How to find all of an ISP's ASNs
Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!) Gary B
On 25 Oct 2016, at 18:41, Gary Baribault <gary@baribault.net> wrote:
Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!)
Gary B
ripe atlas has this info Colin
Can search here as well. http://as-rank.caida.org/ Luke Guillory Network Operations Manager Tel: 985.536.1212 Fax: 985.536.0300 Email: lguillory@reservetele.com Reserve Telecommunications 100 RTC Dr Reserve, LA 70084 _________________________________________________________________________________________________ Disclaimer: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material which should not disseminate, distribute or be copied. Please notify Luke Guillory immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Luke Guillory therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. . -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Gary Baribault Sent: Tuesday, October 25, 2016 12:41 PM To: nanog@nanog.org Subject: How to find all of an ISP's ASNs Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!) Gary B
On 26 Oct 2016, at 0:41, Gary Baribault wrote:
other than the two local major ISPs (keeping last Friday in mind!)
. . . why would you want to expose them to the public Internet at all? There are many, many reasons not to do so. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
Hello, You can use this http://www.cidr-report.org/as2.0/autnums.html Best Dhia Mahjoub, PhD Technical Leader, OpenDNS, part of Cisco On Tue, Oct 25, 2016 at 10:41 AM, Gary Baribault <gary@baribault.net> wrote:
Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!)
Gary B
Thanks folks, much appreciated Gary B On 25/10/16 03:35 PM, Dhia Mahjoub wrote:
Hello,
You can use this http://www.cidr-report.org/as2.0/autnums.html <http://www.cidr-report.org/as2.0/autnums.html>
Best
Dhia Mahjoub, PhD Technical Leader, OpenDNS, part of Cisco
On Tue, Oct 25, 2016 at 10:41 AM, Gary Baribault <gary@baribault.net <mailto:gary@baribault.net>> wrote:
Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!)
Gary B
as-set if they keep their routing registry updated? something like this http://bgp.he.net/irr/as-set/AS-RR-Res Normally I use IRR Explorer, but somehow the return is empty http://irrexplorer.nlnog.net/search/AS-RR-Res Yang On Tue, Oct 25, 2016 at 12:41 PM, Gary Baribault <gary@baribault.net> wrote:
Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!)
Gary B
On 26/10/2016 03:14, Yang Yu wrote:
as-set if they keep their routing registry updated?
something like this http://bgp.he.net/irr/as-set/AS-RR-Res
and if that doesn't work try: http://bgp.he.net/AS3356#_graph4 [replace the ASN with the ASN of your choice to see the interconnections.] -Hank
Normally I use IRR Explorer, but somehow the return is empty http://irrexplorer.nlnog.net/search/AS-RR-Res
Yang
On Tue, Oct 25, 2016 at 12:41 PM, Gary Baribault <gary@baribault.net> wrote:
Hi folks, how to I find all ASNs that belong to an ISP? I want to block access to my IoT cameras from the world other than the two local major ISPs (keeping last Friday in mind!)
Gary B
On Tue, Oct 25, 2016 at 9:03 PM, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
and if that doesn't work try: http://bgp.he.net/AS3356#_graph4 [replace the ASN with the ASN of your choice to see the interconnections.]
Doesn't always work--as it will only show upstream ASNs. For example, Comcast's backbone AS interconnects their regional ASNs. However, the regionals don't show up on http://bgp.he.net/AS7922#_graph4 so you'd need to find all of them first...with something like http://bgp.he.net/search?search[search]=Comcast and/or consult your favorite route server. Also Gary, keep in mind these aren't static. I.e. new AS are added/removed over time. And inferred policy (i.e. hub/spoke) could change too. But I'm still curious...how to you propose to filter by AS? And what if your neighbor (inside one of those permitted AS) is compromised? You've just re-exposed your IoT devices' soft white underbelly again. :-( ../C
participants (8)
-
colin johnston
-
Curtis Doty
-
Dhia Mahjoub
-
Gary Baribault
-
Hank Nussbacher
-
Luke Guillory
-
Roland Dobbins
-
Yang Yu