Link to home
Start Free TrialLog in
Avatar of whiwex
whiwex

asked on

Ip Address List

Is there a list of who owns class a address. I want to block all address outside of the US. My router has a firewall which I have been adding rules to block addresss from forgien countrys. But I like to add rules for a complete class a. For instance it looks like 220.0.0.0 to 220.255.255.255 is mostly in asia. Is they a list anywhere that says 220 is asia or 209 is us.
Thanks
Avatar of Aaron Tomosky
Aaron Tomosky
Flag of United States of America image

There are country lists but I don't know of any continent lists. There are also webservices freely available that you can send an ip to and they return the country.
you can try to scan ip address using the site below.

http://software77.net/geo-ip/multi-lookup/

you can scan multiple ip address, just place them simultaneously.

hope this helps :-)

address-list.JPG
same site, link is below, you can scan by country

http://software77.net/geo-ip/

hope this helps :-)
search-by-country.JPG
ASKER CERTIFIED SOLUTION
Avatar of fs40490
fs40490
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sayed_maher
sayed_maher

>I want to block all address outside of the US

That is going to be a very large list!

Your policy/access-list will be about 89,000 plus lines. The U.S list is only about 39,000 plus lines. You will also find that reading a configuration file will be a in PIA. You are better of with an IDS that also has the capabilities of an IPS and then add the networks dynamically based on unwanted traffic.

A U.S based ACL list that permits will be about 2.1MB
To block all addresses outside of the us, the ACL will be about 6.3MB

So ensure you have enough space in RAM and flash.

Here is a Cisco ACL for all U.S IP addresses

http://64.78.150.173/us-subnets-acl

I also have include the U.S List with just the prefix and subnet mask if you have a different router so that you can create the policy yourself.

Billy


US-Subnets--Netmask.txt
It is not organised as we would all like it to be.
the 220.x.x.x subnet is not subnetted as 220.0.0.0/8 to a single country
instead you will find lot of countries using subnetted addresses

by far i beleive: http://www.countryipblocks.net/country-blocks/select-formats/
is the best option. (allow the addresses you want and block everyone else)
but be ready for some gap by not updating the ACL
some ISPs may use additional subnets which are not included in your country ACL so be ready for loosing some of your desired traffic
In a single liner, what u r looking for is not possible. If u choose to implement what u r looking for (by some means), ur fw will refuse to run with that amount of acl.

People here already explained that ip distribution for countries are not class specific.