Prompted by my old SpamByASN entry, I was recently asked how you would do IP to ASN lookups, and ideally ASN to IP lookups too. Since the full answer is complicated, I will do the simple and useful one first.

Assuming that nothing funny is going on, each IP address has exactly one ASN that ultimately announces it. The easiest way to find out this mapping for a given IP address is to use the asn and aspath reverse DNS lookup zones that routeviews.org provides; these return TXT records with the relevant information. For most people, the more useful one is asn.routeviews.org:

; sdig txt 1.100.100.128.asn.routeviews.org
"239" "128.100.0.0" "16"

This says that 128.100.100.1 is announced by AS 239, using the CIDR netblock 128.100.0.0/16. (See routeviews.org for details on what is returned for IP addresses with no routing information available.)

This doesn't tell you what AS 239 is, though, and it doesn't tell you what else AS 239 is responsible for (or at least claims to route). You can look up ASN details in various registration bodies, but the simplest resource I know of is the potaroo.net AS report lookup, which for any given ASN is 'http://asNNN.potaroo.net/' (eg, ours).

Unfortunately, as far as I know looking up all of the IP addresses that belong to an ASN is harder. While potaroo.net will tell you all of the CIDR netblocks that an ASN advertises, I don't know if it will tell you if another ASN is advertising more specific routes to portions of them (which I think happens routinely). However, for anti-spam work I believe that the potaroo data is usually going to be good enough (possibly coupled with some research about what the advertised netblocks theoretically are).

Note that there are a boatload of cautions associated with using ASNs this way, which I will summarize for now by saying that the Internet does not have a consistent global view of this stuff; what you see may depend on where you look from.