Comment by Octoth0rpe
3 years ago
A couple of fun facts about this guy:
His little ISP is AS267, which is a SHOCKINGLY low number. That's like.. the ISP equiv of a 4 digit slashdot id, or owning something like sodapop.com.
He's also one of the authors of RFC 5575, which is a pretty big deal in the DDoS world.
I don't know (or care) about how he got that ASN but ARIN does occasionally recycle returned 3 or 4 digit ASN's, including very recently:
The first time ARIN did this with a lot of 4-digit ASN's was 2009 and was how Netflix was able to get AS2906.
There is also a market for reselling ASN's that aren't needed anymore: https://auctions.ipv4.global (filter by ASN)
He's been a backbone guy since the the mid-1990s.
pc literally said he was not talking about this guy, can’t win I guess
1 reply →
In this case, this wasn't recycled - his is actually decades old
I recognized his name from providing hosting for the outages.org list[0] – if you haven't subscribed, and you do anything operations at all, go hit the button now.
[0]: https://puck.nether.net/mailman/listinfo/outages
Not come across this list before.
I'm being a bit lazy here but do you happen to know if there is a way to consume this programatically? I'm thinking RSS or perhaps an API?
Edit: For the benefit of others who might be interested, I've just subscribed using Feedbin's [0] email-to-RSS feature so updates will appear in my RSS reader!
[0] https://feedbin.com
This is a mailing list. Subscribe and point it to something that can ingest messages, similar to how you would pipe support@ to a helpdesk and auto-create tickets.
Jared is not a rando who built an ISP. He is someone who forgot more about networking and running NSPs than most people know.
What is an ASN and what advantage is there to have a low number?
ASN = Autonomous System Number (https://en.wikipedia.org/wiki/Autonomous_System_Number), it's a number which identifies an ISP in the core Internet routing protocol (BGP). A low ASN usually means your ISP has been part of the Internet for a long time; other than the 16-bit vs 32-bit ASN distinction, it has no practical effect, besides implying that your ISP is one of the "old-timers".
Adding to this, Autonomous Systems, which are identified by ASNs, are the networks that the Internet is internetworking between.
That protocol is called BGP, or border gateway protocol. Most people's familiarity with that initialism, if any, comes from reports of major outages which occur when BGP routing --- effectively the list of peers to which a given AS connects --- gets fuxnored. This happens with somewhat distressing regularity (though not exceptionally high frequency), and along with some other notable failure points in modern telecoms (say, SIM spoofing, DDoS, or good old social engineering) is not-so-charmingly naive in its architecture of implied trust and lack of technical safeguards against either accident or malice.
As originally specified, ASNs ranged to 65,536 distinct systems (16 bits). That's since been bumped up to 32 bits, for 4,294,967,296 distinct systems.
Some old hands would track network abuse by ASN or a somewhat finer gradation, CIDR (classless internet domain routing), which tend to aggregate poorly-behaved networks into identifiable aggregates. That was somewhat more tenable with the smaller number of providers, though power laws and Zipf functions mean that bad behaviour does stil tend to self-organise in useful ways. Growth in indirection (VPNs and Tor) challenge this somewhat, with gateways now being identified as abuse sources, which is ... problematic.
ASN is an Autonomous System Number. An ISP is the primary example of an Autonomous System. There are other organizations that have ASNs like data centers.
The internet is decentralized. Basically, each autonomous system is its own network. This means that they need to connect with one another in order to allow traffic between each other. This is called peering. In order to peer with another network you must have an ASN.
The number doesn't matter.
It's an NFT representing early participation on the Internet.
Hardly non-fungible but yes, it means you've been on the internet for long.
vanity
My university’s is number 2; is there any significance to that?
Is your university among these? https://www.visualcapitalist.com/wp-content/uploads/2019/03/...
University of Delaware, per this: https://dnschecker.org/asn-whois-lookup.php?query=AS2
So, not on that map, but it was part of ARPANET by the time the TCP/IP protocol was introduced in 1983[0], per this map: https://www.historyofinformation.com/image.php?id=6456
[0]: https://blog.google/inside-google/googlers/marking-birth-of-...
6 replies →
(Not the guy you replied to, but) it's not, unless I am missing it. ASN 2 is University of Delaware. You can search for yourself at whois.arin.net, just type a number in the search bar in the upper right.
can somebody ELI5? what is this code mean? what is RFC 5575?
RFC 5575 is a widely adopted specification implemented by router vendors that lets ISPs (think Comcast, Verizon, Deutsche Telekom, Akamai) block certain kinds of traffic at their routers using rules called "Flow Specifications". A rule looks _something_ like "Drop traffic if it's on Port 80 and its packet size is 252 bits". That level of logic is good enough to block many simple DDoS attacks, and since it's done on a router, it's hardware that the ISP has to buy anyway. The more expensive / but also more powerful solution usually involves a dedicated piece of hardware that does packet inspection.
Yeah FPGA's are marketed for packet inspection. Like on xilinx.com, and microsemi.com, they talk about radar and military, defense, on top of AI and fintech. It's just really hard to market FPGA's, it's such a shiny toy but then it never ends up actually selling in volume, like GPUs, there's envy of that success. Especially because in many ways F's have merits that go toe-to-toe with GPU, and defeat them in eg latency, which is why Wall Street prefers F's to GPU's. Just not enough killer apps.
And packet inspection is a good fit for F's [FPGA's] by their very nature, DDoS's are squirrely and ASICs get stale, you need to reprogram you F's on the fly to catch that attack in-progress. So to adapt to new attacks on the fly, or update based on new fashions of DDoS's, patch vulnerabilities, and plus they're harder to reverse-engineer than ASICs, they're strong against that, good crypto to protect the bitstreams that define them. Basically built for that. ASICs on the other hand, can just have the lid scraped, take a photo, done. (Though to some extent they do put functionality on memory that gets lost if the chip is turned off during abduction, that can be done, the line between F's and ASICs is not truly that sharp).
A lot of DDoS's are done by state-sponsored or -affiliated or -harbored adversaries, capturing the ASIC that stops the DDoS is a real thing. Reverse engineering usually happens in another country, another jurisdiction. Under smiling eyes, blind eyes, can't get the police to go there, can't get extradition, maybe sue, maybe get them punished within the country that harbors them.[1]
[1] I read in China there was a Chinese man who traveled to New Zealand and murdered somebody, I think a woman. But he would not be extradited. Instead, the New Zealanders presented their evidence in Chinese court, which found it had merit and credibility enough to imprison the murder, within China, so he paid for his crimes fully. All without extraditing one of their own.
1 reply →
The RFC number is less interesting then the ASN; he has a low ASN, which is for backbone nerds a little like getting a very short domain name; the short ones are long since exhausted, so it's like an O.G. indicator.
(An ASN is a BGP4 network number; think of it as an address in the backbone routing network.)
RFCs are Requests for Comments, which are what are considered potential standards in the technical world: https://en.wikipedia.org/wiki/Request_for_Comments
Here's this one:
https://www.rfc-editor.org/rfc/rfc5575.html