diff --git a/README.md b/README.md index 75d1c8a..449738b 100755 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ are available in one of the list. The list can be globally enabled or disabled i - [lists/ipv6-linklocal](ipv6-linklocal) - IPv6 link local prefix - [lists/microsoft](lists/microsoft) - known microsoft domains - [lists/microsoft-office365](lists/microsoft-office365) - known Office 365 URLs and IP address ranges +- [lists/microsoft-office365-cn](lists/microsoft-office365-cn) - known Office 365 IP address ranges in China - [lists/multicast](lists/multicast) - known IPv4 multicast CIDR blocks - [lists/public-dns-v4](lists/public-dns-v4) - IPv4 addresses and reverse of public DNS resolver - [lists/public-dns-v6](lists/public-dns-v6) - IPv6 addresses and reverse of public DNS resolver diff --git a/lists/microsoft-office365-cn/list.json b/lists/microsoft-office365-cn/list.json new file mode 100644 index 0000000..35caf0e --- /dev/null +++ b/lists/microsoft-office365-cn/list.json @@ -0,0 +1,86 @@ +{ + "type": "cidr", + "name": "List of known Office 365 IP address ranges in China", + "list": [ + "139.217.0.0/19", + "139.217.128.0/19", + "139.217.160.0/26", + "139.217.160.128/28", + "139.217.160.64/27", + "139.217.161.0/24", + "139.217.162.0/24", + "139.217.192.0/20", + "139.217.32.0/24", + "139.217.40.0/27", + "139.217.40.32/28", + "139.219.0.0/20", + "139.219.128.0/20", + "139.219.160.0/19", + "139.219.192.0/19", + "139.219.224.0/20", + "139.219.240.0/24", + "139.219.241.0/24", + "139.219.242.0/23", + "139.219.244.0/22", + "139.219.32.0/19", + "139.219.64.0/18", + "40.125.128.0/17", + "40.126.88.0/28", + "40.126.88.128/25", + "40.126.88.16/28", + "40.126.88.32/27", + "40.126.88.64/28", + "40.126.88.80/28", + "40.126.88.96/27", + "40.126.89.0/24", + "40.126.90.0/23", + "40.126.92.0/22", + "40.126.96.0/19", + "40.72.127.0/27", + "40.72.128.0/24", + "40.72.136.0/21", + "40.72.144.0/20", + "40.72.160.0/21", + "40.72.192.0/28", + "40.72.192.16/28", + "40.72.192.48/28", + "40.72.193.0/27", + "40.72.224.0/20", + "40.72.64.0/27", + "42.159.0.0/26", + "42.159.0.144/28", + "42.159.129.0/24", + "42.159.130.0/26", + "42.159.130.144/28", + "42.159.132.0/22", + "42.159.136.0/22", + "42.159.140.0/26", + "42.159.140.96/27", + "42.159.141.0/24", + "42.159.142.0/23", + "42.159.144.0/20", + "42.159.16.0/26", + "42.159.16.96/27", + "42.159.17.0/24", + "42.159.18.0/23", + "42.159.192.0/20", + "42.159.20.0/22", + "42.159.208.0/27", + "42.159.208.32/28", + "42.159.208.64/26", + "42.159.224.0/19", + "42.159.24.0/21", + "42.159.4.0/22", + "42.159.65.0/25", + "42.159.8.0/21", + "42.159.80.0/20", + "42.159.96.0/19" + ], + "description": "Office 365 IP address ranges in China", + "matching_attributes": [ + "ip-src", + "ip-dst", + "domain|ip" + ], + "version": 20171229 +} diff --git a/tools/generate-office365-cn.py b/tools/generate-office365-cn.py new file mode 100755 index 0000000..fbb48f9 --- /dev/null +++ b/tools/generate-office365-cn.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +import requests +import xml.etree.ElementTree as ET +import json +import datetime + +url = 'https://download.microsoft.com/download/3/5/3/353F871C-5CF8-4CF8-8A76-6A88D9CA1ABE/PublicIPs_MC_20171211.xml' +r = requests.get(url) +office365 = ET.fromstring(r.text) +l = [] +for region in office365.iter('Region'): + for subnet in region.iter('IpRange'): + l.append(subnet.get('Subnet')) + +warninglist = {} +warninglist['name'] = 'List of known Office 365 IP address ranges in China' +warninglist['version'] = int(datetime.date.today().strftime('%Y%m%d')) +warninglist['description'] = 'Office 365 IP address ranges in China' +warninglist['list'] = sorted(set(l)) +warninglist['matching_attributes'] = ["ip-src", "ip-dst", "domain|ip"] +warninglist['type'] = 'cidr' + +print(json.dumps(warninglist))