Solved

How to know public ip

Posted on 2009-05-06
10
1,986 Views
Last Modified: 2013-11-16
I would like to deny the access to www.youtube.com from inside my company by doing an access list on my pix, I need to know the public ip or range ips with the subnetmask of www.youtube.com, I don't know where and how can I find them!!!

Any help will be appreciated!

Thank you
0
Comment
Question by:arefone
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 24313422
From a Windows Computer, you can use NSLOOKUP to see what public IPs are configured to respond to a name.  Go to a command prompt and enter:

NSLOOKUP

When you get to a > prompt, type the domain:

YOUTUBE.COM

It will respond with:

208.65.153.238, 208.117.236.69

And now you have the addresses to block.  Note that some servers may host multiple sites, so in some cases you might be blocking more than one site by blocking access to the box.  If this is a concern, a content filtering appliance might be a better solution for you.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24313427
Alternatively set up a DNS zone called youtube.com on your primary DNS Server and point a wildcard A record to your Internally hosted Web-site
0
 
LVL 1

Author Comment

by:arefone
ID: 24313515
Pardon Kieran, I did not understand your hint, can you explain more?
Usachrisk1983> I would like to do some thing like this>
access-list inside_to_outside line 1 deny ip any 69.63.176.0 255.255.240.0
This one I used it for facebook, and it is working very good, so I need to know the subnetnumber and subnetmask of the sites I am inteded to block!!!
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314184
It's just an alternate suggestion you could use:
on your DNS Server, add a forward lookup zone and call it youtube.com
add a A host record called * and give it an IP address of some internal Web site (or just 127.0.0.1)
Whenever anyone tries to go to ANY site to do with youtube they will end up where you want them to go.
Ideally though you would be better of just investing in some Web filtering software, but this is a free way of stopping them.
0
 
LVL 1

Author Comment

by:arefone
ID: 24314222
I don't have an internal dns server, I simply use the dns of my ISP???!!!!!
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314251
In which case I'll gracefully bow out :-)
0
 
LVL 1

Author Comment

by:arefone
ID: 24314258
:-)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 24315982
the problem with a big company like youtube is that the IP addresses may change also.

you will need to do a whois on the youtube.com domain and see what IP address range they own.

do an nslookup on youtube.com, then do a whois on that IP address.  Here is what I got:

Whois RecordOrgName:    YouTube, Inc.
OrgID:      YOUTU
Address:    71 E Third Ave
Address:    2nd Floor
City:       San Mateo
StateProv:  CA
PostalCode: 94401
Country:    US

NetRange:   208.117.224.0 - 208.117.255.255
CIDR:       208.117.224.0/19


so, you will need to create an access rule that prevents access to to 208.117.224.0/19 on port 80
0
 
LVL 1

Author Comment

by:arefone
ID: 24316092
Ngravatt> Your search is great, because I see that there is the netRange also, how do you found these info??? on which whois site?
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 250 total points
ID: 24316121
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now