• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 632
  • Last Modified:

Ip Address List

Is there a list of who owns class a address. I want to block all address outside of the US. My router has a firewall which I have been adding rules to block addresss from forgien countrys. But I like to add rules for a complete class a. For instance it looks like 220.0.0.0 to 220.255.255.255 is mostly in asia. Is they a list anywhere that says 220 is asia or 209 is us.
Thanks
0
whiwex
Asked:
whiwex
1 Solution
 
Aaron TomoskyTechnology ConsultantCommented:
There are country lists but I don't know of any continent lists. There are also webservices freely available that you can send an ip to and they return the country.
0
 
ffleismaCommented:
you can try to scan ip address using the site below.

http://software77.net/geo-ip/multi-lookup/

you can scan multiple ip address, just place them simultaneously.

hope this helps :-)

address-list.JPG
0
 
ffleismaCommented:
same site, link is below, you can scan by country

http://software77.net/geo-ip/

hope this helps :-)
search-by-country.JPG
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
fs40490Commented:
You can check out this site:

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

I believe that this list will narrow your search.  For example:  the Asia region is assigned by APNIC, but this also includes Australia.  

This site helps identify who assigns IP blocks for the region:

https://www.arin.net/knowledge/rirs/ARINcountries.html
0
 
sayed_maherCommented:
0
 
rfc1180Commented:
>I want to block all address outside of the US

That is going to be a very large list!

Your policy/access-list will be about 89,000 plus lines. The U.S list is only about 39,000 plus lines. You will also find that reading a configuration file will be a in PIA. You are better of with an IDS that also has the capabilities of an IPS and then add the networks dynamically based on unwanted traffic.

A U.S based ACL list that permits will be about 2.1MB
To block all addresses outside of the us, the ACL will be about 6.3MB

So ensure you have enough space in RAM and flash.

Here is a Cisco ACL for all U.S IP addresses

http://64.78.150.173/us-subnets-acl

I also have include the U.S List with just the prefix and subnet mask if you have a different router so that you can create the policy yourself.

Billy


US-Subnets--Netmask.txt
0
 
WissamSenior Network EngineerCommented:
It is not organised as we would all like it to be.
the 220.x.x.x subnet is not subnetted as 220.0.0.0/8 to a single country
instead you will find lot of countries using subnetted addresses

by far i beleive: http://www.countryipblocks.net/country-blocks/select-formats/
is the best option. (allow the addresses you want and block everyone else)
but be ready for some gap by not updating the ACL
some ISPs may use additional subnets which are not included in your country ACL so be ready for loosing some of your desired traffic
0
 
surbabu140977Commented:
In a single liner, what u r looking for is not possible. If u choose to implement what u r looking for (by some means), ur fw will refuse to run with that amount of acl.

People here already explained that ip distribution for countries are not class specific.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now