Sign in to follow this  
Followers 0
XxthugstylezxX

Subnet mask

14 posts in this topic

I have to ban a whole subnet mask from a server i admin. Basically im helping these gaming n00bz secure there game server and site. They got a guy they need to ban but his dynamic ip comes into play and they cannot ban him. So i suggested subnet mask ban him. These are the ip's he's came in as, as of today.

91.0.79.236

91.0.102.250

91.0.114.149

I came to the conclusion its a classless class A /17 network. Sound about right? 255.255.128.0 so they would ban 91.0.*.*/17

Just making sure im correct before i give them the go ahead with it.

0

Share this post


Link to post
Share on other sites

Looking over it and looking over it twice, you're on the right track for banning what you've seen at least. It looks from whois like everything 91.0.0.0 - 91.23.255.255 is allocated by Deutsche Telekom, but I'm not sure if you'd be able to dig in further to see who has that the range within that contains those IPs and its size. I suppose you could email their abuse (abuse@t-ipinet.de and/or ripe.dtip@telekom.de) for more info and pray you get someone who sprickens de englisch.

0

Share this post


Link to post
Share on other sites

So it looks like a person outside of the US then. Thanks for the info! =) Even then if i do a whole subnet ban of the 91.0.*.* for say a period of 2 weeks or so the guy might think we've got him perm banned and quit after a while. Then open it back up and hope the guy has given up. Or i could do both a subnet ban and email the isp even though he hasn't done anything technically illegal. Just doing stupid game hacks, where is name keeps changing to someone on the server so when we ban we end up banning our self's or people who are not involved. I'll try both maybe to get more information on the guy and to get him off our server at least temporarily.

0

Share this post


Link to post
Share on other sites

Yeah if it's just a game thing, I think you're alright with your original plan and mask, and just lift it in a few days once he's moved on.

0

Share this post


Link to post
Share on other sites

Thanks McGrewSecurity that helped alot. I didnt think of doing a whois on the ip to find out the isp and range they hold. :voteyes:

0

Share this post


Link to post
Share on other sites

Yeah the problem is usually that it often doesn't show how it's divided up within that range. You'll see a large ISP with a huge allocated range that has a portion of it for an organization, and won't have anything showing where that organization's IP's start and stop. You can sometimes enumerate it with some playing around with reverse-DNS, I remember there being a thread in General Hacking that I contributed to on the topic a while back.

0

Share this post


Link to post
Share on other sites

but wouldn't banning in entire ISP's block of addresses annoy more people then it worth? Cant you go back though the logs get his MAC addresss and ban that?

Might be making a complete nonsense remark but worth a try.

0

Share this post


Link to post
Share on other sites
91.0.79.236

91.0.102.250

91.0.114.149

I came to the conclusion its a classless class A /17 network. Sound about right? 255.255.128.0 so they would ban 91.0.*.*/17

Class A is an 8bit subnet mask. Class B is a 16bit subnet mask and Class C is a 24bit subnet mask. The 17bit subnet mask you proposed would include half of the 91.0.0.0/16 subnet. 91.0.0.0 - 91.0.127.255. If you want to block everything in the Class B, then you need a 255.255.0.0 subnet mask.

91.0.0.0 255.255.0.0

If you want their entire block it's going to be more than one mask since they have more than 16 and less than 32:

91.0.0.0 255.240.0.0 91.0.0.0-91.15.255.255

91.16.0.0 255.248.0.0 91.16.0.0-91.23.255.255

There you go.

On a side note, I finally found something that I know more about than McGrewSecurity. YAY!!! hahaha 9-)

0

Share this post


Link to post
Share on other sites
Good way to shoot yourself in the foot, since then you won't be able to contact the outside at all, since you will have blocked all of your router's traffic.
but wouldn't banning in entire ISP's block of addresses annoy more people then it worth? Cant you go back though the logs get his MAC addresss and ban that?

Might be making a complete nonsense remark but worth a try.

im confused? are you agreeing with me our calling me a tard? :D:huh:

0

Share this post


Link to post
Share on other sites

why do you have 91.16 in thre when it's 91.0 mostly the ips won't change outside the 91.0 range if it's just an ISP since htey get a certain block of range for ips and hand them out in areas.

91.0.79.236

91.0.102.250

91.0.114.149

I came to the conclusion its a classless class A /17 network. Sound about right? 255.255.128.0 so they would ban 91.0.*.*/17

Class A is an 8bit subnet mask. Class B is a 16bit subnet mask and Class C is a 24bit subnet mask. The 17bit subnet mask you proposed would include half of the 91.0.0.0/16 subnet. 91.0.0.0 - 91.0.127.255. If you want to block everything in the Class B, then you need a 255.255.0.0 subnet mask.

91.0.0.0 255.255.0.0

If you want their entire block it's going to be more than one mask since they have more than 16 and less than 32:

91.0.0.0 255.240.0.0 91.0.0.0-91.15.255.255

91.16.0.0 255.248.0.0 91.16.0.0-91.23.255.255

There you go.

On a side note, I finally found something that I know more about than McGrewSecurity. YAY!!! hahaha 9-)

0

Share this post


Link to post
Share on other sites
but wouldn't banning in entire ISP's block of addresses annoy more people then it worth? Cant you go back though the logs get his MAC addresss and ban that?

Might be making a complete nonsense remark but worth a try.

Unless the game specifically records the MAC address and sends it to the server for identification purposes, no (and even then it could probably be faked by the user). The MAC address on all the packets from the user to the server is the MAC of the router the server is connected to.

0

Share this post


Link to post
Share on other sites
why do you have 91.16 in thre when it's 91.0 mostly the ips won't change outside the 91.0 range if it's just an ISP since htey get a certain block of range for ips and hand them out in areas.

As I said, if you want to block the entire IP Range owned by that ISP, you would use:

91.0.0.0 255.240.0.0

91.16.0.0 255.248.0.0

Because they own 91.0.0.0-91.23.255.255. If you want to block just the Class B 91.0.0.0/16, then it's

91.0.0.0 255.255.0.0

0

Share this post


Link to post
Share on other sites
but wouldn't banning in entire ISP's block of addresses annoy more people then it worth? Cant you go back though the logs get his MAC addresss and ban that?

Might be making a complete nonsense remark but worth a try.

Unless the game specifically records the MAC address and sends it to the server for identification purposes, no (and even then it could probably be faked by the user). The MAC address on all the packets from the user to the server is the MAC of the router the server is connected to.

ok got it now, cheers

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0