Monday, May 23, 2011

Suppose I wanted to block facebook.

Suppose you have access to your firewall and you want to block Facebook.
Then you need to get their prefixes which you can find out their ASN.

You can find out their asn from traceroute:
$  traceroute -n -A
14 [AS3356]  630.713 ms  633.180 ms [AS3356]  629.633 ms
15 [AS3356]  578.959 ms  580.703 ms  579.624 ms
16 [AS32934/AS10753]  577.604 ms  557.247 ms  636.807 ms
17 [AS32934]  633.454 ms [AS32934]  602.556 ms  603.583 ms
18 [AS32934]  634.461 ms [AS32934]  634.431 ms [AS32934]  702.079 ms
19 [AS32934/AS10753]  701.423 ms  700.644 ms  700.937 ms
Which you can verify with tools such as these
$ dig +short TXT
"32934 | US | arin | 2004-08-24 | FACEBOOK - Facebook, Inc."
Then you'd get their prefixes using a lookup service
$ lynx --dump 2>&1 | grep AS32934
   IPv4 Prefixes seen at AS32934:       [AS32934]
     2620:0:1c00::/40     [AS32934]      [AS32934]      [AS32934]      [AS32934]      [AS32934]      [AS32934]      [AS32934]      [AS32934]       [AS32934]       [AS32934]       [AS32934]
You can then feed the prefixes into your firewall.
Of course, If I was a determined user, I could use any of the free proxies out there rendering this whole post moot (DPI anyone?).

No comments:

Post a Comment