Solved

How to know public ip

Posted on 2009-05-06
10
1,991 Views
Last Modified: 2013-11-16
I would like to deny the access to www.youtube.com from inside my company by doing an access list on my pix, I need to know the public ip or range ips with the subnetmask of www.youtube.com, I don't know where and how can I find them!!!

Any help will be appreciated!

Thank you
0
Comment
Question by:arefone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 24313422
From a Windows Computer, you can use NSLOOKUP to see what public IPs are configured to respond to a name.  Go to a command prompt and enter:

NSLOOKUP

When you get to a > prompt, type the domain:

YOUTUBE.COM

It will respond with:

208.65.153.238, 208.117.236.69

And now you have the addresses to block.  Note that some servers may host multiple sites, so in some cases you might be blocking more than one site by blocking access to the box.  If this is a concern, a content filtering appliance might be a better solution for you.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24313427
Alternatively set up a DNS zone called youtube.com on your primary DNS Server and point a wildcard A record to your Internally hosted Web-site
0
 
LVL 1

Author Comment

by:arefone
ID: 24313515
Pardon Kieran, I did not understand your hint, can you explain more?
Usachrisk1983> I would like to do some thing like this>
access-list inside_to_outside line 1 deny ip any 69.63.176.0 255.255.240.0
This one I used it for facebook, and it is working very good, so I need to know the subnetnumber and subnetmask of the sites I am inteded to block!!!
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314184
It's just an alternate suggestion you could use:
on your DNS Server, add a forward lookup zone and call it youtube.com
add a A host record called * and give it an IP address of some internal Web site (or just 127.0.0.1)
Whenever anyone tries to go to ANY site to do with youtube they will end up where you want them to go.
Ideally though you would be better of just investing in some Web filtering software, but this is a free way of stopping them.
0
 
LVL 1

Author Comment

by:arefone
ID: 24314222
I don't have an internal dns server, I simply use the dns of my ISP???!!!!!
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314251
In which case I'll gracefully bow out :-)
0
 
LVL 1

Author Comment

by:arefone
ID: 24314258
:-)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 24315982
the problem with a big company like youtube is that the IP addresses may change also.

you will need to do a whois on the youtube.com domain and see what IP address range they own.

do an nslookup on youtube.com, then do a whois on that IP address.  Here is what I got:

Whois RecordOrgName:    YouTube, Inc.
OrgID:      YOUTU
Address:    71 E Third Ave
Address:    2nd Floor
City:       San Mateo
StateProv:  CA
PostalCode: 94401
Country:    US

NetRange:   208.117.224.0 - 208.117.255.255
CIDR:       208.117.224.0/19


so, you will need to create an access rule that prevents access to to 208.117.224.0/19 on port 80
0
 
LVL 1

Author Comment

by:arefone
ID: 24316092
Ngravatt> Your search is great, because I see that there is the netRange also, how do you found these info??? on which whois site?
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 250 total points
ID: 24316121
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question