QuickTip : Automatically building IP lists for whitelisting?

Valkyrie Studios
Feb 24, 2018 · 2 min read

Automation is in our blood here at Valkyrie, and we like to take this to certain extremes sometimes. A couple of days ago we were doing some development for a couple of integrations at a client of ours. Their system integrates with several external parties such as Twitter, Foursquare, etc.

They rely heavily on webhook communication coming from those parties to keep their data up-to-date.

The thing is that there is a certain level of security already available through signature and token verification. But we were thinking about an added level of security in the form of whitelisting IP addresses ( both single IP’s and ranges of IP’s (CIDR).

Problem : Static lists would get out of date pretty fast

As soon as we started to think about creating these lists, we realized that even with CIDR notation, these large tech firms would outgrow those lists pretty soon.

So we needed a way to keep these lists up to date without much hassle.

Solution : Whois in combination with ASN numbers

whois?

Everyone who’s done a little bit of system/network administration will know that you can retrieve a massive amount of information about a company/web address/ip address through the whois service.

Whois can be regarded as an entity of trust, service and innovation. And was founded by ICANN : The internet corporation for assigned names and numbers (https://whois.icann.org/en/history-whois)

ASN?

An AS number (Autonomous System number) can be compared to a company registration number and identifies an online entity and all of it’s connected IP routing prefixes. Read the following article on wikipedia to find out more about this.

Combining those

After doing some digging about combining those, we came up with the following command to get whois information about the IP addresses and CIDR ranges that belong to a certain service.

Replace the XXXXX with the AS number of the service that you want to retrieve the IP and CIDR ranges for
Example output for Twitter Inc. (AS13414). PS : The list continues

Q: How do I retrieve the AS number of an entity?

There are multiple ways of retrieving the AS number, the one that we used was through the following online service : ASN Lookup Tool

Q: How would I automate this?

The output of this command still needs to be sanitized a little bit, but after you’ve done this, you could feed it into for example iptables. That’s a task I’ll let you do :)

Valkyrie Studios

Written by

A web/digital agency focussing on delivering friendly and user-centered experiences that are hyper scalable. — www.valkyriestudios.be

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade