Where does pfBlockerNG pull ASN data from

LinuxTracker

What source does pfBlockerNG use for AS Number data?

Asking bc my ASN data in pfBlockerNG -> Logs -> Original IP Files -> SpamAS_custom (Alias Native) only shows 4 CIDRs.
There should be 23

For AS11282, my /var/db/pfblockerng/original/SpamAS_custom.orig file has

### AS11282: as11282 ###
198.44.224.0/20
198.44.240.0/21
198.44.252.0/22
23.234.56.0/22

I'm pretty sure the data is wrong and I'd like to query the source directly.
(ie: 23.234.56.0/22 isn't announced by anyone. Some old records list it, though)

I've done my best to make sure deduplication isn't a factor (list is Alias Native).
A grep showed some missing CIDRs in other lists but most aren't anywhere.

Thanks for any info.

For ref:
AS11282 actually has

104.251.224.0/21
104.251.232.0/22
104.251.236.0/23
122.10.121.0/24
122.10.123.0/24
192.0.16.0/20
192.249.80.0/22
198.1.128.0/18
198.1.189.0/24
198.1.190.0/24
198.1.191.0/24
198.15.128.0/17
198.44.224.0/20
198.44.252.0/23
198.105.160.0/19
198.177.56.0/22
198.177.56.0/23
198.177.58.0/23
198.177.60.0/22
199.231.64.0/22
199.231.64.0/23
199.231.66.0/23
199.231.68.0/22

http://bgp.he.net/AS11282#_prefixes

BBcan177

The ASN information is taken from the Merit RADb public registry of network routing information:

http://www.radb.net/

The following command will simulate what IPs the RADb query reports:

mwhois -h whois.radb.net \!gAS11282 | tail -n +2 | tr -d '\nC' | tr ' ' '\n'

At one time, the pkg could download from the BGP site, but they have recently blocked access for non-browser requests…

LinuxTracker

@BBcan177:

The ASN information is taken from the Merit RADb public registry of network routing information:

http://www.radb.net/

That's helpful.
I'm able to confirm that RADb has wrong data.  I wonder if they accept req from peons to update their database.

I'll start tracking ASN data from RADb against other ASN record providers.
If I start seeing a lot of errors I'll post back here about it.

Appreciate the prompt response.

RonpfS

As a work around, you could create your an IPv4 Alias and put the CIDRs from bgp.he.net in the IPv4 Custom list section, or create a local file with the CIDRs on the FW.

javcasta

Hello.

A practical example for domain pfsense.org:

[2.3.2-RELEASE][root@pfSense.mydomain]/root: host -4 pfsense.org
pfsense.org has address 208.123.73.69
pfsense.org has IPv6 address 2610:160:11:11::69
pfsense.org mail is handled by 10 mail.pfsense.org.

[2.3.2-RELEASE][root@pfSense.mydomain]/root: whois -h whois.cymru.com – "-c 208.123.73.69"
AS      | IP              | CC | AS Name
30312  | 208.123.73.69    | US | NETGATE - Netgate, US

[2.3.2-RELEASE][root@pfSense.mydomain]/root: mwhois -h whois.radb.net !gAS30312 | tail -n +2 | tr -d '\nC' | tr ' ' '\n'
192.207.126.0/24

Maybe … Is there anything wrong in database?

Regards

tonymorella

@javcasta:

Hello.

A practical example for domain pfsense.org:

[2.3.2-RELEASE][root@pfSense.mydomain]/root: host -4 pfsense.org
pfsense.org has address 208.123.73.69
pfsense.org has IPv6 address 2610:160:11:11::69
pfsense.org mail is handled by 10 mail.pfsense.org.

[2.3.2-RELEASE][root@pfSense.mydomain]/root: whois -h whois.cymru.com – "-c 208.123.73.69"
AS      | IP              | CC | AS Name
30312  | 208.123.73.69    | US | NETGATE - Netgate, US

[2.3.2-RELEASE][root@pfSense.mydomain]/root: mwhois -h whois.radb.net !gAS30312 | tail -n +2 | tr -d '\nC' | tr ' ' '\n'
192.207.126.0/24

Maybe … Is there anything wrong in database?

Regards

raddb is correct but the last tr cutting IP, this works

mwhois -h whois.radb.net \!gAS30312 | tail -n +2 | tr -d '\nC' | tr '[:space:]' '\n'

192.207.126.0/24
208.123.73.0/24

javcasta

Hello

Thanks, tonymorella :)  ( the last space was my mistake )

Regards.