ASN Reputation Tracking. The good, the bad, and the ugly.

ASN traffic analysisASN reputation tracking

Examining traffic from ASN routed IP ranges, it becomes relatively clear which ASN's do little to nothing to prevent Internet abuse. Some of these ASN's have surfaced as bona fide security companies and governments, even 'reputable' big tech is guilty of conduct unbecoming.

The data as shown below is a 30 day look back rolling window of all inbound Internet traffic received at this site to date. Only the first 50 of each type are shown. A very interesting pattern appears when you look at the three queries done on the dataset. First all ASN's that only have bad and dangerous IP traffic, the second are ASN's that have no bad IP traffic at all, and the third is a where the amount of 'good' traffic is higher than 'bad' traffic.

Bad reputation ASN report

These ASN network addresses are ideal candidates for firewall DROP (Do not Route Or Peer) lists. The live BAD ASN list as seen below, the amount of bad IP traffic compared to allowed and legitimate IP traffic which in this case is zero. This list shows network ranges that only have bad traffic.

NOTE: This data also includes ASN reputation banning. This means that if a certain amount of constant bad IP traffic is received by a defined number of IP addresses within the ASN range within a certain period of time. Then all IP traffic from all addresses of said ASN will will be blocked for a defined period of time.

Good reputation ASN report

The live GOOD ASN list as seen below, the amount of good IP traffic compared to unfriendly IP traffic which in this case must be zero. This list shows network ranges that only have bad traffic.

Poor reputation ASN report

The live OK, MAYBE ASN list as seen below, the amount of good IP traffic that is larger than IP traffic aimed at ports and services clearly indicating malicious or sniffing activity. This list shows network ranges that have good and bad traffic.