Results 1 to 6 of 6

Thread: How to Block Evony?

  1. #1
    W
    Guest

    How to Block Evony?

    What are the best methods for blocking Evony, the large online multiplayer
    game, with the company firewall? They appear to be on a Class C network
    64.156.192.x, but I would like to know if other networks or IPs need to be
    blocked as well.

    --
    W



  2. #2
    W
    Guest

    Re: How to Block Evony?

    "W" <persistentone@spamarrest.com> wrote in message
    news:gJudnYPzmORjiBLRnZ2dnUVZ5gKdnZ2d@giganews.com...
    > What are the best methods for blocking Evony, the large online multiplayer
    > game, with the company firewall? They appear to be on a Class C network
    > 64.156.192.x, but I would like to know if other networks or IPs need to be
    > blocked as well.


    A more general question: if you want to see all IP networks owned by a
    given company, how do you do that?

    --
    W



  3. #3
    Web Dreamer
    Guest

    Re: How to Block Evony?

    W a écrit ce vendredi 17 septembre 2010 03:47 dans
    <FbCdnbPdNaYAVQ_RnZ2dnUVZ5oidnZ2d@giganews.com> :

    > "W" <persistentone@spamarrest.com> wrote in message
    > news:gJudnYPzmORjiBLRnZ2dnUVZ5gKdnZ2d@giganews.com...
    >> What are the best methods for blocking Evony, the large online
    >> multiplayer
    >> game, with the company firewall? They appear to be on a Class C
    >> network 64.156.192.x, but I would like to know if other networks or IPs
    >> need to be blocked as well.

    >
    > A more general question: if you want to see all IP networks owned by a
    > given company, how do you do that?


    On *nix machines (Linux, Mac, BSD, etc...) these commands will do *exactly*
    what you ask for:

    host evony.com
    <all IPs will be listed>
    Or:
    dig ANY evony.com
    <A records, MX records, etc... will be listed>

    These commands may return a hostname.domainname of something else instead of
    an IP, so redo the same command for the new hostname.domainname, etc...
    You'll see that you won'y be able to block everything from evony (their
    emails) without blocking some google mail servers...

    For details on these commands, read:
    man host
    man evony

    On windows... don't know... Bad Luck...
    You can have these commands on windows if you install cygwin.

    --
    Web Dreamer


  4. #4
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How to Block Evony?

    Web Dreamer <webdreamer@nospam.fr> wrote:
    > W a écrit ce vendredi 17 septembre 2010 03:47:
    >> A more general question: if you want to see all IP networks owned by
    >> a given company, how do you do that?

    >
    > On *nix machines (Linux, Mac, BSD, etc...) these commands will do
    > *exactly* what you ask for:
    >
    > host evony.com
    > <all IPs will be listed>
    > Or:
    > dig ANY evony.com
    > <A records, MX records, etc... will be listed>


    Umm... no, they won't. dig and host return what a company has configured
    on their public DNS for that given domain. That does NOT equal a list of
    all IP networks a company owns. For the latter you'd have to go through
    the databases of all registries in the world. Which clearly is not
    feasible.

    > On windows... don't know... Bad Luck...
    > You can have these commands on windows if you install cygwin.


    Or, you could simply use the tools from the Windows version of BIND. Or
    use the nslookup that ships with Windows. But anyway, as explained
    above, that won't do what the OP was asking for.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. #5
    Moe Trin
    Guest

    Re: How to Block Evony?

    On Fri, 17 Sep 2010, in the Usenet newsgroup comp.security.firewalls, in article
    <4c932182$0$23782$426a74cc@news.free.fr>, Web Dreamer wrote:

    >"W" <persistentone@spamarrest.com> wrote


    >> A more general question: if you want to see all IP networks owned
    >> by a given company, how do you do that?


    A "whois" query may provide some information, but generally "all" is
    not available. For example, 'evony.com' seems to be hosted by a
    service provider in San Diego named "M5 Computer Security" but they
    don't list the range of addresses in use. Blocking 64.156.192.0/22
    (which is M5-SECURITY-NETBLK-11) may work - at least temporarily.
    It's far easier to sniff your network using something like 'wireshark'
    and identify the players. Assuming your company has published a
    network use policy, you can then take appropriate actions against
    the players. Trivial really - but consult your company lawyer for
    further details.

