Cell Tower IP Address Blocks

Question

I am thinking of creating an app that only allows users connected via a cell tower. Are there IP ranges that are only used by cell towers?

I realize that it may be a 'moving target', but does anyone know of a list of the current blocks (like black lists for spammers).

I do not want to rely on headers as they can be spoofed. IP address seems to be the only true way of identifying the client is on a cell network via IP.

How addresses are assigned by an organization is up to that organization. Say you figure out it out today, it could be different tomorrow. — Zoredache, Jun 07 '12 at 18:43
Seriously, telling people to use "secure networks" because you don't want to properly encrypt communication sounds plain wrong to me. — thejh, Jun 07 '12 at 19:32

score 3 · Answer 1 · edited Oct 07 '21 at 06:47

3

Which address? The address assigned to a phone or {3,4}G modem can be an RFC 1918 address, an unused public address, or even an IPv6 address which is proxied to v4. These typically sit behind some sort of NAT or proxy device so if you're checking the address from the server end you might be able to use a simple reverse DNS lookup or an ISP database.

To complicate matters further a lot of devices (e.g. my wife's phone) can act as an access point including another NAT layer. What happens when she tethers her iPad to her phone via 3G?

edited Oct 07 '21 at 06:47

Community

1

answered Jun 07 '12 at 18:49

Gerald Combs

6,441
25
35

the second part of your statemnt throws more of a damper on my hope for this implementation. thanks for the reminder... – roberthuttinger Jun 07 '12 at 18:52

score 2 · Answer 2 · answered Jun 07 '12 at 18:47

There's no such thing as "cell tower IP ranges," especially since that cell tower could be on any provider, on any tower, or even WiFi in some cases. The point is, you should never NEED to rely on this information.

If you want to display a mobile version of the site to visitors, parse the user agent string to figure this out. If a user spoofs their information and views a non-mobile friendly version, then that user is a power user and can do whatever he or she wants. Otherwise, there is zero reason to restrict anything based on their IP.

score 1 · Answer 3 · answered Jun 07 '12 at 18:42

1

Yes, but you'd have to identify the netblock for every cellular provider you wish you allow. A better way would be to code your phone application to detect for data connectivity without a WiFi AP being associated.

answered Jun 07 '12 at 18:42

jfalcon aka Don Fanning

346
1
8

it is a web based app. I cant rely on headers as they can be spoofed... – roberthuttinger Jun 07 '12 at 18:44
Then you need to code based on the User Agent String. – jfalcon aka Don Fanning Jun 07 '12 at 18:46
Why the insistence on using mobile data? It costs everyone more and is slower? How would that be a good user experience? – jfalcon aka Don Fanning Jun 07 '12 at 18:48
in this case it isnt about UX, its about being on a network that is more resistant to 'sniffing' if the user is using 3G rather than some Starbucks™ wifi hotspot – roberthuttinger Jun 07 '12 at 18:51
7

Hate to break it to you but even 3G/4G networks are susceptible to 'sniffing'. Look at OpenBTS/OpenBSC. It takes next to nothing to simulate a cell tower, disable all encryption on the phone and sniff everything across the 'wire'. If you're concern about 'sniffing' then you should utilize SSL between the browser and the site. – jfalcon aka Don Fanning Jun 07 '12 at 18:55
1

+1 @jfalcon : If you're worried about sniffing, use SSL. – mfinni Jun 07 '12 at 18:58
1

This is like a bank only allowing customers who bring their own armed guard. The bank should provide it so that it's invisible to the customers. – David Schwartz Jun 07 '12 at 23:02

Cell Tower IP Address Blocks

3 Answers3