Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Tech Talk |
|
<< Previous thread | Next thread >> |
| List of BT Internet IP Ranges | ||
| Go to page >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
|
| Author | Post | ||
| PhormalWarning |
| ||
 Registered Member #242 Joined: Sun Mar 23 2008, 03:59PMPosts: 31 | To assist those who want to display warning messages or even block access to Phorm ISPs, I've been looking at the IP ranges that are assigned to the affected services. This is my first draft of a list of IP's in use by BT customers. If anyone thinks there are errors or any IP ranges missed please add to this thread. I'm aiming to be as precise as possible to avoid catching innocent ISPs in the cross fire.
I believe Broadband Scope and WLMS are IPs used by other ISPs that contract BT to supply their services. So it might not be fair to block these as they are probably not being Phormed. BT WebPort is some sort of managed dial-up service BT offers to other companies. BT Remote Internet is a VPN service aimed at business customers. eu.bt.net might be IPs use internally on the BT backbone network. I am not sure any residential customers get assigned these. Can anyone tell me the distinction between OpenWorld and Central Plus please? I know Central Plus is something to do with BT wholesale. Do any other ISPs that outsource to BT get central plus IPs or are they all BT ADSL customers? | ||
| Back to top | | ||
| Sammy |
| ||
Sammy   Registered Member #143 Joined: Sun Mar 09 2008, 08:36PMPosts: 637 | Is it possible to identify if any of these IPs are regularly used as Gateways between other ISPs? There is a possiblility that lets say VM use a BT IP for a www Gateway, that anyone who blocks the IPs will be unable to browse the net if the chosen route is through the said IP. Thoughts please ... | ||
| Back to top | | ||
| PhormalWarning |
| ||
| Registered Member #242 Joined: Sun Mar 23 2008, 03:59PMPosts: 31 | This has all come from public DNS entries. Some of them could well be gateways for something but the DNS entries all look the same so I can't really drill any further and find out who's using them for what. By gateway I assume you're meaning are any of them internet facing addresses for NATs that some ISP somewhere funnels all their web users through? I couldn't say for sure but I don't think it's likely. It is quite possible and quite likely many of them are NATs for small-medium sized businesses who are using BT though. I'm uncertain about if any of particularly the Central Plus IPs are leased to other ISPs though. I'm pretty sure the Broadband Scope and WLMS ones are actually other ISPs that outsource all their technical side to BT and are just brands. I can find stuff on the web about this e.g. the Post Office broadband is just a brand and it's actually BT supplying the entire service. | ||
| Back to top | | ||
| Sammy |
| ||
| Sammy Registered Member #143 Joined: Sun Mar 09 2008, 08:36PMPosts: 637 | I think some more homework by us all is required - the reason this has been hilighted to myself is I've noticed VM are channeling a great deal of my traffic through level3.net. How the ISPs work in the background is a mystery to me - and I am concerned that blocking all BT IPs for example will be the equivalent of building an Internet Version of the Berlin Wall - leaving very limited access to the web. Lets say for example AAISP employ the same tact, it is likely users routed thrugh their Network will be seriously disrupted (I use this example as they are very anti phorm). | ||
| Back to top | | ||
| PhormalWarning |
| ||
| Registered Member #242 Joined: Sun Mar 23 2008, 03:59PMPosts: 31 | Level3 are a backbone provider that VM have been using for some time to route their packets to various destinations. A lot of my US bound data goes that way. I don't think they are anything to worry about. I'm not sure that anyone is suggesting that intermediate routers should start blocking each other. As you point out it would be a complete disaster. By 'blocking' people are meaning preventing Phorm ISP users from accessing end services. Or otherwise displaying alternative messages to them. If I run a script on my web server that blocks a range of IPs belonging to e.g. BT and you contact my web server from AAISP. Even if BT actually deliver the packets to my web server, the IP that is reported to my script is AAISP because that is the origin point. So your AAISP connection will not be blocked by my server even if BT do all of your intermediate communications. | ||
| Back to top | | ||
| Gordon |
| ||
 Registered Member #287 Joined: Thu Apr 03 2008, 08:06PMPosts: 375 | (Edit - sorry, I spent ages fiddling about here and I'm a slow typist - in the meantime, I think PhormalWarning has already said much the same thing!) Now, I ain't techie, but I'm never afraid to tinker in the hope that it might help... Here's the first bit of a traceroute to my own site - my router, then BT at Ilford, then Namesco, my ISP: 1 192.168.1.1 (192.168.1.1) 0.668 ms 0.691 ms 0.465 ms 2 namescohg2.ilford.broadband.bt.net (217.47.151.57) 149.874 ms 135.826 ms 127.529 ms 3 thn1-gi0-3-3.namesco.net (195.7.254.2) 414.600 ms 149.958 ms 116.197 ms It then goes on via entanet to my web site. If I block the BT Ilford address, 217.47.151.57, using the normal .htaccess file, it makes no odds - I still get to my web site, I don't get the "Access denied" 403.shtml page. From that I would conclude that it's only looking at the IP allocated to me by Namesco - 195.7.251.186, which doesn't show up in the traceroute at all, not anything else in the chain before that. [ Edited Sun Apr 20 2008, 08:03PM ] | ||
| Back to top | | ||
| PhormalWarning |
| ||
| Registered Member #242 Joined: Sun Mar 23 2008, 03:59PMPosts: 31 | Thanks for the demo Gordon. Also you've got 217.47.* which isn't on my list. I've just been thinking actually, as well as domain names associated with IPs, I should be looking at who's name servers are associated with IPs. On that basis 217.32.* and 217.33.* look like BT as well. I'll do a bit of further investigating. | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 08:06PMPosts: 375 | Re the list itself... I'd advise you to check any extras, because I haven't exactly been too fussy here - I have, for example, included PlusNet even though they've said it won't affect them. As far as I'm concerned, they are part of BT, so they get blocked. Anyway, if it's any use to you for comparison, this is the list that I came up with: 62.5.0.0-62.5.127.255 62.6.0.0-62.7.255.255 62.102.0.0-62.102.127.255 62.172.0.0-62.172.255.255 62.173.192.0-62.173.255.255 62.239.0.0-62.239.255.255 80.229.0.0-80.229.255.255 81.128.0.0-81.159.255.255 81.174.128.0-81.174.255.255 83.170.128.0-83.170.163.255 83.216.128.0-83.216.159.255 84.51.128.0-84.51.191.255 84.92.0.0-84.93.255.255 86.128.0.0-86.191.255.255 87.112.0.0-87.115.255.255 132.146.0.0-132.146.255.255 193.37.160.0-193.37.175.255 193.113.0.0-193.113.255.255 194.72.0.0 - 194.75.255.255 194.102.0.0-194.102.31.255 195.99.0.0-195.99.255.255 195.166.128.0-195.166.159.255 195.171.0.0-195.171.255.255 195.218.32.0-195.218.63.255 212.56.64.0-212.56.127.255 212.140.0.0-212.140.255.255 213.1.0.0-213.1.255.255 213.120.0.0-213.123.255.255 213.162.96.0-213.162.127.255 217.32.0.0-217.47.255.255 217.140.32.0-217.140.63.255 Or, converted to CIDR to go in my .htaccess file (if I haven't screwed anything up): deny from 62.5.0.0/17 deny from 62.6.0.0/15 deny from 62.102.0.0/17 deny from 62.172.0.0/16 deny from 62.173.192.0/18 deny from 62.239.0.0/16 deny from 80.229.0.0/16 deny from 81.128.0.0/11 deny from 81.174.128.0/17 deny from 83.170.128.0/19 deny from 83.170.160.0/22 deny from 83.216.128.0/19 deny from 84.51.128.0/18 deny from 84.92.0.0/15 deny from 86.128.0.0/10 deny from 87.112.0.0/14 deny from 132.146.0.0/16 deny from 193.37.160.0/20 deny from 193.113.0.0/16 deny from 194.72.0.0/14 deny from 194.102.0.0/19 deny from 195.99.0.0/16 deny from 195.166.128.0/19 deny from 195.171.0.0/16 deny from 195.218.32.0/19 deny from 212.56.64.0/18 deny from 212.140.0.0/16 deny from 213.1.0.0/16 deny from 213.120.0.0/14 deny from 213.162.96.0/19 deny from 217.32.0.0/12 deny from 217.140.32.0/19 I've done a copy+paste of yours into a separate file, and will go through it later to see if there's anything I missed that you've picked up. | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 08:06PMPosts: 375 | Incidentally... The 403.shtml page will display the visitor's IP, and will have an e-mail link, so that anyone blocked accidentally can get in touch, quote the IP, ask me to re-check and, if it is indeed my mistake, unblock as necessary. | ||
| Back to top | | ||
| felixcatuk |
| ||
felixcatuk  Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2592 | Gordon - can I make that list available to download from Dephormation? regards Pete. | ||
| Back to top | | ||
| Go to page >> | |
Powered by e107 Forum System