Wiki

User Tools

Site Tools

Trace:
networking:asn_autonomous_system_number:about_asn_autonomous_system_number

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

networking:asn_autonomous_system_number:about_asn_autonomous_system_number [2021/01/04 16:22] – created peternetworking:asn_autonomous_system_number:about_asn_autonomous_system_number [2021/01/04 16:23] (current) peter
Line 1: Line 1:
 ====== Networking - ASN (Autonomous System Number) - About ASN (Autonomous System Number) ====== ====== Networking - ASN (Autonomous System Number) - About ASN (Autonomous System Number) ======
 +
 +An **[[https://en.wikipedia.org/wiki/Autonomous_system_(Internet)|ASN (Autonomous System Number)]]** refers to a block of IP addresses.
 +
 +Most large organizations or ISPs are allocated a number of ASNs.
 +
 +ASNs can be useful to block an entire organization. Instead of manually having to add hundreds of IP addresses into a firewall rule, you can simply block the entire ASN, which blocks all IPs within that ASN.
 +
 +----
 +
 +===== How to find a specific ASN =====
 +
 +There are many search tools online such as https://www.ultratools.com/tools/asnInfo.
 +
 +For example, searching for **Google** returns a number of ASNs.
 +
 +{{:networking:asn_-_search_-_google.png?800|}}
 +
 +----
 +
 +Alternatively:
 +
 +<code bash>
 +dig google.com
 +
 +; <<>> DiG 9.16.1-Ubuntu <<>> google.com
 +;; global options: +cmd
 +;; Got answer:
 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2531
 +;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 +
 +;; OPT PSEUDOSECTION:
 +; EDNS: version: 0, flags:; udp: 65494
 +;; QUESTION SECTION:
 +;google.com. IN A
 +
 +;; ANSWER SECTION:
 +google.com. 300 IN A 216.58.198.206
 +
 +;; Query time: 24 msec
 +;; SERVER: 127.0.0.53#53(127.0.0.53)
 +;; WHEN: Mon Jan 04 15:55:10 GMT 2021
 +;; MSG SIZE  rcvd: 55
 +</code>
 +
 +...then...
 +
 +<code bash>
 +whois -h whois.cymru.com " -v 216.58.198.206"
 +
 +AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
 +15169   | 216.58.198.206   | 216.58.198.0/24     | US | arin     | 2012-01-27 | GOOGLE, US
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  ASN is shown here as 15169, which is another of the above returned ASN in the search.
 +</WRAP>
 +
 +
 +----
 +
 +===== Determine which IPs actually fall into an ASN =====
 +
 +Taking AS41264 from the above search as an example:
 +
 +<code bash>
 +whois -h whois.radb.net -- '-i origin AS41264' | grep ^route | grep -v route6 | cut -d" " -f7 | most
 +</code>
 +
 +returns:
 +
 +<code bash>
 +74.125.63.0/24
 +74.125.58.0/24
 +74.125.60.0/24
 +104.132.0.0/16
 +104.132.0.0/23
 +104.132.2.0/23
 +104.132.4.0/23
 +104.132.6.0/23
 +104.132.8.0/23
 +104.132.10.0/23
 +...
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  The IP addresses within an ASN may change often, so if you do use this for firewalling then update the list regularly.
 +
 +Also note that the other ASN 15169 determined above also contained the same IP as ASN 41264.  So blocking either of these ASN will still block the IP.
 +</WRAP>
 +
 +
 +----
 +
 +===== References =====
 +
 +https://www.apnic.net/get-ip/faqs/asn/
 +
 +https://en.wikipedia.org/wiki/Autonomous_system_(Internet)
 +
 +https://www.ultratools.com/tools/asnInfo
 +
 +https://www.nirsoft.net/whois_servers_list.html
 +
 +https://team-cymru.com/community-services/ip-asn-mapping/
  
networking/asn_autonomous_system_number/about_asn_autonomous_system_number.1609777366.txt.gz · Last modified: 2021/01/04 16:22 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki