Table of Contents

Networking - ASN (Autonomous System Number) - About ASN (Autonomous System Number)

An ASN (Autonomous System Number) refers to a block of IP addresses.

Most large organizations or ISPs are allocated a number of ASNs.

ASNs can be useful to block an entire organization. Instead of manually having to add hundreds of IP addresses into a firewall rule, you can simply block the entire ASN, which blocks all IPs within that ASN.


How to find a specific ASN

There are many search tools online such as https://www.ultratools.com/tools/asnInfo.

For example, searching for Google returns a number of ASNs.


Alternatively:

dig google.com
 
; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2531
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com.			IN	A
 
;; ANSWER SECTION:
google.com.		300	IN	A	216.58.198.206
 
;; Query time: 24 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jan 04 15:55:10 GMT 2021
;; MSG SIZE  rcvd: 55

…then…

whois -h whois.cymru.com " -v 216.58.198.206"
 
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
15169   | 216.58.198.206   | 216.58.198.0/24     | US | arin     | 2012-01-27 | GOOGLE, US

NOTE: ASN is shown here as 15169, which is another of the above returned ASN in the search.


Determine which IPs actually fall into an ASN

Taking AS41264 from the above search as an example:

whois -h whois.radb.net -- '-i origin AS41264' | grep ^route | grep -v route6 | cut -d" " -f7 | most

returns:

74.125.63.0/24
74.125.58.0/24
74.125.60.0/24
104.132.0.0/16
104.132.0.0/23
104.132.2.0/23
104.132.4.0/23
104.132.6.0/23
104.132.8.0/23
104.132.10.0/23
...

NOTE: The IP addresses within an ASN may change often, so if you do use this for firewalling then update the list regularly.

Also note that the other ASN 15169 determined above also contained the same IP as ASN 41264. So blocking either of these ASN will still block the IP.


References

https://www.apnic.net/get-ip/faqs/asn/

https://en.wikipedia.org/wiki/Autonomous_system_(Internet)

https://www.ultratools.com/tools/asnInfo

https://www.nirsoft.net/whois_servers_list.html

https://team-cymru.com/community-services/ip-asn-mapping/