Skip to content

Net::DNS::Reputation::TeamCymru

I was looking for a simple method to send DNS requests to Team-Cymru.org services. Last year, I created another “Perl module”  based on Net::DNS::Dig that had the same functionality. However, as pointed in my post, that Perl extension has a very poor Query ID generation algorithm, which could be susceptible to Kaminsky’s Bug.

Net::DNS::Reputation::TeamCymru is a Perl extension to send DNS requests to Team-Cymru very easily. It is 100% based on Net::DNS::Simple. It supports IPv4, IPv6*, Reversed IP, and ASN number.

Examples taken from Team-Cymru page [1]. All IPs are on reversed format.

Service: “origin”

 $ dig +short 31.108.90.216.origin.asn.cymru.com TXT
 "23028 | 216.90.108.0/24 | US | arin | 1998-09-25"

Service: “origin6”

 $ dig +short 2.0.0.b.0.6.8.4.1.0.0.2.origin6.asn.cymru.com. TXT
 "15169 | 2001:4860::/32 | US | arin | 2005-03-14"

Service: “asn”

 $ dig +short AS23028.asn.cymru.com TXT
 "23028 | US | arin | 2002-01-04 | TEAMCYMRU - SAUNET"

One needs to create an Object using a hash with entity and service. Entity can be the IPv4, IPv6, Reversed Format, and AS Number. Service are the services provided by Team-Cymru such as “origin”, “origin6”, “peer”, and “asn”.

For IPv4 format a.b.c.d, there is no need to reverse it (d.c.b.a) as Team-Cymru requires. This extension parses both a.b.c.d and d.c.b.a.in-addr.arpa formats to a proper syntax.

*I am still working on IPv6 regular expression format, it is not supported yet. To sent queries to  “origin6” server, one needs to reverse for the IPv6 reversed format.

my $rept = Net::DNS::Reputation::TeamCymru->new({
               entity => IPv4, Reverse, IPv6, and ASN
               service => "Service You Want"
);

To get the answer just type:

say $rept->get_response();
  • origin.asn.cymru.com
  • origin6.asn.cymru.com
  • peer.asn.cymru.com
  • asn.cymru.com

The following code resolves A-type resource record from google.com.

my $res = Net::DNS::Simple->new("google.com", "A");

For every entry found on DNS answer section, parse it using ‘\t’. IP address is found on the last position of array @ip4.

for my $entry ($res->get_answer_section()) {
        my @ip4 = split /\t/, $entry;

Sending queries to “origin” server.

     my $rept = Net::DNS::Reputation::TeamCymru->new({
                  entity => $ip4[-1],
                  service => "origin"});

Response is get using:

       say $rept->get_response();

Complete example:

use Net::DNS::Simple;
use Net::DNS::Reputation::TeamCymru;
use feature qw/say/;
my $res = Net::DNS::Simple->new("google.com", "A");
for my $entry ($res->get_answer_section()) {
        my @ip4 = split /\t/, $entry;
        say "Checking reputation for this ip:", $ip4[-1];
        my $rept = Net::DNS::Reputation::TeamCymru->new({
                  entity => $ip4[-1],
                  service => "origin"});
       
       say $rept->get_response();
}

I hope this extension can help other programmers to retrieve information from an IP address.

1 – http://www.team-cymru.org/IP-ASN-mapping.html

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.