Categories
Networking

The official Telegram CIDR list

If for whatever reason you have the need to reroute or block Telegram Messenger traffic, at some point, you would have come across an ASN list with a list of /22 IPv4 blocks and one or two /48 IPv6 blocks. If you’ve hastily based your firewall rules on that list, you’ll notice it works only intermittently. That’s because the list is incomplete. JTT got you covered and you have come to the right place! Below are the known CIDR used by the Telegram Messenger service:

Categories
Networking

Blocking active GFW probes

Based on the information from this blog post, a list of IPv4 blocks is identified as potential GFW active probes which, if allowed to scan your server for known services, may result in the GFW blocking access to your IP. If that happens, your IP will not be able to access anything behind the GFW, which can be a bummer.

Categories
Networking

My favorite Traceroute tool

Traceroute helps you quickly find out the network path and measure the transit delays of packets across the internet. The standard implementation displays only the IP or rDNS entries, which may not allow you to identify the geographic path at first glance.

Categories
Networking

Allow only Cloudflare CDN servers to your web servers

We love to use Cloudflare CDN because it improves latency and uptime, and the price is just right (free) for the starter pack.

Normally, a web server’s ports 80 and 443 would be opened to the public internet, with access restricted by selected IP ranges by either ASN or country, depending on what the administrator has configured. But if you are using Cloudflare’s CDN service, you can permit TCP 80/443 access only to their servers, and block all other incoming requests. You can then fine-tune access control using Cloudflare’s web application firewall. It would greatly reduce your web server’s attack surface.

Categories
Networking

Using your cloud instance as a proxy with Dante server

Let’s say you have a Cloud VM lying around with, it is entirely possible to turn it into a personal proxy for your internet traffic. It is probably not going to help you unlock region-protected content since services like Netflix and Hulu would probably have blocked the IP range operated by hosting service providers, but it may still be useful in cases where you need to get around your ISP’s slow network transit and peering issues.