How to get all subnet's of an ISP?

**pocar** · 09-11-2005, 06:46 PM

I would like to block some ports (like ssh - 22) for all IP's that don't come from some local ISP networks.

Now I have a problem how to get all ISP's subnetworks? I have some out-dated list of subnetworks, but I would like to update them autmatically.

That should be done someway with 'whois' or 'dig' utility.
I can't find anything useful on internet or ripe.net site (which is quite confusing).

Has anyone already done that?

**Hayl** · 09-11-2005, 07:14 PM

the normal way to do this is to block everything _except_ the ones you want to allow.

**pocar** · 09-12-2005, 05:32 AM

Hayl: I know how should I block.

The problem is what are all the subnets of some certain ISP.
I would like to block certain ports to some local ISP around my server. Beacuse some of these ISPs are quite small and their subnets get changed over time (changed completly or new added), would be nice if I could update those IP subnets automatically with some scripts.
I am able to search for those subnets at ripe.net whois database on their website, but I don't know how to retrieve that numbers automatically.

Clear enough what I want?

**plainzwalker** · 09-12-2005, 08:25 AM

Did you try asking the ISP(s) for a list? If you explain what your trying to do, maybe since they are smaller ISPs they wouldn't mind as much giving you a list of subnets or ip ranges.

**soulestream** · 09-12-2005, 11:53 AM

So your ISP serves 40,000 people you are opening up your port 22 to 40,000 users. If you are going to do that, you might as well have it open it to 400,000. Also if you want to access your pc from a computer from another ISP (which happens a lot) you couldn't.

Hayl's way is the common way because its secure, only allows IPs you want, and works from anywhere.

you could have a script on remote machine that gets IP address and sends it to your PC, then you could update that way. But no reason to open it to all subnets.

soule

**flashingcurser** · 09-13-2005, 02:13 PM

Maybe his is trying to thwart a certain cracker on who uses a certain ISP and uses dynamic addressing.

This could be intersesting.. C'mon guys lets get creative!

Thanks

dan

**Modorf** · 09-13-2005, 03:18 PM

what about a script that looks for failed ssh attempts and then blocks those IPs, if not forever, at least for a short time.

I use a simular script for black listing cmd.exe attacks on my box. I have the PHP script grab the source IP and then adds that ip to the iptables rule. It seems to cut down on the code-red and windows buffer overflow attempts I get.

hope that idea helps.

**hlrguy** · 09-13-2005, 04:49 PM

http://www.whois.sc/

Enter any IP address owned of the ISP, will show the block owned by them.

hlrguy

Thread: How to get all subnet's of an ISP?

Thread Tools

Display

How to get all subnet's of an ISP?

Posting Permissions