    >On *nix machines (Linux, Mac, BSD, etc...) these commands will do
    >*exactly* what you ask for:


    >host evony.com
    ><all IPs will be listed>
    >Or:
    >dig ANY evony.com
    ><A records, MX records, etc... will be listed>


    I can see you didn't bother to even try those commands, so you made a
    rather large mistake. 'host -a evony.com' and 'dig ANY evony.com'
    returns a single host address (64.156.194.11), two name server
    addresses (64.156.194.11 and 64.156.194.14), and six mail server
    addresses at google. Rather useless, don't you think?

    >For details on these commands, read:
    >man host
    >man evony


    Maybe you should be reading the man pages - and while you're at it,
    also read the DNS-HOWTO if you can figure out how to find it

    -rw-rw-r-- 1 gferg ldp 91563 Dec 23 2001 DNS-HOWTO

    because DNS doesn't work the way you seem to think.

    Old guy

  6. #6
    David Bivens
    Guest

    Re: How to Block Evony?

    "W" <persistentone@spamarrest.com> wrote:
    >
    > A more general question: if you want to see all IP networks owned by
    > a
    > given company, how do you do that?


    Go to ARIN (or the appropriate registrar) and query their registration
    database using that address to find the name of the company or the ISP.

    The lowest-level (smallest, usually) allocation in this case is "M5
    Computer Security", network M5-SECURITY-NETBLK-11 (or
    NET-64-156-192-0-2). The parent ISP is CWIE, LLC. The domains of the
    admins' email addresses are: m5hosting.com and m5computersecurity.com.

    They are AS21581 and their assigned networks (and addresses) are:

    M5SECNET (NET-71-6-225-0-1) 71.6.225.0 - 71.6.225.255
    M5-SECURITY-NETBLK-1 (NET-209-216-230-0-1) 209.216.230.0 -
    209.216.230.255
    M5-SECURITY-NETBLK-2 (NET-206-251-255-0-1) 206.251.255.0 -
    206.251.255.255
    M5-SECURITY-NETBLK-11 (NET-64-156-192-0-2) 64.156.192.0 - 64.156.195.255
    M5-SECURITY-NETBLK-3 (NET-207-158-15-0-1) 207.158.15.0 - 207.158.15.255
    M5-SECURITY-NETBLK-4 (NET-206-71-179-0-1) 206.71.179.0 - 206.71.179.255
    M5-SECURITY-NETBLK-10 (NET-207-158-37-0-1) 207.158.37.0 - 207.158.37.255
    M5-SECURITY-NETBLK-5 (NET-206-71-169-0-1) 206.71.169.0 - 206.71.169.255
    M5-SECURITY-NETBLK-7 (NET-206-251-244-0-1) 206.251.244.0 -
    206.251.244.255
    M5-SECURITY-NETBLK-6 (NET-206-71-190-0-1) 206.71.190.0 - 206.71.190.255
    M5-SECURITY-NETBLK-8 (NET-207-158-30-0-1) 207.158.30.0 - 207.158.30.255
    M5-SECURITY-NETBLK-9 (NET-207-158-52-0-1) 207.158.52.0 - 207.158.52.255

    All this info was obtained using standard WHOIS queries against
    whois.arin.net. WHOIS is your friend; I recommend anyone unfamiliar with
    it learn how to use it. The ARIN WHOIS help page may be obtained by
    executing:

    whois -h whois.arin.net '?'

    Unfortunately, best I can tell, M5 Hosting does not run an rwhois
    (Referral WHOIS) server, nor do they appear--best I can tell--to SWIP
    their address sub-allocations, so I cannot determine the Evony
    addresses. Someone else may know how to get more granular address
    information from M5; I do not--sorry.

    There are other excellent sources of address assignment information,
    including BGP (query through LookingGlass servers). Someone else may
    know of better ones; if so, please post the info!

    I hope this helps a bit!


    --
    David Bivens/VABC Information Security

Similar Threads

  1. sitecom 300N wireless & url block
    By Menestrello in forum alt.comp.networking.routers
    Replies: 2
    Last Post: 08-12-10, 04:31 AM
  2. Replies: 0
    Last Post: 03-17-09, 10:18 AM
  3. Buy Trend Micro Internet Security Pro Receive H&R Block TaxCutPremium Free!!
    By tgyuyy9832564@pchome.com.tw in forum alt.internet.wireless
    Replies: 0
    Last Post: 03-16-09, 02:25 PM
  4. Soo...I buy all this block for a small retaining wall....
    By downhill in forum General Discussion Board
    Replies: 27
    Last Post: 08-03-07, 05:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •