ASN to IP address conversion has stopped working

Rogerboomhouser

Hello,

I noticed yesterday that pfblockerng had stopped updating my aliases built to selectively filter IP ranges announced by specific ASNs. I'm currently running pfBlockerNG-devel 2.2.5_34 I'm currently seeing the following in my logs down below. Does anyone have any ideas on what I can do to correct this? I was hypothesizing that I needed to contact Team Cymru since they are listed in the guidelines for the IPv4 source definitions, but was not certain.

UPDATE PROCESS START [ 08/20/20 14:54:57 ]

===[ DNSBL Process ]================================================

Clearing all DNSBL Feeds
** DNSBL Disabled **

===[ GeoIP Process ]============================================

[ pfB_Top_v4 ] Changes found... Updating

[ pfB_Africa_v4 ] Changes found... Updating

[ pfB_Antarctica_v4 ] Changes found... Updating

[ pfB_Asia_v4 ] Changes found... Updating

[ pfB_Europe_v4 ] Changes found... Updating

[ pfB_NAmerica_v4 ] Changes found... Updating

[ pfB_Oceania_v4 ] Changes found... Updating

[ pfB_SAmerica_v4 ] Changes found... Updating

[ pfB_PS_v4 ] Changes found... Updating

===[ IPv4 Process ]=================================================

[ amazonaws_v4 ] Reload [ 08/20/20 14:54:58 ] . completed ..

[ netflix_v4 ] Reload . completed ..

[ AS32590_v4 ] Reload . completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

[ AS32163_v4 ] Reload . completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

[ AS714_v4 ] Reload . completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

[ AS7922_v4 ] Reload . completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

[ AS16509_v4 ] Reload . completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

[ id_135011_v4 ] Reload . completed ..

[ CIDR_v4 ] Reload . completed ..

[ AS22822_v4 ] Reload . completed ..
Empty file, Adding '127.1.7.7' to avoid download failure.

[ dnsservers_v4 ] Reload . completed ..

pete35

same here ...

wangel

Same here, Been driving me insane ALL day today.

I had an update to pfblockerng-devel, so I ran it, hoping it would fix it, it did not.

I am now on; 2.2.5_34

So even an older version, something broke also.

Rogerboomhouser

@wangel I'm not completely convinced its even pfBlocker. It looks like pfBlocker relies on a third party for the conversion but I'm not 100% sure.

If you look under the guidelines for IPv4 Source Definitions there is a reference to this site https://asn.cymru.com/cgi-bin/whois.cgi which I am presuming has an API that the lookup request is sent to. If you attempt a lookup at that URL you get an error back leading me to believe the problem might be there. I'd like to be sure of that before I start harassing them though.

wangel

Looks like it's with the site that it uses to pull the ASN info....
I looked in pfblockerng.inc and there's this;

 // If Host IP is not in ASN cache, collect ASN from BGPview API
                                                if (!$asn_cache) {

                                                        $asn            = '';
                                                        $bgp_url        = "https://api.bgpview.io/ip/{$ip}";

If you go to just https://api.bgpview.io it redirects you to a docs page that talks about how the api works, scroll down to the IP section and it tells you how to use it.

If I try: https://api.bgpview.io/ip/8.8.8.8 I get a Cloudflare Error 523 page.

So it looks like the problem is with bgpview.io ... yikes.

I'll let bbcan know on reddit, so this gets more exposure.

EDIT: looks like https://www.bgpview.io is down down.

wangel

@Rogerboomhouser FYI;
https://twitter.com/BBcan177/status/1296638315437993984