Farsight Security customers often lookup IP addresses (such as
or CIDR prefixes (such as
18.104.22.168/16) in DNSDB. When users do that, DNSDB returns the RRnames that
have been seen associated with those addresses. That's a relatively
However, at times, a user might be interested not just in a handful of addresses or CIDR prefixes, but ALL the CIDR prefixes originated by a particular autonomous system number (or "ASN"). Doing per-ASN analysis is particularly convenient if you're a large network operator (or you're trying to understand what the customers of some other large operator are up to).
In Farsight's latest whitepaper, available here, we show you how to easily look up an entire ASN's-worth of prefixes with just a click or two, building on the Scala GUI application development techniques we introduced in our previous whitepaper. A sample screenshot is below:
The companion code to go with the article is available here.
Backfill: So What's An ASN Again?
An "autonomous system number" is technically defined as a number assigned to a group of network addresses, managed by a particular network operator, sharing a common routing policy. Most ISPs, large corporations, and university networks have an ASN. For example, Google uses AS15169, Sprint uses AS1239, Intel uses AS4983, the University of California at Berkeley uses AS25 and so on. In general, you can think of an ASN as a number that "maps to" or represents a particular provider or network. As such, it is a useful way to aggregate and sort IP addresses into useful chunks (even though its continued-most-important role remains the role it plays in supporting Internet traffic routing).
Need to look up an ASN? Try this. For example,
bgp.he.net will help you discover that The Ohio State University uses AS159.
The Scala Demo Application and Whitepaper
If you check out our new whitepaper, you'll see that it shows how to create a sample Scala application that will:
1) Get an ASN from the user
2) Map that ASN to a set of IPv4 and/or IPv6 prefixes (based on BGP routing data from BGPview.io).
3) Perform a DNSDB Rdata query for each IPv4 or IPv6 prefix found in step 2.
The results of those queries can be saved in a subdirectory or as a single consolidated file.
Check it out – we think you'll find this to be a very powerful tool that really enhances your ability to use DNSDB API to do investigations at scale.
Joe St Sauver, Ph.D., is a Scientist with Farsight Security, Inc.
← Blog Home