Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
AWS, digitalocean, scaleway all subnets blocking iptables

####SIBIT - / Germany

get by known AWS ip the originAS for whole AWS network

whois | grep "OriginAS"

you would get in the output originAS like

OriginAS: AS16509 #--> AWs ripe ORIGIN

for known OriginAS you can list all subnets now

whois -h -- '-i origin AS16509' | grep 'route:'

info: this output is not unique , you would see list of ip from same beginning ips

better Output for iptables and limit ips to /16 subnet

AS16509 AWS origin Subnets

whois -h -- '-i origin AS16509' | grep 'route:' | awk '{print $2}' | awk -F '.' '{print $1"."$2".0.0/16"}' | sort -n | uniq

AS13335 Digitalocean origin subnets

whois -h -- '-i origin AS13335' | grep 'route:' | awk '{print $2}' | awk -F '.' '{print $1"."$2".0.0/16"}' | sort -n | uniq

AS12876 scaleway origin subnets

whois -h -- '-i origin AS12876' | grep 'route:' | awk '{print $2}' | awk -F '.' '{print $1"."$2".0.0/16"}' | sort -n | uniq

AS8075 Microsoft azure origin subnets

whois -h -- '-i origin AS8075' | grep 'route:' | awk '{print $2}' | awk -F '.' '{print $1"."$2".0.0/16"}' | sort -n | uniq

play this output to your iptable to block whole AWS subnets
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment