How to Block Evony?

What are the best methods for blocking Evony, the large online multiplayer game, with the company firewall? They appear to be on a Class C network

64.156.192.x, but I would like to know if other networks or IPs need to be blocked as well.
Reply to
W
Loading thread data ...

A more general question: if you want to see all IP networks owned by a given company, how do you do that?

Reply to
W

W a écrit ce vendredi 17 septembre 2010 03:47 dans :

On *nix machines (Linux, Mac, BSD, etc...) these commands will do *exactly* what you ask for:

host evony.com

Or: dig ANY evony.com

These commands may return a hostname.domainname of something else instead of an IP, so redo the same command for the new hostname.domainname, etc... You'll see that you won'y be able to block everything from evony (their emails) without blocking some google mail servers...

For details on these commands, read: man host man evony

On windows... don't know... Bad Luck... You can have these commands on windows if you install cygwin.

Reply to
Web Dreamer

Umm... no, they won't. dig and host return what a company has configured on their public DNS for that given domain. That does NOT equal a list of all IP networks a company owns. For the latter you'd have to go through the databases of all registries in the world. Which clearly is not feasible.

Or, you could simply use the tools from the Windows version of BIND. Or use the nslookup that ships with Windows. But anyway, as explained above, that won't do what the OP was asking for.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

A "whois" query may provide some information, but generally "all" is not available. For example, 'evony.com' seems to be hosted by a service provider in San Diego named "M5 Computer Security" but they don't list the range of addresses in use. Blocking 64.156.192.0/22 (which is M5-SECURITY-NETBLK-11) may work - at least temporarily. It's far easier to sniff your network using something like 'wireshark' and identify the players. Assuming your company has published a network use policy, you can then take appropriate actions against the players. Trivial really - but consult your company lawyer for further details.

I can see you didn't bother to even try those commands, so you made a rather large mistake. 'host -a evony.com' and 'dig ANY evony.com' returns a single host address (64.156.194.11), two name server addresses (64.156.194.11 and 64.156.194.14), and six mail server addresses at google. Rather useless, don't you think?

Maybe you should be reading the man pages - and while you're at it, also read the DNS-HOWTO if you can figure out how to find it

-rw-rw-r-- 1 gferg ldp 91563 Dec 23 2001 DNS-HOWTO

because DNS doesn't work the way you seem to think.

Old guy

Reply to
Moe Trin

Go to ARIN (or the appropriate registrar) and query their registration database using that address to find the name of the company or the ISP.

The lowest-level (smallest, usually) allocation in this case is "M5 Computer Security", network M5-SECURITY-NETBLK-11 (or NET-64-156-192-0-2). The parent ISP is CWIE, LLC. The domains of the admins' email addresses are: m5hosting.com and m5computersecurity.com.

They are AS21581 and their assigned networks (and addresses) are:

M5SECNET (NET-71-6-225-0-1) 71.6.225.0 - 71.6.225.255 M5-SECURITY-NETBLK-1 (NET-209-216-230-0-1) 209.216.230.0 -

209.216.230.255 M5-SECURITY-NETBLK-2 (NET-206-251-255-0-1) 206.251.255.0 - 206.251.255.255 M5-SECURITY-NETBLK-11 (NET-64-156-192-0-2) 64.156.192.0 - 64.156.195.255 M5-SECURITY-NETBLK-3 (NET-207-158-15-0-1) 207.158.15.0 - 207.158.15.255 M5-SECURITY-NETBLK-4 (NET-206-71-179-0-1) 206.71.179.0 - 206.71.179.255 M5-SECURITY-NETBLK-10 (NET-207-158-37-0-1) 207.158.37.0 - 207.158.37.255 M5-SECURITY-NETBLK-5 (NET-206-71-169-0-1) 206.71.169.0 - 206.71.169.255 M5-SECURITY-NETBLK-7 (NET-206-251-244-0-1) 206.251.244.0 - 206.251.244.255 M5-SECURITY-NETBLK-6 (NET-206-71-190-0-1) 206.71.190.0 - 206.71.190.255 M5-SECURITY-NETBLK-8 (NET-207-158-30-0-1) 207.158.30.0 - 207.158.30.255 M5-SECURITY-NETBLK-9 (NET-207-158-52-0-1) 207.158.52.0 - 207.158.52.255

All this info was obtained using standard WHOIS queries against whois.arin.net. WHOIS is your friend; I recommend anyone unfamiliar with it learn how to use it. The ARIN WHOIS help page may be obtained by executing:

whois -h whois.arin.net '?'

Unfortunately, best I can tell, M5 Hosting does not run an rwhois (Referral WHOIS) server, nor do they appear--best I can tell--to SWIP their address sub-allocations, so I cannot determine the Evony addresses. Someone else may know how to get more granular address information from M5; I do not--sorry.

There are other excellent sources of address assignment information, including BGP (query through LookingGlass servers). Someone else may know of better ones; if so, please post the info!

I hope this helps a bit!

Reply to
David Bivens

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.