Welcome to WebmasterWorld Guest from 54.145.11.9

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

A comprehensive list of EC2 IP ranges

     
2:45 pm on Mar 20, 2012 (gmt 0)

Administrator from CA 

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 8, 2003
posts:3878
votes: 56


I'm stopping them one by one but it seems new ones pop up every day. Let's build a list - here's what I've got so far:

204.236.128.0/17
75.101.128.0/17
50.16.0.0/14
184.72.0.0/15
174.129.0.0/16
107.20.0.0/14
66.40.52.0/24 (*)

That last one isn't ec2 - it's some provider in Florida - but it has crawled me with bots with the exact same signature of the rotating made up UA ec2 bots (you know, the Opera 9.90 guys) and I think owner of the bots live in that netblock and test from there, so I've got it down as a related netblock.
4:23 pm on Mar 20, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Nov 1, 2006
posts: 66
votes: 0


Here's my current state of the EC2. I last updated it in early Feb 2012. These things are subject to periodic change.

[Amazon EC2 - US East - Northern Virginia]
23.20.0.0/14 (23.20.0.0 23.23.255.255)
50.16.0.0/15 (50.16.0.0 - 50.17.255.255)
50.19.0.0/16 (50.19.0.0 - 50.19.255.255)
67.202.0.0/18 (67.202.0.0 - 67.202.63.255)
72.44.32.0/19 (72.44.32.0 - 72.44.63.255)
75.101.128.0/17 (75.101.128.0 - 75.101.255.255)
107.20.0.0/15 (107.20.0.0 - 107.21.255.255)
107.22.0.0/16 (107.22.0.0 - 107.22.255.255)
174.129.0.0/16 (174.129.0.0 - 174.129.255.255)
184.72.64.0/18 (184.72.64.0 - 184.72.127.255)
184.72.128.0/17 (184.72.128.0 - 184.72.255.255)
184.73.0.0/16 (184.73.0.0 184.73.255.255)
204.236.192.0/18 (204.236.192.0 - 204.236.255.255)
216.182.224.0/20 (216.182.224.0 - 216.182.239.255)

[Amazon EC2 - US West - Northern California]
50.18.0.0/16 (50.18.0.0 - 50.18.255.255) NEW
184.72.0.0/18 (184.72.0.0 184.72.63.255)
184.169.128.0/17 (184.160.128.0 - 184.169.255.255) NEW
204.236.128.0/18 (216.236.128.0 - 216.236.191.255)

[Amazon EC2 - US West - Oregon]
50.112.0.0/16 (50.112.0.0 - 50.112.255.255)

[Amazon EC2 - EU - Ireland]
46.51.128.0/18 (46.51.128.0 - 46.51.191.255)
46.51.192.0/20 (46.51.192.0 - 46.51.207.255)
46.137.0.0/17 (46.137.0.0 - 46.137.127.255)
46.137.128.0/18 (46.137.128.0 - 46.137.191.255) NEW
79.125.0.0/17 (79.125.0.0 - 79.125.127.255)
176.34.64.0/18 (176.34.64.0 176.34.127.255) NEW
176.34.128.0/17 (176.34.128.0 - 176.34.255.255)

[Amazon EC2 - Asia Pacific - Singapore]
46.51.216.0/21 (46.51.216.0 - 46.51.223.255)
46.137.224.0/19 (46.137.224.0 - 46.137.255.255) NEW
122.248.192.0/18 (122.248.192.0 - 122.248.255.255)
175.41.128.0/18 (175.41.128.0 - 175.41.191.255)

[Amazon EC2 - Asia Pacific - Tokyo]
46.51.224.0/19 (46.51.224.0 - 46.51.255.255)
46.137.192.0/18 (46.137.192.0 - 46.137.255.255)
103.4.8.0/21 (103.4.8.0 - 103.4.15.255)
175.41.192.0/18 (175.41.192.0 - 175.41.255.255)
176.32.64.0/19 (176.32.64.0 - 176.32.95.255)
176.34.0.0/18 (176.34.0.0 - 176.34.63.255) NEW

[Amazon EC2 - South America - Sao Paulo]
177.71.128.0/17 (177.71.128.0 - 177.71.255.255) NEW
7:31 pm on Mar 20, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


I guess annie's been twiddling her thumbs for everyone's benefit [webmasterworld.com]
7:40 pm on Mar 20, 2012 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6674
votes: 131



Of course all these will start to change in a few weeks when IP6 gets fully implemented across the networks, so get ready to redo your entire defense strategy.
7:55 pm on Mar 20, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5459
votes: 3


keyplr,
There's an old thread either here or in the Apache Forum, where somebody explained the simplicity of converting IPV4 to IPVG ranges.

