A few more published IP address ranges:
Code:# BlueCoat
216.52.23.0/24
# Lightspeed Systems Security
69.84.207.128/25
# Cyberpatrol
38.103.17.160/27
# Cyveillance
38.100.19.8/29
# urlfilterdb
207.210.99.32/29
Printable View
A few more published IP address ranges:
Code:# BlueCoat
216.52.23.0/24
# Lightspeed Systems Security
69.84.207.128/25
# Cyberpatrol
38.103.17.160/27
# Cyveillance
38.100.19.8/29
# urlfilterdb
207.210.99.32/29
Couple more ranges to consider.
Update - 66.113.96.* belongs to these guys below, not websense as I had them listed before.Quote:
websense-in.car1.sandiego1.level3.net
4.53.120.22
Quote:
#Internet Identity - Anti-Phishing
deny from 66.113.96.0/20
deny from 70.35.113.192/27
Possibly bluecoat too:Quote:
#Bluecoat
deny from 8.21.4.254
deny from 65.160.238.176/28
deny from 85.92.222.0/24
deny from 216.52.23.0/24
deny from 206.51.36.0/22
Quote:
deny from 65.46.48.192/30
Quote:
#Lightspeed Technologies
#security.lightspeedsystems.com
deny from 66.17.15.128/26
deny from 69.84.207.32/27
deny from 69.84.207.128/25
Quote:
#Ironport
deny from 204.15.80.0/22
Quote:
#Phish-Inspector.com
#deny from 209.147.127.219
deny from 209.147.127.208/28
Quote:
#McAfee-Secure-Computing
deny from 192.55.214.0/24
deny from 207.67.117.0/24
deny from 69.48.241.64/26
deny from 80.66.0.0/19
Some ranges are from the Bluetack db , some are from here, most are from my logs.Quote:
#cyveillance
deny from 38.100.19.8/29
deny from 38.100.21.0/24
deny from 38.100.41.64/26
deny from 38.105.71.0/25
deny from 38.105.83.0/27
deny from 38.112.21.140/30
deny from 38.118.42.32/29
deny from 65.213.208.128/27
deny from 65.222.176.96/27
deny from 65.222.185.72/29
More later.. :)
busting the ten char limitQuote:
#M86
deny from 67.192.231.224/29
deny from 208.90.236.0/22
The article below has some good info on blocking proxy scripts...
Bypassing this kind of proxy blocking will need a different approach, especially when it's able to detect a proxy script with obfuscated source code. (the target in the article is a proxy site from Peacefire)
More randomised obfuscation required maybe ? :DCode:Block Proxy / Anonymizer / PHProxy / Glype with DansGuardian & IPCop
www.zerosignal.co.uk/2010/05/block-proxy-anonymizer-phproxy-glype-with-dansguardian-ipcop/
Quote:
Now when I try and access an anonymizer that I hadn't previously blocked, I am presented with the DansGuardian block page. One week after inserting these rules I've not needed to block any more anonymizers... Until the script is modified of course
Two more IP ranges for Cyveillance:
- 38.104.57.28/30
- 38.127.197.64/26
I'm working on a new proxy abuse list, will let you guys know when it's available.
Here's another:
# Rulespace (http://rulespace.com/)
# 207.189.121.44
# Hosted at ViaWest
207.189.96.0/19
thanks for that! I presume should only block # Rulespace (Welcome to RuleSpace)Quote:
Originally Posted by Will.Spencer
# 207.189.121.44, not the whole of ViaWest? ta
I'm testing now with blocking all hosting centers.
Here's another range for Bluecoat Systems.
Quote:
#Bluecoat
199.19.248.0/21
One more:
Code:# ParetoLogic (http://www.paretologic.com/)
#66.38.130.192 - 66.38.130.223
66.38.130.192/27