Page MenuHomePhabricator

Create a tool that makes it easier to map IPs to ASN CIDRs
Open, Needs TriagePublic

Description

We need a tool that can take a list of IP addresses as an input (one per line), and return a condensed list of CIDRs for the ASNs that those IPs belong to.

This is something I have do populate manually whenever I run a CU on a user that uses one of those ISPs that cycles through IP addresses quickly, or when the user is using proxies (either because they have IPBE, or because we have yet to block those proxies). Doing it manually is inefficient. I once wrote a JS tool to make the process easier, but @Ladsgroup pointed out that sending many IP WHOIS requests from my machine may not be a great idea. Also, much of the IP-to-ASN relationship does not really change much over time and could be cached, or even better, could be retrieved from sources like MaxMind instead of running actual WHOIS queries.

The purpose of this task:

  • Identify what data source to use
    • Does MaxMind free provide all that is needed?
    • Does MaxMind free license allow this kind of use case?
    • If the answer to either of those is no, can we use a licensed version of MaxMind through WMF?
    • If no, are there any reasons we could not run WHOIS commands from Clouds machines and cache them in a database?
  • Identify if setting up a service like this is allowed on WMF Clouds
  • Determine how access management should be done for such a tool
    • Is it possible to use OAuth to verify the user is a CU on some wiki?
    • If not, should we authenticate using OAuth and but perform access management using a manual list of allowed users?
  • Other technical considerations
    • Should the tool have some form of throttling?
    • Should it have its own audit log? If yes, what should it entail?

Event Timeline

Huji updated the task description. (Show Details)

If no, are there any reasons we could not run WHOIS commands from Clouds machines and cache them in a database?

Such a cache service, if generalized, might help https://whois.toolforge.org/ which essentially sends IP Whois requests on behalf of users. It caused issues from sending too many requests against Whois databases not too long ago: T265784