How to know public ip

Posted on 2009-05-06
Last Modified: 2013-11-16
I would like to deny the access to from inside my company by doing an access list on my pix, I need to know the public ip or range ips with the subnetmask of, I don't know where and how can I find them!!!

Any help will be appreciated!

Thank you
Question by:arefone
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
LVL 13

Expert Comment

ID: 24313422
From a Windows Computer, you can use NSLOOKUP to see what public IPs are configured to respond to a name.  Go to a command prompt and enter:


When you get to a > prompt, type the domain:


It will respond with:,

And now you have the addresses to block.  Note that some servers may host multiple sites, so in some cases you might be blocking more than one site by blocking access to the box.  If this is a concern, a content filtering appliance might be a better solution for you.
LVL 10

Expert Comment

ID: 24313427
Alternatively set up a DNS zone called on your primary DNS Server and point a wildcard A record to your Internally hosted Web-site

Author Comment

ID: 24313515
Pardon Kieran, I did not understand your hint, can you explain more?
Usachrisk1983> I would like to do some thing like this>
access-list inside_to_outside line 1 deny ip any
This one I used it for facebook, and it is working very good, so I need to know the subnetnumber and subnetmask of the sites I am inteded to block!!!
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

LVL 10

Expert Comment

ID: 24314184
It's just an alternate suggestion you could use:
on your DNS Server, add a forward lookup zone and call it
add a A host record called * and give it an IP address of some internal Web site (or just
Whenever anyone tries to go to ANY site to do with youtube they will end up where you want them to go.
Ideally though you would be better of just investing in some Web filtering software, but this is a free way of stopping them.

Author Comment

ID: 24314222
I don't have an internal dns server, I simply use the dns of my ISP???!!!!!
LVL 10

Expert Comment

ID: 24314251
In which case I'll gracefully bow out :-)

Author Comment

ID: 24314258
LVL 10

Expert Comment

ID: 24315982
the problem with a big company like youtube is that the IP addresses may change also.

you will need to do a whois on the domain and see what IP address range they own.

do an nslookup on, then do a whois on that IP address.  Here is what I got:

Whois RecordOrgName:    YouTube, Inc.
OrgID:      YOUTU
Address:    71 E Third Ave
Address:    2nd Floor
City:       San Mateo
StateProv:  CA
PostalCode: 94401
Country:    US

NetRange: -

so, you will need to create an access rule that prevents access to to on port 80

Author Comment

ID: 24316092
Ngravatt> Your search is great, because I see that there is the netRange also, how do you found these info??? on which whois site?
LVL 10

Accepted Solution

ngravatt earned 250 total points
ID: 24316121

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question