Country-Specific IP Address Question

Are there specific IP ranges that are assigned to addresses in Afghanistan, Pakistan, Libya, Jordan, the Palestine, Iran, and Iraq? I know that assignment does not work that way specifically in most cases, but in many cases Korean and Chinese addresses all fall within a broad range or ranges. Is there any real way to find this out?

And yes, I know that Afghanistan has essentially “banned” the Internet. But they still must have ranges assigned to them, right?

Allocation of IP addresses seems to be specified by rfc 2050. You can read the whole thing (and its a page turner!) here:

The quick answer appears to be “sort of”. The hierarchy of assigners is IANA, Regional IRs, Local IRs. “Regional” means “continetal” in this context. The Regional IRs assign blocks to the local IRs. To quote the RFC again: “These areas [local irs] are usually of national dimensions.” The blocks assigned to local IRs in, say, China would only be assigned to organisations in China. One could probably find all the blocks assigned to all local IRs in the countries you list.

I might be able to provide more information if I knew, more specifically, what you were asking for.

My real question is: Is it possible to “ban” all IP’s from a country or countries from coming to one’s website? Not that I’m planning on doing this, but as I was pondering past cyberwarfare events (like East Timor et al), I was wondering if this sort of thing would be possible, especially with the smaller, late-to-come-to-the-Net countries. This sort of information warfare could have a profound effect. Of course, there are always ways around it, but it would greatly inconvenience popular and business use, I imagine. For example - if you could only connect to the Net via Canadian ISPs, you could do it, but it sure wouldn’t be as easy as dialing locally.

As bashere points out, IP addresses are assigned in blocks by the Regional Internet Registrars (RIRs) The RIR that has responsibility for Afganistan is the Asia Pacific Network Information Centre (APNIC) According to this document They have not assigned any blocks of IP address space to Afganistan. (Afganistan’s country code is AF)

Strangely enough, the domain name (Which one would expect to be Afganistan’s Network Information Centre if one exists) resolves to, which is part of an address blocked owned by NetBenifit PLC (, a domain registrar in London. Most likely, they have been authorized by someone (Afganistan?, the IANA?) to register .af domains. A quick glance of thier website doesn’t indicate that that actually offer .af domains for sale though.

To a point, yes it would be possible. Most firewalls (and switches and routers) allow you to specify that you want to drop traffic from whatever address ranges you like. So one could use lists like the one I linked to above to block all of the address ranges assigned to a particular country. You would just have to properly configure the firewall (or whatever network device is “upstream” from your webserver) to block the undesired addresses. This could event be done in theory on a much larger scale by the tier-one ISPs at the backbone routers if it was desired to shut off a particular county from the net entirely.

I’m sorry, my question may be misunderstood. I already know how to block the IP ranges on my firewalls, and in fact I block about 1% of the entire Internet right now. My question really is only concerning with the allocation density, and placement, relative to countries if I was thinking of cyberwarfare scenarios (in my head, only). It seems that I have a couple of good answers, thanks to bashere and MinkMan. Thank you guys for the pointers.