Monday, 12 January 2015

ASkidban: ban VPN providers using Autonomous Systems data

If you are an operator of a FPS game server, it's likely that you often incur in this tiring routine.
Somebody cheats, and you need to determine the IP range to ban. You start by looking at the WHOIS data, and you immediately realize that they guy was connecting from some hosting provider, and either he lives in a datacenter or he was using a proxy, the second option being more likely. You rage because it would have been so nice to have this datacenter range banned, or even better the whole organization, as there is no good reason to use proxies in a low latency game such a FPS. However, it seems there is no public list of hosting providers (where VPNs/proxies are likely to be located) and their associated IP ranges, even though it would be relatively easy to compile one.

I decided to fill the gap with ASkidban. The name comes from a previous failed project of mine, kidban, which in turn is a reference to the fact that proxied cheaters in online FPS servers are likely to be lonely kids.

ASkidban is a tool written in Lua to help in the manual review of Autonomous Systems (AS) information, in order to tag them as sirs (good, such as an ADSL or cable TV provider) or kids (hosting provider, business IP transit services, etc). Working with AS numbers (ASN) is desirable because there is generally a direct correlation to the kind of business the AS runs, and it rarely changes significantly in time. The IP ranges associated to an ASN can be fetched from looking glass servers, which are inherently very accurate and up to date, much more than the WHOIS of an IP.

This is the list that I manage on my own (use at your own risk, this is WIP). As of now I'm banning close to 200 AS, for ~27 million IPs. Here is a sample of the organizations that are banned:

For more information, RTFM.