Blocking an AS Range

We block the Country Russia for a client; however, we are still getting scanned via AS networks in Russia. Blocking the AS is great; however, this ISP has many.

How can we block an AS range?

e.g. as-block: AS47104 to AS52223

Or would this be a feature request?

Thanks!

I don’t think a range of ASN can be assigned to a specific country. It could be used by other countries and providers as well.

How about give JS challenge a try? JS challenge all the Russia traffic.

The AS Number is tied to the ISPs IP block, and this ISP has several more. I could block all of the individual AS numbers owned by this ISP, but that would be tedious. They appear to be listed serially and ranged.

I want to block at L3, not at the application layer as obviously knowledgeable scripts/hackers could easily circumvent. Just like Maxmind’s database is not current; otherwise, blocking Russia would have been sufficient.

Thanks for the suggestion as it may help others.

ASNs do not match to Countries, they essentially map to routing policies controlled and operated by one entity. A single AS will contain one or more IP prefixes, and those prefixes might be used across multiple countries.

Generally, even the largest networks would not have a significant number of ASNs assigned, so it would not be a major task to create a firewall rule like this:

ip.geoip.asnum in {64496 64497 64499}

2 Likes

Yes, I know this. That is not the case here. This ISP is in Russia and they have more than a dozen. Ok, so I have my answer. Manually add them :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.