Wish I'd saved the info and URL ;)
9:01 pm on Mar 20, 2012 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6674
votes: 131



AFAIK there's no way to "convert" IP4 to IP6 on the receiving end - it doesn't make sense.

You won't even see IP6 until your server changes to support them. Then, there will be no relation to the old IP4, they will be all new. The good news is, IP6 is backward supportive, meaning when your server does switch, you will still see the old IP4 from those servers that haven't switched yet, so we can still block those IP4 addresses, but we'll need to again trace the IP6 addresses.

FWIW - I already have most of mine ready, just waiting for the witching hour.
9:03 pm on Mar 20, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3125
votes: 4


bakedjake - you can begin by blocking our lists of IPs given in pfui's latest amazon thread at [webmasterworld.com...] - I think that covers all known ranges up to a month or so ago. If anyone can add to those lists I'd be interested.

iamzippy - some of your ranges are incorrectly assigned. 46.most things are Europe not Asia and 46.51.224.0/19, for example, is registered to the Dublin, Ireland branch of amazon; as is 46.137.224.0/19 although actually registered in france, according to my registry checks. In reality, though, I don't suppose location really matters: it's the existence that's important.
9:25 pm on Mar 20, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Nov 1, 2006
posts: 66
votes: 0


dstiles - thanks for that, point taken. I never got round to doing the necessary per-RIR, all I know is they work ;)

I'll get on to it.
12:59 pm on Mar 21, 2012 (gmt 0)

Junior Member

joined:Dec 1, 2011
posts: 192
votes: 0


FYI,

Current catch list. Extracted from my database, and all networks looked up manually again this morning for validation of ranges and location.

Some of @iamzippy's ranges were smaller subnets. They are embedded in the below registrations.
They (likely) have more than these, but I have not seen and added them yet.

The European ones are (formally) spread across NL, FR, an IE. Although only Amazon's internal routing can tell where individual pieces are actually being used.


'Amazon_EC2_Asia', '103.4.12.0/22'
'Amazon_EC2_Asia', '103.4.8.0/22'
'Amazon_EC2_N_America', '107.20.0.0/14'
'Amazon_EC2_N_America', '107.22.0.0/16'
'Amazon_EC2_S_America', '122.248.192.0/19'
'Amazon_EC2_N_America', '174.129.0.0/16'
'Amazon_EC2_S_America', '175.41.128.0/19'
'Amazon_EC2_S_America', '175.41.192.0/19'
'Amazon_EC2_Asia', '175.41.224.0/19'
'Amazon_EC2_Europe', '176.32.64.0/21'
'Amazon_EC2_Europe', '176.34.0.0/21'
'Amazon_EC2_S_America', '177.71.128/17'
'Amazon_EC2_N_America', '184.169.128.0/17'
'Amazon_EC2_N_America', '184.72.0.0/15'
'Amazon_EC2_N_America', '204.236.128.0/17'
'Amazon_EC2_N_America', '216.182.224.0/20'
'Amazon_EC2_N_America', '23.20.0.0/14'
'Amazon_EC2_Europe', '46.137.0.0/17'
'Amazon_EC2_Europe', '46.137.128.0/18'
'Amazon_EC2_Europe', '46.137.192.0/21'
'Amazon_EC2_Europe', '46.137.224.0/21'
'Amazon_EC2_Europe', '46.51.192.0/20'
'Amazon_EC2_Europe', '46.51.216.0/21'
'Amazon_EC2_Europe', '46.51.224.0/21'
'Amazon_EC2_N_America', '50.112.0.0/16'
'Amazon_EC2_N_America', '50.16.0.0/14'
'Amazon_EC2_N_America', '67.202.0.0/18'
'Amazon_EC2_N_America', '72.44.32.0/19'
'Amazon_EC2_N_America', '75.101.128.0/17'
'Amazon_EC2_Europe', '79.125.0.0/18'
1:08 pm on Mar 21, 2012 (gmt 0)

Junior Member

joined:Dec 1, 2011
posts: 192
votes: 0


BTW.. The attached page shows a dynamic Map of the offender IPs across the US.

