Black & Whitelist Management by ASN

Industry-first feature is available in BitNinja!

We are happy to announce that the brand-new ASN white/blacklist option is out now. This development was requested by our users and we are so thankful that our partners are inspiring us to create such special features, which are only available in BitNinja.

What does ASN mean?

An autonomous system (AS) is a large network or multiple networks that are typically managed by a large enterprise, such as Internet Service Providers (ISP), educational institutions or government institutions.

These large organizations usually have many different subnetworks in different geographical places, but they are all connected to the same operating environment. Between the different autonomous systems, the Border Gateway Protocol (BGP) is responsible for the routing. Each subnetwork has its own autonomous system number (ASN), so the BGP can identify them.

The AS numbers are provided by the IANA
(Internet Assigned Numbers Authority). Before 2007, all ASNs were 16-bit numbers, so there were 65,536 possible ASNs. It wasn’t enough, so the 32-bit versions appeared as well, which make more than 4,000,000,000+ ASNs available.

Background

Adding single IPs/IP ranges to the custom black- and whitelist is a basic feature in every security service. It’s not only available on the BitNinja Dashboard, but users can also manage their lists in CLI.

We also added the country management feature, so our ninja friends can black- or whitelist whole countries. This feature was released because our users asked for it, and now, here is a new development inspired by our BitNinja users.

As there are several huge companies within our Ninja Community, there is a demand to allow white- and blacklisting ASNs. Several partners of ours have asked us to develop this feature, so here it is! 🙂

We not only say that we really care about the user requests, but we also make their wishes happen. 😉

So, if you have a feature request, please don’t be shy. Share it with us
and we’ll do our best to make it happen for you asap.

Why should you add ASNs to your black/whitelist?

Personally, we don’t recommend blocking a whole country. It happened several times that someone contacted our team with a problem and it turned out that the source of the problem was the country blocking. Adding a whole country to the blacklist means that every service which has an IP connected to that country will be blocked. So, adding countries to your blacklist should be used with caution because it can have disadvantages:

  • Non-malicious IPs will be blocked too (even services that you use or valid visitors)
  • BitNinja can’t learn from the connections coming from the exact country

That’s why our greylist is a more flexible approach. It’s more powerful and provides a better user experience too.

Now, managing a user blacklist by ASNs allows the users to fine-tune their custom blacklist without country blocking. This is a really unique feature that is only available in BitNinja. We use the MaxMind database for identifying the ASNs.

Even Spamhouse has a list of malicious AS numbers, so you can see that not a whole country is a threat for you, but some exact ISPs.

So, we highly recommend using this option. 😉

How to add an ASN to the black/whitelist

You can add AS numbers both to your black- and whitelist as well. Simply go to your Whitelist and choose the Add ASN Number option at the top:

Here, you can add those autonomous systems that you truly trust, so BitNinja won’t filter the requests coming from them. For example, 15169 belongs to Google.

Or, if you’d like to completely block an AS because you are sure that it is dangerous, go to your Blacklist and add the ASN. You can find malicious ASNs on Spamhouse’s list as mentioned above. Here is one dangerous enterprise from that list:

But how can you find the ASN of a service provider? There are many tools available on the internet such as the MxToolBox ASN Lookup
.

API endpoints

If you prefer managing your black- and whitelists with API, you can use the following API endpoints:

With them, you can check ASNs on your lists, add them to your white- or blacklist or remove them from your lists. You can find these and all the other API endpoints on the BitNinja Swagger page
.

Future developments at BitNinja

ASN black-, whitelist management is just the beginning of the advanced firewall options. In the future, users will be able to manage their lists by servers
too. This was only an example of those projects which will bring a BitNinja firewall 2.0 😉

So, stay tuned and try out the brand-new feature!