When we think about network information, most of us include IP addresses, and yes, that's a big part of the Internet.
However, there's also a relevant and related thing called ASN.
Here at Outsource Path, as part of our Server Security Services, we regularly help our Customers to perform Autonomous System Number related queries.
In this context, we shall look into: What's an ASN? How can ASN can be useful in cybersecurity? And what are some handy ASN lookup tools?
More about ASN?
ASN, also known as Autonomous System Number, is a particular number assigned by IANA to an autonomous system (known simply as 'AS' because it's basically a group of IP networks that have their own independent route policy).
This ASN is accessible and valid from all over the world with the aim of identifying different autonomous systems on the Internet, and at the same time allows that particular AS to share information with other AS neighbors.
Since the very beginning, and until late 2007, ASNs had a max limit of 65,535 assignments due to the 16-bit integer dependency. During the 2000s, and as the Internet continued to grow, engineers started thinking about how to expand the number of assigned AS, and the solution was to start using 32-bit based autonomous systems, which IANA began to allocate in order to increase the ASN capacity.
Types of autonomous systems
AS can be grouped into four major categories, depending on how they operate:
1. Stub: It's the simplest and most basic AS, connected only to one autonomous system. For example, when a network has a single connection to the Internet.
2. Transit: This type of AS connects with several other autonomous systems and also allows them to communicate with each other. It's like a link between two autonomous systems.
3. Multihomed: It connects with several autonomous systems, but does not support traffic between them. It's the perfect solution for keeping connectivity working if one AS connection fails.
What is an ASN lookup?
An ASN lookup is the act of querying the different RIR’s databases in order to get information about an Autonomous System Number (ASN).
By performing an Autonomous System lookup you can grab AS information, such as:
iv. Creation and last-update date
v. Source of the ASN information
vi. Responsible organization
viii. Admin, Technical and Abuse contact information
ix. ASN Status
x. AS Name
While most lookups are made against the regional RIR's that the ASN belongs to, there are also some passive ASN private databases from different companies that offer this information.
Top ASN lookup tools:
The ultimate goal of all these tools is to check the Autonomous System Numbers (ASN) so you can fetch the full AS data. Some of these ASN lookup utilities will let you search for a company or organization, then check out their assigned IP ranges and autonomous system numbers.
As always, let's start with the nerdy tools available from the Linux terminal.
For Terminal-based ASN lookups:
n order to get the ASN number of certain IP addresses, we will have to combine both dig and WHOIS commands. The latter will give us the Origin Autonomous System Number, and with that information in hand we can then perform proper AS lookups.
Keep in mind that the Origin AS information (where IP addresses may originate) is not present in all the allocated IP ranges across the 5 RIRs, as it's an optional field for all IPv4 and IPv6 block transactions.
Dig & WHOIS commands
Let's perform a simple dig query by using:
From this output, the interesting part is the IP address:
arin.net.com. 600 IN A 220.127.116.11
Now we will launch the whois command to find the origin of this IP address:
$ whois -h whois.arin.net -v 18.104.22.168 | grep origin -i
You can fetch related data about that ASN with the same command:
$ whois -h whois.arin.net -v 22.214.171.124 | egrep -i 'origin|range|name|organiz|mail'
NetRange: 126.96.36.199 - 188.8.131.52
Organization: ARIN Operations (ARINOPS)
OrgName: ARIN Operations
OrgAbuseName: ARIN Operations Abuse
OrgTechName: O'Neill, Michael J
OrgTechName: Newton, Andy
OrgTechName: Rowley, Matt
While this WHOIS IP lookup reveals a few details about the ASN, organization and associated IP ranges, it's not as complete as we need it.
Autonomous System lookup script
Performing manual lookups with dig and WHOIS may take you forever, to be honest. Fortunately, some handy ASN WHOIS lookup scripts are here to help you.
Adriano Provvisiero created an ASN lookup script that will let you specify the AS number, IP address or website name in order to perform reverse and direct ASN lookups.
How can I test it?
Get the source code from here: https://gist.github.com/nitefood/1eba4183012dcca0f082535f0eb128db
Rename it 'asn'
Apply execution permissions to that file by using this command:
chmod +x asn
Execute the script using:
./asn asnumber (replace asnumber with the correct ASN)
asn <ASnumber>: to lookup matching ASN data. Supports “as123” and “123” formats (case insensitive)
asn <IP.AD.DR.ESS>: to lookup matching route and ASN data
asn <ROUTE>: to lookup matching ASN data
asn <host.name.tld>: to lookup matching IP, route and ASN data (supports multiple IPs - e.g. DNS RR)
As you can see, this bash script is pretty easy to use, and allows you to fetch basic ASN information within seconds using ASN, IPs or domain names.
However, keep in mind that it relies on a single private database organization which may not be offering the most updated and accurate information.