This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way for mass CIDR blocks.

This question is for anyone, but I think it was Barry who mentioned this before.

I am blocking a huge number of CIDR address with Banish in IPCop. Someone, again I think Barry, said there was a better way to block all of these addresses.

Can someone please tell me what thay way is, and how to do it!?

I am blocking all of China, Russia, Brazil, and a dozen other countries. Over a MILLION IP's! I would like to roll this over to the astaro.

If anyone wants the full CIDR list, just let me know. I keep it in Excel for easy export. It is in Banish format but can be exported with just the CIDR's.

Thanks!

This thread was automatically locked due to age.

Parents

0 BarryG over 16 years ago

You can create "supernets" of adjacent networks, which reduces the number of CIDRs.

e.g.
8.0.0.0/8
+
9.0.0.0/8
=
8.0.0.0/7

It's harder to do it by country than it is to do by region/Registry, as the allocations are so fragmented. e.g. If you want to block all of Latin America, you can get the blocks assigned to LACNIC.
This isn't as easy as it sounds though...
I wanted to block email from Asia (spam), but Australia is part of APNIC.
We wanted to block fraudsters on our website from Africa, but AfriNIC is new and much of Africa is on RIPE or on US (Arin) satellite networks.

Anyways, several years ago, I blocked of much of the world from spamming us with only about 2 dozen CIDR defs.

Sources and references:
IP Country database at LUDOST.NET
http://www.iana.org/assignments/ipv4-address-space/
Slashdot | Blocking a Nation's IP Space
Okean - Spam Intro
Bad IP addresses (BBL) (out of date?)
http://www.cymru.com/Documents/bogon-bn-agg.txt (reserved or non-public networks)
The Team Cymru Bogon List v4.7 31 JAN 2009

edit: some of the above are out of date; ftp://ftp.arin.net/pub/stats/ has up-to-date allocation info, but apparently only by ASN #.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Coder68 over 15 years ago in reply to BarryG

I know two continuous lines like 77/8 and 78/8 can be done as 77/7... but what about a huge block like this? Do I go down one (/6) for three lines and then /5 for four?  What is the fewest number of lines that will cover this entire range? I take it this works just like subnetting, but in the other direction.

077/8   RIPE NCC
078/8   RIPE NCC
079/8   RIPE NCC
080/8   RIPE NCC
081/8   RIPE NCC
082/8   RIPE NCC
083/8   RIPE NCC
084/8   RIPE NCC
085/8   RIPE NCC
086/8   RIPE NCC
087/8   RIPE NCC
088/8   RIPE NCC
089/8   RIPE NCC
090/8   RIPE NCC
091/8   RIPE NCC
092/8   RIPE NCC
093/8   RIPE NCC
094/8   RIPE NCC
095/8   RIPE NCC

Thanks,

C68
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Coder68 over 15 years ago in reply to BarryG

I know two continuous lines like 77/8 and 78/8 can be done as 77/7... but what about a huge block like this? Do I go down one (/6) for three lines and then /5 for four?  What is the fewest number of lines that will cover this entire range? I take it this works just like subnetting, but in the other direction.

077/8   RIPE NCC
078/8   RIPE NCC
079/8   RIPE NCC
080/8   RIPE NCC
081/8   RIPE NCC
082/8   RIPE NCC
083/8   RIPE NCC
084/8   RIPE NCC
085/8   RIPE NCC
086/8   RIPE NCC
087/8   RIPE NCC
088/8   RIPE NCC
089/8   RIPE NCC
090/8   RIPE NCC
091/8   RIPE NCC
092/8   RIPE NCC
093/8   RIPE NCC
094/8   RIPE NCC
095/8   RIPE NCC

Thanks,

C68
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data