#!/usr/bin/perl # @(#) myipcheck.pl v1.0 12 May 2001 Rob Thomas # Take a file full of IP addresses and compare it against an array # of our netblocks. Handy for determining if one of our hosts is # part of any "compromised host" list. # # The fields in the netblocks array are: # Field One - low IP address in the range. # Field Two - high IP address in the range. # Field Three - description. # Thus 192.168.50.0/24, the Computer Lab, becomes: # "c0a83200", "c0a832ff", "Computer Lab" @netblocks = ( "0a010000", "0a01ffff", "Engineering 10.1.0.0/16", "c0a80f00", "c0a80fff", "Marketing 192.168.15.0/24", "ac101280", "ac1012ff", "Development 172.16.18.128/25" ); open (INFILE, $ARGV[0]) or die "Couldn't open $ARGV[0]: $!"; while () { chomp($decip = $_); # Split the individual octets, then convert them to hex. ($oct[0], $oct[1], $oct[2], $oct[3]) = split '\.', $decip; $hexip = sprintf "%.2x%.2x%.2x%.2x", $oct[0], $oct[1], $oct[2], $oct[3]; for ($loop = 0; $loop <= ($#netblocks + 1); $loop += 3) { # Compare everything in hex. Easy and quick! if ($hexip ge $netblocks[0,$loop] and $hexip le $netblocks[0,$loop+1]) { print "$decip belongs to $netblocks[0,$loop + 2].\n"; # If an IP could belong to multiple netblocks, e.g. # your netblocks overlap, comment out the break below. break; } } } exit;