Cisco IOS Time Based Access-List

Hi Ruby,

The time based access-list is basically the “poor man’s” solution to block access on routers. You can use access-lists only to filter on L3/L4 information (IP addresses, protocols and port numbers) so you can’t filter based on hostnames.

One way to get around this is to block all prefixes that belong to a certain AS. For example, facebook uses AS 32934. We can find their prefixes with whois:

$ whois -h whois.radb.net -- '-i origin AS32934' | grep 'route:'
route: 204.15.20.0/22
route: 69.63.176.0/20
route: 66.220.144.0/20
route: 66.220.144.0/21
route: 69.63.184.0/21
route: 69.63.176.0/21
route: 74.119.76.0/22
route: 69.171.255.0/24
route: 173.252.64.0/18
route: 69.171.224.0/19
route: 69.171.224.0/20
route: 103.4.96.0/22
route: 69.63.176.0/24
route: 173.252.64.0/19
route: 173.252.70.0/24
route: 31.13.64.0/18
route: 31.13.24.0/21
route: 66.220.152.0/21
route: 66.220.159.0/24
route: 69.171.239.0/24
route: 69.171.240.0/20
route: 31.13.64.0/19
route: 31.13.64.0/24
route: 31.13.65.0/24
route: 31.13.67.0/24
route: 31.13.68.0/24
route: 31.13.69.0/24
route: 31.13.70.0/24
route: 31.13.71.0/24
route: 31.13.72.0/24
route: 31.13.73.0/24
route: 31.13.74.0/24
route: 31.13.75.0/24
route: 31.13.76.0/24
route: 31.13.77.0/24
route: 31.13.96.0/19
route: 31.13.66.0/24
route: 173.252.96.0/19
route: 69.63.178.0/24
route: 31.13.78.0/24
route: 31.13.79.0/24
route: 31.13.80.0/24
route: 31.13.82.0/24
route: 31.13.83.0/24
route: 31.13.84.0/24
route: 31.13.85.0/24
route: 31.13.86.0/24
route: 31.13.87.0/24
route: 31.13.88.0/24
route: 31.13.89.0/24
route: 31.13.90.0/24
route: 31.13.91.0/24
route: 31.13.92.0/24
route: 31.13.93.0/24
route: 31.13.94.0/24
route: 31.13.95.0/24
route: 69.171.253.0/24
route: 69.63.186.0/24
route: 31.13.81.0/24
route: 179.60.192.0/22
route: 179.60.192.0/24
route: 179.60.193.0/24
route: 179.60.194.0/24
route: 179.60.195.0/24
route: 185.60.216.0/22
route: 45.64.40.0/22
route: 185.60.216.0/24
route: 185.60.217.0/24
route: 185.60.218.0/24
route: 185.60.219.0/24
route: 129.134.0.0/16
route: 157.240.0.0/16
route: 204.15.20.0/22
route: 69.63.176.0/20
route: 69.63.176.0/21
route: 69.63.184.0/21
route: 66.220.144.0/20
route: 69.63.176.0/20

You could create a script that fetches these prefixes and updates your access-list every now and then.

For some more “serious” security, we use firewalls. Some firewalls are able to inspect the application layer so we can drop traffic based on the URL, payload, etc.

Rene