cross-posted from: https://lemmy.world/post/46304716
We’re currently implementing additional security controls for our hosting platform, and one of the biggest challenges we’re encountering involves customers connecting over mobile networks. As users move between towers or regions they are frequently assigned different IP addresses within very short timeframes, which complicates IP-based allow-listing.
Is there a reliable way to obtain and maintain up-to-date CIDR ranges for major mobile providers such as AT&T, Verizon, and T-Mobile?
For reference, we currently use this from Starlink that provides a public feed of their IP space.
You must log in or # to comment.
To the best of my knowledge there’s not a publicly available list for most of the providers, but I’m also not sure why you would even want/need one? Like, what’s the threat you’re trying to mitigate by allow/blocklisting arbitrary mobile network vendors?
