Solved

Ip Address List

Posted on 2010-09-03
8
617 Views
Last Modified: 2012-05-10
Is there a list of who owns class a address. I want to block all address outside of the US. My router has a firewall which I have been adding rules to block addresss from forgien countrys. But I like to add rules for a complete class a. For instance it looks like 220.0.0.0 to 220.255.255.255 is mostly in asia. Is they a list anywhere that says 220 is asia or 209 is us.
Thanks
0
Comment
Question by:whiwex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 33601936
There are country lists but I don't know of any continent lists. There are also webservices freely available that you can send an ip to and they return the country.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33602071
you can try to scan ip address using the site below.

http://software77.net/geo-ip/multi-lookup/

you can scan multiple ip address, just place them simultaneously.

hope this helps :-)

address-list.JPG
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33602082
same site, link is below, you can scan by country

http://software77.net/geo-ip/

hope this helps :-)
search-by-country.JPG
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 2

Accepted Solution

by:
fs40490 earned 500 total points
ID: 33602122
You can check out this site:

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

I believe that this list will narrow your search.  For example:  the Asia region is assigned by APNIC, but this also includes Australia.  

This site helps identify who assigns IP blocks for the region:

https://www.arin.net/knowledge/rirs/ARINcountries.html
0
 
LVL 3

Expert Comment

by:sayed_maher
ID: 33602271
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33603495
>I want to block all address outside of the US

That is going to be a very large list!

Your policy/access-list will be about 89,000 plus lines. The U.S list is only about 39,000 plus lines. You will also find that reading a configuration file will be a in PIA. You are better of with an IDS that also has the capabilities of an IPS and then add the networks dynamically based on unwanted traffic.

A U.S based ACL list that permits will be about 2.1MB
To block all addresses outside of the us, the ACL will be about 6.3MB

So ensure you have enough space in RAM and flash.

Here is a Cisco ACL for all U.S IP addresses

http://64.78.150.173/us-subnets-acl

I also have include the U.S List with just the prefix and subnet mask if you have a different router so that you can create the policy yourself.

Billy


US-Subnets--Netmask.txt
0
 
LVL 6

Expert Comment

by:wpharaon
ID: 33605891
It is not organised as we would all like it to be.
the 220.x.x.x subnet is not subnetted as 220.0.0.0/8 to a single country
instead you will find lot of countries using subnetted addresses

by far i beleive: http://www.countryipblocks.net/country-blocks/select-formats/
is the best option. (allow the addresses you want and block everyone else)
but be ready for some gap by not updating the ACL
some ISPs may use additional subnets which are not included in your country ACL so be ready for loosing some of your desired traffic
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 33610139
In a single liner, what u r looking for is not possible. If u choose to implement what u r looking for (by some means), ur fw will refuse to run with that amount of acl.

People here already explained that ip distribution for countries are not class specific.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Clarification about access via WAN 6 52
Site cannot be reached ONLY when connected to modem 18 53
VPN - Site to Site  not decapsulating (ASA-Sophos XG85) 1 28
wifi security 11 37
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question