Solved

How to know public ip

Posted on 2009-05-06
10
1,987 Views
Last Modified: 2013-11-16
I would like to deny the access to www.youtube.com from inside my company by doing an access list on my pix, I need to know the public ip or range ips with the subnetmask of www.youtube.com, I don't know where and how can I find them!!!

Any help will be appreciated!

Thank you
0
Comment
Question by:arefone
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 24313422
From a Windows Computer, you can use NSLOOKUP to see what public IPs are configured to respond to a name.  Go to a command prompt and enter:

NSLOOKUP

When you get to a > prompt, type the domain:

YOUTUBE.COM

It will respond with:

208.65.153.238, 208.117.236.69

And now you have the addresses to block.  Note that some servers may host multiple sites, so in some cases you might be blocking more than one site by blocking access to the box.  If this is a concern, a content filtering appliance might be a better solution for you.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24313427
Alternatively set up a DNS zone called youtube.com on your primary DNS Server and point a wildcard A record to your Internally hosted Web-site
0
 
LVL 1

Author Comment

by:arefone
ID: 24313515
Pardon Kieran, I did not understand your hint, can you explain more?
Usachrisk1983> I would like to do some thing like this>
access-list inside_to_outside line 1 deny ip any 69.63.176.0 255.255.240.0
This one I used it for facebook, and it is working very good, so I need to know the subnetnumber and subnetmask of the sites I am inteded to block!!!
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314184
It's just an alternate suggestion you could use:
on your DNS Server, add a forward lookup zone and call it youtube.com
add a A host record called * and give it an IP address of some internal Web site (or just 127.0.0.1)
Whenever anyone tries to go to ANY site to do with youtube they will end up where you want them to go.
Ideally though you would be better of just investing in some Web filtering software, but this is a free way of stopping them.
0
 
LVL 1

Author Comment

by:arefone
ID: 24314222
I don't have an internal dns server, I simply use the dns of my ISP???!!!!!
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314251
In which case I'll gracefully bow out :-)
0
 
LVL 1

Author Comment

by:arefone
ID: 24314258
:-)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 24315982
the problem with a big company like youtube is that the IP addresses may change also.

you will need to do a whois on the youtube.com domain and see what IP address range they own.

do an nslookup on youtube.com, then do a whois on that IP address.  Here is what I got:

Whois RecordOrgName:    YouTube, Inc.
OrgID:      YOUTU
Address:    71 E Third Ave
Address:    2nd Floor
City:       San Mateo
StateProv:  CA
PostalCode: 94401
Country:    US

NetRange:   208.117.224.0 - 208.117.255.255
CIDR:       208.117.224.0/19


so, you will need to create an access rule that prevents access to to 208.117.224.0/19 on port 80
0
 
LVL 1

Author Comment

by:arefone
ID: 24316092
Ngravatt> Your search is great, because I see that there is the netRange also, how do you found these info??? on which whois site?
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 250 total points
ID: 24316121
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now