Solved

Ip Address List

Posted on 2010-09-03
8
602 Views
Last Modified: 2012-05-10
Is there a list of who owns class a address. I want to block all address outside of the US. My router has a firewall which I have been adding rules to block addresss from forgien countrys. But I like to add rules for a complete class a. For instance it looks like 220.0.0.0 to 220.255.255.255 is mostly in asia. Is they a list anywhere that says 220 is asia or 209 is us.
Thanks
0
Comment
Question by:whiwex
8 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
There are country lists but I don't know of any continent lists. There are also webservices freely available that you can send an ip to and they return the country.
0
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
you can try to scan ip address using the site below.

http://software77.net/geo-ip/multi-lookup/

you can scan multiple ip address, just place them simultaneously.

hope this helps :-)

address-list.JPG
0
 
LVL 9

Expert Comment

by:ffleisma
Comment Utility
same site, link is below, you can scan by country

http://software77.net/geo-ip/

hope this helps :-)
search-by-country.JPG
0
 
LVL 2

Accepted Solution

by:
fs40490 earned 500 total points
Comment Utility
You can check out this site:

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

I believe that this list will narrow your search.  For example:  the Asia region is assigned by APNIC, but this also includes Australia.  

This site helps identify who assigns IP blocks for the region:

https://www.arin.net/knowledge/rirs/ARINcountries.html
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Expert Comment

by:sayed_maher
Comment Utility
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
>I want to block all address outside of the US

That is going to be a very large list!

Your policy/access-list will be about 89,000 plus lines. The U.S list is only about 39,000 plus lines. You will also find that reading a configuration file will be a in PIA. You are better of with an IDS that also has the capabilities of an IPS and then add the networks dynamically based on unwanted traffic.

A U.S based ACL list that permits will be about 2.1MB
To block all addresses outside of the us, the ACL will be about 6.3MB

So ensure you have enough space in RAM and flash.

Here is a Cisco ACL for all U.S IP addresses

http://64.78.150.173/us-subnets-acl

I also have include the U.S List with just the prefix and subnet mask if you have a different router so that you can create the policy yourself.

Billy


US-Subnets--Netmask.txt
0
 
LVL 6

Expert Comment

by:wpharaon
Comment Utility
It is not organised as we would all like it to be.
the 220.x.x.x subnet is not subnetted as 220.0.0.0/8 to a single country
instead you will find lot of countries using subnetted addresses

by far i beleive: http://www.countryipblocks.net/country-blocks/select-formats/
is the best option. (allow the addresses you want and block everyone else)
but be ready for some gap by not updating the ACL
some ISPs may use additional subnets which are not included in your country ACL so be ready for loosing some of your desired traffic
0
 
LVL 17

Expert Comment

by:surbabu140977
Comment Utility
In a single liner, what u r looking for is not possible. If u choose to implement what u r looking for (by some means), ur fw will refuse to run with that amount of acl.

People here already explained that ip distribution for countries are not class specific.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now