " "
+          . $asn . " "
           . $ris->getDescr()
           . " ASN INFO:"
           . join( ' ', Net::Abuse::Utils::get_asn_info($tip) ) . " PTR:"
@@ -126,6 +134,10 @@ while (<TRACEROUTE>) {
             $r .= " RBL:"
               . Net::Abuse::Utils::get_dnsbl_listing( $tip, $opts->{rbl} );
         }
+
+        if ( defined( $opts->{bgpranking} ) ) {
+            $r .= " BGP Ranking:" . $bgpranking;
+        }
     }
 
     if ( defined( $opts->{country} ) ) {
@@ -153,6 +165,21 @@ if ( defined( $opts->{geomap} ) ) {
 
 close(TRACEROUTE);
 
+sub GetBGPRanking {
+
+    my $asn = shift;
+
+    my $con =
+      IO::Socket::INET->new( PeerAddr => "pdns.circl.lu", PeerPort => 43 )
+      or die();
+    print $con $asn . "\n";
+    my $x;
+    while (<$con>) {
+        $x = $x . $_;
+    }
+    return $x;
+}
+
 sub GetPTR {
     my $ip  = shift;
     my $iip = inet_aton($ip);