Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1997
  • Last Modified:

How to know public ip

I would like to deny the access to www.youtube.com from inside my company by doing an access list on my pix, I need to know the public ip or range ips with the subnetmask of www.youtube.com, I don't know where and how can I find them!!!

Any help will be appreciated!

Thank you
0
arefone
Asked:
arefone
  • 4
  • 3
  • 2
  • +1
1 Solution
 
usachrisk1983Commented:
From a Windows Computer, you can use NSLOOKUP to see what public IPs are configured to respond to a name.  Go to a command prompt and enter:

NSLOOKUP

When you get to a > prompt, type the domain:

YOUTUBE.COM

It will respond with:

208.65.153.238, 208.117.236.69

And now you have the addresses to block.  Note that some servers may host multiple sites, so in some cases you might be blocking more than one site by blocking access to the box.  If this is a concern, a content filtering appliance might be a better solution for you.
0
 
Kieran_BurnsCommented:
Alternatively set up a DNS zone called youtube.com on your primary DNS Server and point a wildcard A record to your Internally hosted Web-site
0
 
arefoneAuthor Commented:
Pardon Kieran, I did not understand your hint, can you explain more?
Usachrisk1983> I would like to do some thing like this>
access-list inside_to_outside line 1 deny ip any 69.63.176.0 255.255.240.0
This one I used it for facebook, and it is working very good, so I need to know the subnetnumber and subnetmask of the sites I am inteded to block!!!
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Kieran_BurnsCommented:
It's just an alternate suggestion you could use:
on your DNS Server, add a forward lookup zone and call it youtube.com
add a A host record called * and give it an IP address of some internal Web site (or just 127.0.0.1)
Whenever anyone tries to go to ANY site to do with youtube they will end up where you want them to go.
Ideally though you would be better of just investing in some Web filtering software, but this is a free way of stopping them.
0
 
arefoneAuthor Commented:
I don't have an internal dns server, I simply use the dns of my ISP???!!!!!
0
 
Kieran_BurnsCommented:
In which case I'll gracefully bow out :-)
0
 
arefoneAuthor Commented:
:-)
0
 
ngravattCommented:
the problem with a big company like youtube is that the IP addresses may change also.

you will need to do a whois on the youtube.com domain and see what IP address range they own.

do an nslookup on youtube.com, then do a whois on that IP address.  Here is what I got:

Whois RecordOrgName:    YouTube, Inc.
OrgID:      YOUTU
Address:    71 E Third Ave
Address:    2nd Floor
City:       San Mateo
StateProv:  CA
PostalCode: 94401
Country:    US

NetRange:   208.117.224.0 - 208.117.255.255
CIDR:       208.117.224.0/19


so, you will need to create an access rule that prevents access to to 208.117.224.0/19 on port 80
0
 
arefoneAuthor Commented:
Ngravatt> Your search is great, because I see that there is the netRange also, how do you found these info??? on which whois site?
0
 
ngravattCommented:
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now