ip address usage auditing

| | Comments (0)
So I needed to write a report on ip address usage in the subnet on cogent, Reverse dns is one service that involves this and has information about its past usage, so I wrote a perl script to convert the PTR records in the zone file to ip addresses that I could give to fping to see which are up. First I wrote a perl oneliner that handled ipv4 PTR records without an $ORIGIN statement and it takes the zonefile on standard input:

perl -F'\.' -anwe 'if ($F[6] =~/PTR/) {print "$F[3].$F[2].$F[1].$F[0]\n";}'

That worked well for that project but I wanted it to be more generally useable so I wrote a longer script that will append the rest of the record from the $ORIGIN statement if there is no period at the end and will also reverse ip6.arpa records besides in-addr.arpa. Processing the $ORIGIN statement could be useful if a cache file from a slave server is being processed because bind automatically puts in as many $ORIGIN statements as it can in the cache file.

That script is at http://www.schmalenberger.us/files/revzone.pl. Without the zone file, nmap -sL can also be used to get some of this information but the zonefile may have more information. After giving that list of ip addresses to fping I was able to divide it into hosts that were pingable or not, and then I looked into at the ip= field in the vif line of the /etc/xen/ configuration file for each domU. Most of the domU addresses were already in the pingable list because they were up, but some were not and I put them into other lists based on whether they might likely to start again and use the ip address. Several of these domUs had ips that were not in reverse dns and some of those were up, which went into a different list. After all that I pinged all the other ip addresses not in reverse dns and none of them were reachable so they would be most likely useable ip addresses in the subnet.

Leave a comment

About this Entry

This page contains a single entry by nick published on November 11, 2008 11:48 PM.

freeside password heuristics was the previous entry in this blog.

dhcpd shared-network is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.