#!/usr/bin/perl
# @(#) myipcheck.pl v1.0 12 May 2001 Rob Thomas robt@cymru.com
# Take a file full of IP addresses and compare it against an array
# of our netblocks.  Handy for determining if one of our hosts is
# part of any "compromised host" list.
#

# The fields in the netblocks array are:
# 		Field One - low IP address in the range.
# 		Field Two - high IP address in the range.
# 		Field Three - description.
# Thus 192.168.50.0/24, the Computer Lab, becomes:
# 		"c0a83200", "c0a832ff", "Computer Lab"

@netblocks = (
	"0a010000", "0a01ffff", "Engineering 10.1.0.0/16",
	"c0a80f00", "c0a80fff", "Marketing 192.168.15.0/24",
	"ac101280", "ac1012ff", "Development 172.16.18.128/25"
);

open (INFILE, $ARGV[0]) or die "Couldn't open $ARGV[0]: $!";

while (<INFILE>) {
	chomp($decip = $_);

	# Split the individual octets, then convert them to hex.
	($oct[0], $oct[1], $oct[2], $oct[3]) = split '\.', $decip;
	$hexip = sprintf "%.2x%.2x%.2x%.2x", $oct[0], $oct[1], $oct[2], $oct[3];

	for ($loop = 0; $loop <= ($#netblocks + 1); $loop += 3) {

		# Compare everything in hex.  Easy and quick!
		if ($hexip ge $netblocks[0,$loop] and $hexip le $netblocks[0,$loop+1]) {
			print "$decip belongs to $netblocks[0,$loop + 2].\n";
			# If an IP could belong to multiple netblocks, e.g.
			# your netblocks overlap, comment out the break below.
			break;
		}
	}
}

exit;