IPs Owned by Microsoft?

Apparently Microsoft has done some shifting around of its IP infrastructure
related to the Windows Update facility, and rules that worked automatically
before now break. I wanted to find out if the range 64.4.0.0 - 64.4.63.255
which is owned by Microsoft is all dedicated to Windows Update. If not,
does anyone happen to know what range of Microsoft IPs I can safely clear
through firewall rules for access to Windows Update?

--
Will


Whois 64.4.4.4 shows:


OrgName: MS Hotmail
OrgID: MSHOTM
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 64.4.0.0 - 64.4.63.255
CIDR: 64.4.0.0/18
NetName: HOTMAIL
NetHandle: NET-64-4-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
NameServer: NS5.MSFT.NET

Re: IPs Owned by Microsoft?

Post removed (X-No-Archive: yes)

Re: IPs Owned by Microsoft?

"Sebastian Gottschalk" wrote in message
news:50ocjrF1gpvftU1@mid.dfncis.de...
> Will wrote:
>
> > Apparently Microsoft has done some shifting around of its IP
infrastructure
> > related to the Windows Update facility, and rules that worked
automatically
> > before now break. I wanted to find out if the range 64.4.0.0 -
64.4.63.255
> > which is owned by Microsoft is all dedicated to Windows Update. If
not,
> > does anyone happen to know what range of Microsoft IPs I can safely
clear
> > through firewall rules for access to Windows Update?
>
> Speak after me: PROXY FIREWALL

We have 20+ network segments and three levels of firewalls. Probably I
don't need that advice. :)

I still have the question I originally asked.

--
Will

Re: IPs Owned by Microsoft?

Post removed (X-No-Archive: yes)

Re: IPs Owned by Microsoft?

"Sebastian Gottschalk" wrote in message
news:50p7e2F1gpjkiU1@mid.dfncis.de...
> I've never seen any firewall implementation that resolves DNS hostnames at
> runtime and registers for receiving DNS updates or reissues requests after
> TTL timeout.
>
> And even if you had such an implementation, Microsoft does DNS round-robin
> and various other kinds of load-balancing so your apporach would be pretty
> fruitless.

I don't have any requirement to resolve DNS. Maybe you read something
additional into my original question that I didn't intend to be there.

I am asking what block of IP addresses in the 64.4.0.0 Class C does
Microsoft use for Windows update. I'm doing this so that the firewall
rule will allow access to a certain class of machines on any of those IPs.
On machines that live on one of our DMZs, no outbound IP is allowed by
default, on any port. For Windows Update, we want to authorize outbound
http/https to a limited number of IPs, and I'm just trying to identify the
IPs in this range, whose reverse DNS don't appear to all point to Microsoft.

It doesn't matter that Microsoft round robins to different IPs in this
block. I just want to know what the block is.


> (And you need to fix your quoting. Probably it might be better to not
abuse
> OE as a newsreader.)

Unfortunately, too many posts up already, archived in the evil Microsoft
newsreader, so I'm anchored to it, reluctantly.

--
Will

Re: IPs Owned by Microsoft?

Post removed (X-No-Archive: yes)