[Emerging-Sigs] Comprehensive list of LeaseWeb CIDR blocks?

Joe Pampel jpampel at paladyne.com
Thu Oct 7 16:51:13 EDT 2010


The other responses have been very complete.. So I thought for the benefit of those who may not have router access/experience, you can still look folks up using a variety of sites.

One of the easiest is Hurricane Electric.. for ex:

http://bgp.he.net/AS16265#_prefixes

and Cyclops is very handy as well:  (can also send you alerts if your BGP announcements change...)

http://cyclops.cs.ucla.edu//?vm=0&di=2010-10-09&de=2010-10-09&asn=16265&prfx=&loc=&ag=0&v=gv&tab=1&sub=1&p=&s=0&o=&d=

cyclops shows 111 prefixes (no summarizations I gather), HE shows 62 prefixes (with summaries though I believe)

Team Cymru has some great whois type tools to match AS & IP's etc. which you can script against. Might be able to use this to automate your list.
Have a l00k..

http://www.team-cymru.org/Services/ip-to-asn.html

& be careful out there..

- J

On Oct 7, 2010, at 2:41 PM, Miso Patel wrote:

Thanks.  Yea, I already did a whois and got that class C but i was having trouble finding *all* the ranges they owned, particularly the ones they host web servers on. I've also got 95.211.0.0/16<http://95.211.0.0/16> and 85.17.0.0/16<http://85.17.0.0/16> listed as LeaseWeb bad (thanks t0nt03).

Miso Patel

On Thu, Oct 7, 2010 at 1:27 PM, Joe Pampel <jpampel at paladyne.com<mailto:jpampel at paladyne.com>> wrote:
If they are in Europe, start with their whois listings on the RIPE site.

http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=leaseweb&do_search=Search

would be nice if this /24 is the whole thing. ;)

On Oct 7, 2010, at 2:15 PM, Miso Patel wrote:

> I'm fed up with the plethora of malware/fake AV hosted on LeaseWeb and I've decided to just go ahead and block them completely at the firewall.  Does anyone have a comprehensive list of CIDR blocks that they own?  I already use the ET RBN and Known Compromised lists but at this point I feel like blocking LeaseWeb completely does more good than harm.  Not that I have anything personal against the Dutchbags at LeaseWeb....
>
> Thanks.
>
> Miso Patel
> <ATT00001..txt>


The information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s).



________________________________
The information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101007/1c6a7624/attachment-0001.html


More information about the Emerging-sigs mailing list