Posted on

IPv6 Bogons in Compressed and Decompressed CIDR format

IN addition to our IPv6 network by country ACLs, we are now also offering IPv6 bogon lists. These lists will include all IPv6 reserved and available networks (not allocated or assigned).

The IPv6 bogons are available as compressed or decompressed in CIDR format. These lists are updated every four hours and made available to you currently free of charge.

You may access all of our bogon lists on our Download an Access Control List to Block or Allow Bogons page.

While using our free data, why not consider purchasing a monthly or annual license? A licensed version will get you the most accurate data.

Posted on

IPv6 Networks in Access Control Lists

Country IP Blocks has just released our beta version of IPv6 by country database. As IPv4 addresses are technically exhausted, IPv6 addressing is coming in to vogue.

We are currently in phase one of our IPv6 ACL release. While the data is accurate, we still consider phase one as a testing phase. In phase one we are offering IPv6 addresses that are updated every four hours. This data will initially be offered as a free service to our licensed and unlicensed website users.

Initially, our IPv6 data will only be offered in three formats: Apache .htaccess Deny, Apache .htaccess Allow and CIDR.

We look forward to hearing your comments.

Posted on

Aggregating IP Networks for More Efficient Access Control Lists

When it comes to network security and specifically the use of Access Control Lists, Network Managers, IT Managers and those managing inbound access can have their hands full when they create ACLs containing large amounts of data. For example, if you created an ACL to allow only the US and Canada the list may contain close to 80,000 networks. This requires 80,000 lines in your ACL.

Large ACLs may become unruly, cumbersome and difficult to manage. They also can be a drain on hardware and software resources, taxing memory while overloading some firewalls. Aggregation is the solution.

Aggregating these IP ranges offers an excellent remedy to this problem. Aggregation is an excellent solution to reducing the size of large Access Control Lists.

Network Aggregation is not a summary of networks within your ACL. Network Aggregation is a method used to consolidate your Access Control Lists. It accomplishes this by combining contiguous networks within your Access Control Lists into as many larger network ranges as possible. After consolidation, the result is then converted into valid IP networks.

For example, if you had the following two networks: 192.168.0.0/24 and 192.168.1.0/24 you could aggregate them and the result would be 192.168.0.0/23.

Aggregating the US and Canadian networks currently reduces the size of your Access Control Lists by 71%, while still maintaining the exact same number of IP addresses.

Another excellent example of the power of aggregation is the networks assigned to Italy. As of today, April 10, 2019, Italy has 171,995 networks assigned (more if you look at network reassignments and further subnetting). Imagine working with an Access Control List containing this many lines. If you aggregate these networks you can reduce the size of your ACL by 96.9% or to 5,325 lines. An incredible improvement.

Currently, Country IP Blocks includes our Aggregation Module with new license purchases.

Make your network security more efficient by using aggregation.

Posted on

OFAC Access Control Lists

We are pleased to announce that we are offering free OFAC Access Control Lists, based on OFAC’s Sanctions Programs and Country Information. Unlicensed users will have access to data that is at least 90 days old. Our licensed users will have access to data that is no more than four hours old.

While we are currently offering this data free for licensed and unlicensed users, the data will eventually require a separate license and may be removed from unlicensed access. This is due to additional staff hours to complete the extra work involved in maintaining the OFAC lists.

OFAC list users will be able to select lists including countries with comprehensive sanction, related sanctions or both. The free selections are located here: Create an Access Control List to Block OFAC Sanctioned Countries. Licensed users will find the webform in their control l=panel under the Access Control Lists navigation.

We will base our country selections on OFAC’s page:
Sanctions Programs and Country Information

We will maintain our OFAC ACLs based on OFACs regular updates to their sanctions programs. We recommend you check back often for changes.

Country IP Blocks updates their Country Network database at least every four hours for licensed users. Therefore, data is subject to change frequently. You may purchase your licenses on our website.

Posted on

OFAC Countries with Comprehensive and Related Sanctions

OFAC stands for the Office of Foreign Asset Control.

Country IP Blocks has been working for years to develop an effective OFAC sanctions list. There are several hurdles we faced in order to be as comprehensive as possible. There are several issues related to the problem.

The first question we asked is “Where is OFAC’s Country List.” Here, according to their website, is the answer:

Where is OFAC’s Country List? What countries do I need to worry about in terms of U.S. sanctions?

The Office of Foreign Assets Control (OFAC) does not maintain a specific list of countries that U.S. persons cannot do business with. 

Here’s why:

U.S. sanctions programs vary in scope.  Some are broad-based and oriented geographically (i.e. Cuba, Iran).  Others are “targeted” (i.e. counter-terrorism, counter-narcotics) and focus on specific individuals and entities.  These programs may encompass broad prohibitions at the country level as well as targeted sanctions.  Due to the diversity among sanctions, we advise visiting the “Sanctions Programs and Country Information” page for information on a specific program.

OFAC’s Specially Designated Nationals and Blocked Persons List (“SDN List”) has approximately 6,300 names connected with sanctions targets.  OFAC also maintains other sanctions lists which have different associated prohibitions.

Many individuals and entities often move internationally and end up in locations where they would be least expected.  Accordingly, U.S. persons are prohibited from dealing with SDNs regardless of location and all SDN assets are blocked.  Entities that an SDN owns (defined as a direct or indirect ownership interest of 50% or more) are also blocked, regardless of whether that entity is separately named on the SDN List.

Because OFAC’s programs are dynamic, it is very important to check OFAC’s website regularly.  Ensuring that your sanctions lists are current and you have complete information regarding the latest relevant program restrictions is both a best practice and a critical part of your due diligence responsibility.

For additional information about sanctions and OFAC, please take a look at our Frequently Asked Questions

As a courtesy, Country IP Blocks is temporarily offering free OFAC ACLs.