Solved

Ip Address List

Posted on 2010-09-03
8
612 Views
Last Modified: 2012-05-10
Is there a list of who owns class a address. I want to block all address outside of the US. My router has a firewall which I have been adding rules to block addresss from forgien countrys. But I like to add rules for a complete class a. For instance it looks like 220.0.0.0 to 220.255.255.255 is mostly in asia. Is they a list anywhere that says 220 is asia or 209 is us.
Thanks
0
Comment
Question by:whiwex
8 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 33601936
There are country lists but I don't know of any continent lists. There are also webservices freely available that you can send an ip to and they return the country.
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33602071
you can try to scan ip address using the site below.

http://software77.net/geo-ip/multi-lookup/

you can scan multiple ip address, just place them simultaneously.

hope this helps :-)

address-list.JPG
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33602082
same site, link is below, you can scan by country

http://software77.net/geo-ip/

hope this helps :-)
search-by-country.JPG
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Accepted Solution

by:
fs40490 earned 500 total points
ID: 33602122
You can check out this site:

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

I believe that this list will narrow your search.  For example:  the Asia region is assigned by APNIC, but this also includes Australia.  

This site helps identify who assigns IP blocks for the region:

https://www.arin.net/knowledge/rirs/ARINcountries.html
0
 
LVL 3

Expert Comment

by:sayed_maher
ID: 33602271
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33603495
>I want to block all address outside of the US

That is going to be a very large list!

Your policy/access-list will be about 89,000 plus lines. The U.S list is only about 39,000 plus lines. You will also find that reading a configuration file will be a in PIA. You are better of with an IDS that also has the capabilities of an IPS and then add the networks dynamically based on unwanted traffic.

A U.S based ACL list that permits will be about 2.1MB
To block all addresses outside of the us, the ACL will be about 6.3MB

So ensure you have enough space in RAM and flash.

Here is a Cisco ACL for all U.S IP addresses

http://64.78.150.173/us-subnets-acl

I also have include the U.S List with just the prefix and subnet mask if you have a different router so that you can create the policy yourself.

Billy


US-Subnets--Netmask.txt
0
 
LVL 6

Expert Comment

by:wpharaon
ID: 33605891
It is not organised as we would all like it to be.
the 220.x.x.x subnet is not subnetted as 220.0.0.0/8 to a single country
instead you will find lot of countries using subnetted addresses

by far i beleive: http://www.countryipblocks.net/country-blocks/select-formats/
is the best option. (allow the addresses you want and block everyone else)
but be ready for some gap by not updating the ACL
some ISPs may use additional subnets which are not included in your country ACL so be ready for loosing some of your desired traffic
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 33610139
In a single liner, what u r looking for is not possible. If u choose to implement what u r looking for (by some means), ur fw will refuse to run with that amount of acl.

People here already explained that ip distribution for countries are not class specific.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASE reports it as spam 2 340
slow vpn connection 9 66
DHCP Server 14 88
VPN tunnel between Watchguard and OpenVPN? 1 36
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question