Welcome to WebmasterWorld Guest from 3.227.3.146

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

Banning an IP range

what's the appropriate level?

     
8:48 am on Aug 13, 2004 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 30, 2003
posts:574
votes: 0


Sorry, don't know where the right area to post this is soo....
==============

If I want to ban some IP addresses to block particularily persistent hackers/unwanteds...what's the appropriate level?
without accidentally banning an entire region or isp or something?

Many people know how to just refresh their IP to get a new one quickly (just turn off and on your modem for example to have it generate a new dynamic IP).

So, we've been arguing back and forth about what range covers what...For example:

She says banning up to:
12.221.*.* is "small" enough a range ban that we won't be affecting many ppl (maybe even just the one person).

but I say we should ban no more than the last three numbers in the last range, 12.221.88.*** or else risk banning an entire ISP or large network or something.

Would incrementally banning individual numbers make a difference or does it go by the set of four "blocks"?

That is, is banning: 12.221.88.1** more exclusive than banning 12.221.88.12*? or 12.221.88.*** etc etc?

Can anyone clear up what the four sets of ranges coordinate to?

Thank you for any information...

ASIDE: Where can I find the information of what country is associated to what range (to track country traffic)?

9:11 am on Aug 13, 2004 (gmt 0)

New User

10+ Year Member

joined:July 28, 2004
posts:31
votes: 0


Hi,

Can anyone clear up what the four sets of ranges coordinate to?

There are certain easily-recognisable large IP ranges that you can instantly nail down to certain geographical areas and/or large networks. However, outside of the US this becomes more difficult. This is due to the way IP4 addresses were initially distributed before the Internet took off. Therefore the assignation of IP numbers to countries isn't totally sequential.

When you say 1.2.3.***, are you thinking that the number of asterisks defines the amount of digits in the last number? It doesn't work like that. First of all the numbers aren't "used" in decimal, they're converted to hexadecimal, so there are only 2 digits as such. The IP address will resolve to an 8 Hex digit number such as 0E5F20DE, where the FIRST 2 digits correspond to the LAST 0 to 255 number in the IP address and so on. If we convert this hex number back to decimal it becomes easy to locate it within a range which will with a high degree of certainty, pin it down to a specific country.

Where can I find the information of what country is associated to what range (to track country traffic)?

OK if you just want to check the odd IP address there are many tools available - the easiest way is to use one of the websites that allows you to enter an IP and it will return network/geo info for it.

Try [dshield.org...] for detailed info on a specific IP.

It is possible to configure your web log to output a more meaningful address than simple IP by using DNS reverse look-up. Ask your site admin about it, though if you are on a shared server I doubt they'll enable any extras for you for free.

You may also find it useful to Google for "GeoIPCountryWhois".