Few weeks ago a client asked me to block access to Facebook on his Cisco router (800 series)
surely there are several ways to do it as we all know there is more than one way to skin a cat

well one way to do it is using a static route .

First, lets find out facebook’s ip address by pinging it:

exploit ~# ping -c1 facebook.com
PING facebook.com (69.63.181.11) 56(84) bytes of data.
64 bytes from www-10-01-snc2.facebook.com (69.63.181.11): icmp_seq=1 ttl=241 time=267 ms

if you ping facebook more than once you will notice the IP is changing .

Let’s find Facebook’s IP range…

We can use the whois command on linux or use an online tool such as All NetTools

exploit ~# whois 69.63.181.11 | grep -E "CIDR|NetRange"
NetRange:   69.63.176.0 - 69.63.191.255
CIDR:       69.63.176.0/20

On your Cisco just execute the following commands:

Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#ip route 69.63.176.0 255.255.240.0 Null0

That’s all folks…