RE: Country based IPs
From: Matthew F. Caldwell (mattc_at_guarded.net)
Date: 10/03/03
- Previous message: Hitesh Patel: "SSL Reverse proxy in apache 2.0"
- Maybe in reply to: jbod: "Country based IPs"
- Next in thread: Meritt James: "Re: Country based IPs"
- Reply: Meritt James: "Re: Country based IPs"
- Reply: Meritt James: "Re: Country based IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Oct 2003 10:23:24 -0400 To: "Meritt James" <meritt_james@bah.com>
Jim,
Domain name servers have nothing to do with who owns the IP
address blocks and DNS generally has a set of problems (spoofing etc).
Generally ISP's, Corporations and Government Organizations own blocks of
IP addresses. The IP addresses are assigned for organizations use only,
which helps people track back the origin of attacks.
For example:
Your mail server IP address is 156.80.3.61
A DNS lookup would revel that it's dns name is:
61.3.80.156.in-addr.arpa name = mclean-vscan1.bah.com.
HOWEVER a WHOIS look would give you the following information:
<ip_address>
156.80.3.61</ip_address>
<asname>BAH-NET</asname>
<domain></domain>
<block_range>
<block_start>156.80.0.0</block_start>
<block_end>156.80.255.255</block_end>
</block_range>
<location>
<city>MC LEAN</city>
<state>VA</state>
<country>US</country><coordinates>
<granular>City</granular>
<latitude>38.953033</latitude>
<longitude>-77.229</longitude>
</coordinates>
</location>
<whois>
Query: 156.80.82.5
Registry: whois.arin.net
OrgName: Booz, Allen, and Hamilton
OrgID: BAH-2
Address: 8283 Greensboro Dr
City: McLean
StateProv: VA
PostalCode: 22102
Country: US
NetRange: 156.80.0.0 - 156.80.255.255
CIDR: 156.80.0.0/16
NetName: BAH-NET
NetHandle: NET-156-80-0-0-1
Parent: NET-156-0-0-0-0
NetType: Direct Assignment
NameServer: EXTSER-1.BAH.COM
NameServer: EXTSER-2.BAH.COM
Comment:
RegDate: 1992-12-10
Updated: 2000-12-15
TechHandle: AHB1-ARIN
TechName: Booz, Allen & Hamilton
TechPhone: +1-703-377-0887
TechEmail: internet@bah.com
# ARIN WHOIS database, last updated 2003-04-16 20:10
# Enter ? for additional hints on searching ARIN\'s WHOIS database.
</whois>
</netblock>focus.com
Large Difference.
>>
Subject: Re: Country based IPs
We did it that way in the "good old days" to generate out hosts files,
but that rapidly became unworkable due to the number of IPs and that
lead to the introduction of name servers...
I would recommend against taking a great step backwards if at all
possible...
Jim
"Matthew F. Caldwell" wrote:
>
> Dale and Jbod,
>
> If you want a database download you can request it from ARIN,
> it's a difficult to parse format (to prevent spammers). HERE is the
form
> have fun!
>
> http://www.arin.net/library/agreements/bulkwhois.pdf
>
> As part of our product neuSECURE, we maintain a database of all known
> netblocks from the sources ARIN, APNIC, RIPE, etc. The data is
refreshed
> on a regular basis. We use this data to allow better macro correlation
> in our product. You can create rules that specify if you see
something
> from a particular country,block,and ranges it can perform actions
> including block it at the firewall, email me, create a ticket etc.
>
> Matt
>
> Matthew F. Caldwell, CISSP
> Founder and Chief Security Officer
> GuardedNet, Inc.
>
> -----Original Message-----
> From: Dale Fay [mailto:dalef@merit.edu]
> Sent: Thursday, October 02, 2003 12:26 PM
> To: jbod
> Cc: security-basics@securityfocus.com
> Subject: Re: Country based IPs
>
> Such a list would be difficult to create and impossible to
> maintain. Netblocks are allocated from one of the four regional
> sources, ARIN, RIPE, APNIC and a new one in Latin America, based on
> the location of the requester, but could be used anywhere in the
world.
>
> On Wed, Oct 01, 2003 at 05:56:01PM -0700, jbod wrote:
> > Does anyone have a list or know where to obtain one
> > that shows IPs allocated based upon country - for the
> > purpose of blocking ALL access from all non-US
> > locations unless implicitly allowed.
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > The New Yahoo! Shopping - with improved product search
> > http://shopping.yahoo.com
> >
> >
>
------------------------------------------------------------------------
> ---
> >
>
------------------------------------------------------------------------
> ----
>
> --
>
> Dale Fay
> Merit Systeam/RADB
> www.merit.edu
> www.radb.net
>
>
------------------------------------------------------------------------
> ---
>
------------------------------------------------------------------------
> ----
>
>
------------------------------------------------------------------------
--- > ------------------------------------------------------------------------ ---- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Hitesh Patel: "SSL Reverse proxy in apache 2.0"
- Maybe in reply to: jbod: "Country based IPs"
- Next in thread: Meritt James: "Re: Country based IPs"
- Reply: Meritt James: "Re: Country based IPs"
- Reply: Meritt James: "Re: Country based IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
