Solved

How to know public ip

Posted on 2009-05-06
10
1,989 Views
Last Modified: 2013-11-16
I would like to deny the access to www.youtube.com from inside my company by doing an access list on my pix, I need to know the public ip or range ips with the subnetmask of www.youtube.com, I don't know where and how can I find them!!!

Any help will be appreciated!

Thank you
0
Comment
Question by:arefone
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 13

Expert Comment

by:usachrisk1983
ID: 24313422
From a Windows Computer, you can use NSLOOKUP to see what public IPs are configured to respond to a name.  Go to a command prompt and enter:

NSLOOKUP

When you get to a > prompt, type the domain:

YOUTUBE.COM

It will respond with:

208.65.153.238, 208.117.236.69

And now you have the addresses to block.  Note that some servers may host multiple sites, so in some cases you might be blocking more than one site by blocking access to the box.  If this is a concern, a content filtering appliance might be a better solution for you.
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24313427
Alternatively set up a DNS zone called youtube.com on your primary DNS Server and point a wildcard A record to your Internally hosted Web-site
0
 
LVL 1

Author Comment

by:arefone
ID: 24313515
Pardon Kieran, I did not understand your hint, can you explain more?
Usachrisk1983> I would like to do some thing like this>
access-list inside_to_outside line 1 deny ip any 69.63.176.0 255.255.240.0
This one I used it for facebook, and it is working very good, so I need to know the subnetnumber and subnetmask of the sites I am inteded to block!!!
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314184
It's just an alternate suggestion you could use:
on your DNS Server, add a forward lookup zone and call it youtube.com
add a A host record called * and give it an IP address of some internal Web site (or just 127.0.0.1)
Whenever anyone tries to go to ANY site to do with youtube they will end up where you want them to go.
Ideally though you would be better of just investing in some Web filtering software, but this is a free way of stopping them.
0
 
LVL 1

Author Comment

by:arefone
ID: 24314222
I don't have an internal dns server, I simply use the dns of my ISP???!!!!!
0
 
LVL 10

Expert Comment

by:Kieran_Burns
ID: 24314251
In which case I'll gracefully bow out :-)
0
 
LVL 1

Author Comment

by:arefone
ID: 24314258
:-)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 24315982
the problem with a big company like youtube is that the IP addresses may change also.

you will need to do a whois on the youtube.com domain and see what IP address range they own.

do an nslookup on youtube.com, then do a whois on that IP address.  Here is what I got:

Whois RecordOrgName:    YouTube, Inc.
OrgID:      YOUTU
Address:    71 E Third Ave
Address:    2nd Floor
City:       San Mateo
StateProv:  CA
PostalCode: 94401
Country:    US

NetRange:   208.117.224.0 - 208.117.255.255
CIDR:       208.117.224.0/19


so, you will need to create an access rule that prevents access to to 208.117.224.0/19 on port 80
0
 
LVL 1

Author Comment

by:arefone
ID: 24316092
Ngravatt> Your search is great, because I see that there is the netRange also, how do you found these info??? on which whois site?
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 250 total points
ID: 24316121
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question