Re: IP range to CIDR list VB6 utility?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Don_at_home.com
Date: 09/20/04 

Date: Mon, 20 Sep 2004 06:47:39 GMT

I've read a few of the posts in this thread and the thought occured to me that
maybe you are looking at this problem backwards...
Due to the nature of the beast when it comes to the gazillion IP addresses
wouldn't it be easier to reject all Except the Valid Ones???
This is just a thought because I don't have a clue as to
what/why/where/when/which/etc... your system does or how your IPF is setup...

On Mon, 20 Sep 2004 04:56:16 GMT, "WinGuy" <no_spam@nomail.bot> wrote:

>"Jim Carlock" <anonymous@127.0.0.1> wrote in message
>news:uN3Y8arnEHA.1800@TK2MSFTNGP15.phx.gbl...
>> Where did you get your list of IP numbers from ?
>>
>> Usually folks get a block, something like a class B set of
>> IP numbers or a class C set if they're providing webhosting.
>>
>> If it's for an internal LAN, you don't need to buy such blocks,
>> you'll only need one IP number and then configure the internal
>> network on a 192.168.... or 10..... subnet.
>>
>> Class A:
>> 217.224.0.0/8 -> 217.0.0.0 to 217.255.255.255, or
>> Class B:
>> 217.224.0.0/16 -> 217.224.0.0 to 217.224.255.255, or
>> Class C:
>> 217.224.0.0/24 -> 217.224.0.0 to 217.224.0.255
>>
>> I see the following:
>>
>> route: 217.224.0.0/11
>> descr: Deutsche Telekom AG, Internet service provider
>> origin: AS3320
>> member-of: AS3320:RS-PA-TELEKOM
>>
>> You buy a block of numbers from these guys?
>>
>> --
>> Jim Carlock
>> http://www.microcosmotalk.com/
>> Post replies to the newsgroup.
>
>No, Jim, that was just an example IP range I was using because it's real but
>allocated strangely. The real purpose of the VB project was explained
>already in my post that opened this topic. That example IP address range is
>easy to block by IP range, but difficult to block based on CIDR or netmask
>methods. I've already built and have running a transparent (it's NIC's have
>no IP addresses) statefull firewall FreeBSD box dedicated to running only
>one thing, a firewall called IP Filter (aka IPF), and its filter rules
>require using CIDR instead of ranges. It sits immediately inline with a
>broadband modem, a hub is on the other side of IPF and everything else
>connects to that hub (several routers, each having their own public IP
>address). It looks like this: WAN-Modem -> IPF -> Hub -> Routers -> LANS.
>
>There are actually 3 LAN's so far, all isolated from each other: wireless
>access point, server, and for the office. Main reason for the IPF box is to
>reduce and to eventually remove the firewall load on the server box. The
>server box itself has 2 firewalls (BlackIce and ZoneAlarm Pro) of its own,
>but the server cpu cycles and HDD activity is way excessive from time to
>time as it fends off attacks on its IIS web & ftp server or disallows
>spammers access to the email server (all are on the same box). So I built
>IPF to not only lighten the firewall cpu demands on the server but to also
>help protect all the other LAN's at the same time. So I've all these tables
>of IP addresses, and ranges of IP addresses, that have been a nuisance (or
>worse) in the past but the rules are in IP address range format and I have
>to convert them to CIDR format in order to move the rules over to the IPF
>box. That's why I'm trying to write the VB utility to help me with the
>rather large job that doing manually would take me forever. And I figure a
>utility that computes a CIDR list for any IP range is kind of a good idea
>beyond my current need for it!
>
>FWIW, Jim, that IP range I used for the example is indeed one of a great
>many that I block. I can tell by your interest that you probably know
>exactly why I block that entire ISP.
>
>I really appreciate any help this forum gives me to get this utility I'm
>trying to write working as soon as possible. I'll make it freely available
>in return.
>

Have a good day...

Don

Relevant Pages

  • Re: IP range to CIDR list VB6 utility?
    ... >no IP addresses) statefull firewall FreeBSD box dedicated to running only ... >one thing, a firewall called IP Filter (aka IPF), and its filter rules ... >require using CIDR instead of ranges. ... >reduce and to eventually remove the firewall load on the server box. ...
    (microsoft.public.vb.general.discussion)
  • Re: IP range to CIDR list VB6 utility?
    ... "Jim Carlock" wrote in message ... no IP addresses) statefull firewall FreeBSD box dedicated to running only ... one thing, a firewall called IP Filter (aka IPF), and its filter rules ... reduce and to eventually remove the firewall load on the server box. ...
    (microsoft.public.vb.general.discussion)
  • RE: FreeBSD - Secure by DEFAULT ?? [hosts.allow]
    ... But why IPFW? ... IPF is *BSD native wall. ... > hosts.allow file on a FreeBSD Production Server? ... but with no Firewall yet. ...
    (FreeBSD-Security)
  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
    (microsoft.public.windows.server.sbs)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)