cross-posted from: https://lemmy.world/post/46304716
We’re currently implementing additional security controls for our hosting platform, and one of the biggest challenges we’re encountering involves customers connecting over mobile networks. As users move between towers or regions they are frequently assigned different IP addresses within very short timeframes, which complicates IP-based allow-listing.
Is there a reliable way to obtain and maintain up-to-date CIDR ranges for major mobile providers such as AT&T, Verizon, and T-Mobile?
For reference, we currently use this from Starlink that provides a public feed of their IP space.
To the best of my knowledge there’s not a publicly available list for most of the providers, but I’m also not sure why you would even want/need one? Like, what’s the threat you’re trying to mitigate by allow/blocklisting arbitrary mobile network vendors?
The major one is botnets through compromised IPTV devices using these networks. We have a pretty small set of users ~4k but some cannot get service without satellite so they use these networks. We can’t distinguish if these are compromised devices from our competitors (or in our problem case, a mobile user from 5 states away brute-forcing services). The ARIN data is very inconsistent and most of them don’t add the local region.
I guess we’ll have to refactor with geo-location. Just wondering if there was an easier way out :P
