Norwegian Honeynet Project


A chapter of the Honeynet Project

Enhanced CC2ASN

March 23rd, 2010 by Tor Inge Skaar (0) News,Tools

For over 9 months we’ve run our CC2ASN service, allowing you to lookup up ISO-3166 country codes and get back all ASNs, IPv4 or IPv6 prefixes for that specific country. Now the time had come to do an update.

A major issue with the RIR data (delegated-feeds) used by the CC2ASN service, is ASNs registered to a region instead of a specific country. There are currently two regions in use; European Union (EU) and Asia Pacific (AP). The reason for using this is the ever increasing globalization of corporations and organizations, and hence quite understandable. But when you want a list of AS numbers for any given country code, the regional registrations have to be included.

This is where the enhanced database comes into action. In this database we’ve manually overridden the country code assignments for those ASNs that in the RIR data were registered to either EU or AP. In addition we’ve also corrected a few other ASNs that we knew had a wrong country code. The list we’ve compiled is publicly available: asn_override.txt.

It’s all been a manual job, going through all the EU and AP ASNs, plus a good portion of the CCs also. The CC override decision is based on one or more of the following actions:

  • Looking at references to location in whois descr, address or country records.
  • Using location info in router names from tracepath of the AS prefixes.
  • The nationality of peers and upstream providers.
  • Location of corporate headquarters or regional headquarters.
  • General googling/binging.

And this is a continuing job, whenever new ASNs are allocated to either EU or AP.

So, how do you access this new database? From the CC2ASN web-interface make sure you check the box labeled “Use Enhanced Database“. The database is also available by directly querying port 44/tcp (the normal CC2ASN database is available on standard whois port 43/tcp). Note that the enhanced database only outputs ASNs, not prefixes.

$ echo "GB" | nc atari.honeynor.no 44

Every day, when the latest RIR data are downloaded and parsed, all changes to the enhanced database are recorded. This allows us to provide you with an ASN history tool; CC2ASN Delta. The main page lists changes over the last 90 days for ASNs registered to a spesific country. By clicking on a county, you get a textual representation of all registered changes for that country. By further clicking on an ASN, you get a listing of potential country changes for that AS.

For more information, take a look at the documentation.

Leave a Reply

© Norwegian Honeynet Project 2012. Powered by Wordpress/Arcsin.
valid CSS valid XHTML