Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
865 Views 2 Replies Latest reply: Nov 29, 2012 2:09 AM by asabban RSS
clausonna Newcomer 18 posts since
Nov 11, 2009
Currently Being Moderated

Nov 28, 2012 11:19 AM

Security Risks of category 'Residential IP' - block or coach?

Hi folks,

 

I'm looking for some feedback on the 'Residential IP' category.  I've had a bunch of requests from my users for legitimate business sites that are hosted at ISP's that are typically used for consumers/residential networks (e.g. Qwest.)  The sites seem to have static IP addresses, though, which makes me think the sites are just using a Business-class DSL circuit.

 

So - in general does the community feel that the risks associated with allowed connections to Residential IP's are significant?  Should I move from outright blocking to Coaching?  Should I whitelist the sites ad-hoc?  I assume asking TrustedSource.org to reclassify the sites won't work, since the IP subnets in question technically are residential.

 

Thanks!

  • btlyric Apprentice 184 posts since
    Aug 1, 2012

    In the case of Qwest, many of their netblocks that are categorized as Residential IPs are actually Akamai content servers with IPs that resolve back to addresses with the syntax of 63-235-20-2.dia.static.qwest.net.

     

    This includes, but is not limited to, chunks of space in these netblocks:

     

    OrgName                                   org location             NetName                     NetHandle                       NetRange

    AKAMAI TECHNOLOGIES INC (Dallas, TX, US)        Q0127-216-206-30-0 (NET-216-206-30-0-1)     216.206.30.0 - 216.206.30.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0414-65-121-208-0 (NET-65-121-208-0-1)     65.121.208.0 - 65.121.209.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0511-63-233-126-0 (NET-63-233-126-0-1)     63.233.126.0 - 63.233.126.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0512-63-233-112-0 (NET-63-233-112-0-1)     63.233.112.0 - 63.233.112.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0601-216-207-37-0 (NET-216-207-37-0-1)     216.207.37.0 - 216.207.37.127

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0607-204-132-142-0 (NET-204-132-142-0-1)     204.132.142.0 - 204.132.143.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0608-63-151-118-0 (NET-63-151-118-0-1)     63.151.118.0 - 63.151.119.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0613-208-44-255-0 (NET-208-44-255-0-1)     208.44.255.0 - 208.44.255.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0614-216-206-89-0 (NET-216-206-89-0-1)     216.206.89.0 - 216.206.89.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0614-65-112-54-0 (NET-65-112-54-0-1)         65.112.54.0 - 65.112.54.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0617-63-144-98-240 (NET-63-144-98-240-1)   63.144.98.240 - 63.144.98.247

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0723-65-126-84-0 (NET-65-126-84-0-1)         65.126.84.0 - 65.126.84.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0805-72-164-7-0 (NET-72-164-7-0-1)         72.164.7.0 - 72.164.7.127

    AKAMAI TECHNOLOGIES INC     (Dallas, TX, US)     Q0809-63-233-92-0 (NET-63-233-92-0-1)       63.233.92.0 - 63.233.92.127

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0901-63-150-131-0 (NET-63-150-131-0-1)     63.150.131.0 - 63.150.131.255

    AKAMAI TECHNOLOGIES INC     (Dallas, TX, US)     Q0914-63-235-20-0 (NET-63-235-20-0-1)         63.235.20.0 - 63.235.21.255

    AKAMAI TECHNOLOGIES INC        (San Jose, CA, US)  Q0916-63-235-28-0 (NET-63-235-28-0-1)       63.235.28.0 - 63.235.29.255

    Akamai Technologies, Inc.     (Cambridge, MA, US) Q0929-65-120-60-0 (NET-65-120-60-0-1)       65.120.60.0 - 65.120.60.255

    Akamai International B.V.    (Cambridge, MA, US) ORG-AIB6-RIPE                                 213.248.117.0 - 213.248.117.255

     

    twtelecom.net also has chunks that get tagged as Residential IP addresses.

     

    The problem with whitelisting is that I believe that you lose your reputation checking.

     

    An advantage to Coaching is that it returns control to the users and the extra step may serve to prevent infected systems from phoning home.

     

    TrustedSource is pretty good about recategorizing sites if they get the right info. Unfortunately, you have to submit each IP address.

  • asabban McAfee SME 1,357 posts since
    Nov 3, 2009

    Hello,

     

    one problem with blocking/coaching such contents is that you may have problems with "embedded" objects. If a user accesses a website which has coaching configured he is fine by clicking the button, but especially such servers as listed above are used to load content such as images, media files or similar into other legit websites. In this case the embedded object may not show up and as a user you won't notice that there is a coaching page you may click to proceed. I know from a different customer that he has enabled residental IP addresses and allows access. If you allow the category you still have Web reputation, media type filter and AV to protect you - however I can't make a recommendation, it is up to you to decide.

     

    Best,

    Andre

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points