Automatically Going From An Autonomous System Number (ASN), To The Prefixes It Announces, To The Domain Names Seen Using Those IPs: Another Farsight DNSDB API Demo Application and Whitepaper

Farsight Security customers often lookup IP addresses (such as

128.223.32.35

)or CIDR prefixes (such as

128.223.0.0/16

) in DNSDB. When users do that, DNSDB returns the RRnames thathave been seen associated with those addresses. That’s a relativelystraightforward process.

However, at times, a user might be interested not just in a handful ofaddresses or CIDR prefixes, but ALL the CIDR prefixes originated by aparticular autonomous system number (or “ASN”). Doing per-ASN analysis is particularly convenientif you’re a large network operator (or you’re trying to understand what thecustomers of some other large operator are up to).

In Farsight’s latest whitepaper, available here, we show you how to easilylook up an entire ASN’s-worth of prefixes with just a click or two, building onthe Scala GUI application development techniques we introduced in our previous whitepaper. A sample screenshot is below:

The companion code to go with the article is available here.

Backfill: So What’s An ASN Again?

An “autonomous system number” is technically defined as a number assigned to agroup of network addresses, managed by a particular network operator, sharing acommon routing policy. Most ISPs, large corporations, and university networkshave an ASN. For example, Google uses AS15169, Sprint uses AS1239, Intel usesAS4983, the University of California at Berkeley uses AS25 and so on. Ingeneral, you can think of an ASN as a number that “maps to” or represents aparticular provider or network. As such, it is a useful way to aggregate andsort IP addresses into useful chunks (even though its continued-most-importantrole remains the role it plays in supporting Internet traffic routing).

Need to look up an ASN? Try this. For example,

bgp.he.net

will help you discover that The Ohio State University uses AS159.

The Scala Demo Application and Whitepaper

If you check out our new whitepaper, you’ll see that it shows how to create asample Scala application that will:

1. Get an ASN from the user
2. Map that ASN to a set of IPv4 and/or IPv6 prefixes (based on BGP routingdata from BGPview.io).
3. Perform a DNSDB Rdata query for each IPv4 or IPv6 prefix found in step 2.

The results of those queries can be saved in a subdirectory or as a singleconsolidated file.

Check it out — we think you’ll find this to be a very powerful tool thatreally enhances your ability to use DNSDB API to do investigations at scale.

Joe St Sauver, Ph.D., is a Scientist with Farsight Security, Inc.