The blob on top of Seattle, WA should make it clear why we block EC2. :-)

[riskyinternet.com...]
10:26 pm on Mar 21, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3125
votes: 4


DeeCee - The lines you give are not compacted enough for me. :)

My database lists the following, without countries included:

8.18.144.0 - 8.18.145.255
23.20.0.0 - 23.23.255.255
46.51.128.0 - 46.51.255.255
46.137.0.0 - 46.137.255.255
50.16.0.0 - 50.19.255.255
50.112.0.0 - 50.112.255.255
67.202.0.0 - 67.202.63.255
72.21.192.0 - 72.21.223.255
72.44.32.0 - 72.44.63.255
75.101.128.0 - 75.101.255.255
79.125.0.0 - 79.125.127.255
87.238.80.0 - 87.238.87.255
103.4.8.0 - 103.4.15.255
107.20.0.0 - 107.23.255.255
122.248.192.0 - 122.248.255.255
174.129.0.0 - 174.129.255.255
175.41.128.0 - 175.41.255.255
176.32.64.0 - 176.32.127.255
176.34.0.0 - 176.34.255.255 (latest entry dated Feb 23)
184.72.0.0 - 184.73.255.255
199.255.192.0 - 199.255.195.255
204.236.128.0 - 204.236.255.255
207.171.160.0 - 207.171.191.255
216.182.224.0 - 216.182.239.255
12:44 am on Mar 22, 2012 (gmt 0)

Junior Member

joined:Dec 1, 2011
posts: 192
votes: 0


:)

Thanks!

You had some tagged on ranges inside yours that I did not have.. Added... Thanks..

A few makes me a little apprehensive. But I added a the couple I did not have, except for your first one.

8.18.144.0 - 8.18.145.255 is

Amazon Inc. LVLT-AMAZON-5-8-18-144 (NET-8-18-144-0-1) 8.18.144.0 - 8.18.144.255
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.255.255.255

I have not seen bots from that net, and the slight issue I have is that I don't really want to block "Amazon" the company (all its networks), but rather just the Amazon EC2 cloud.

So, for example office type IPs there is really no reason to block. Don't want to kick out their people, only the cloud.

Have you seen attacks from all the nets?
8:58 am on Mar 22, 2012 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6674
votes: 131




DeeCee, I block that entire range and all other Level 3 ranges; have for years. I used to be an Amazon affiliate (until they dumped California accounts and reneged on payments owed) and never had an issue with the block.
9:32 am on Mar 22, 2012 (gmt 0)

Junior Member

joined:Dec 1, 2011
posts: 192
votes: 0


@keyplyr,

Cool. Appreciate the info.
9:44 pm on Mar 22, 2012 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3125
votes: 4


DeeCee - I did forget to mention that one or two might not be cloud. Sorry. I block amazon completelty. If any of the ranges I block are office-broadband then tough.
11:24 pm on Oct 20, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 26, 2006
posts: 1619
votes: 0


Wish there was a better way to block them without having to keep up with all the blasted IP addresses.
2:35 pm on Oct 25, 2012 (gmt 0)

New User

5+ Year Member

joined:Jan 28, 2009
posts:17
votes: 0


# Amazon AWS/Elastic Cloud
deny from 8.18.144.0/23
deny from 23.20.0.0/14
deny from 46.51.215.0/25
deny from 46.51.215.128/26
deny from 46.51.215.192/27
deny from 46.51.215.224/28
deny from 46.51.215.240/29
deny from 46.51.215.248/30
deny from 46.51.215.252/31
deny from 46.51.215.254/32
deny from 46.51.128.0/18
deny from 46.51.192.0/20
deny from 46.51.208.0/22
deny from 46.51.212.0/23
deny from 46.51.214.0/24
deny from 46.51.216.0/21
deny from 46.51.224.0/20
deny from 46.137.0.0/16
deny from 50.16.0.0/14
deny from 50.112.0.0/16
deny from 54.224.0.0/11
deny from 63.92.12.0/22
deny from 63.238.12.0/22
deny from 63.238.16.0/23
deny from 64.15.138.160/27
deny from 64.15.156.64/27
deny from 66.7.64.0/19
deny from 67.202.0.0/18
deny from 67.205.69.32/27
deny from 70.38.0.0/17
deny from 72.21.192.0/19
deny from 72.29.185.0/24
deny from 72.44.32.0/19
deny from 72.55.128.0/18
deny from 75.101.128.0/17
deny from 79.125.0.0/16
deny from 87.231.235.2/32
deny from 107.20.0.0/14
deny from 174.129.0.0/16
deny from 184.72.0.0/15
deny from 204.74.108.0/24
deny from 204.236.128.0/17
deny from 204.246.160.0/22
deny from 204.246.167.0/24
deny from 204.246.168.0/23
deny from 204.246.176.0/21
deny from 204.246.184.0/22
deny from 207.171.160.0/19
deny from 208.47.248.0/23
deny from 209.201.96.0/22
deny from 216.137.32.0/20
deny from 216.137.48.0/21
deny from 216.182.224.0/20