This web page no longer works. My kids have moved out and no longer play Fortnite. The page remains as a historical document.

IP addresses of Fortnite servers

Kids addicted to Fortnite/Twitch?

There are typically three ways to restrict network apps:

with parental control software like Windows Family Features or Norton Family that runs directly on the device (phone/computer). These let you set very specific time rules, app restrictions, and so on.
with the DNS server (e.g., "*.epicgames.com"). Check out on-prem pi-hole and cloud-based OpenDNS.
at the network router/firewall.
Firewalls are not equal. They may all have a convenient "Fortnite" category, but how they identify and block that traffic varies:
1. most consumer-grade broadband routers/firewalls use DNS snooping, which has similar pros/cons to the DNS server approach described above.
2. more expensive, enterprise-grade firewalls can inspect the TLS "Server Name Indicator" or "SNI" (e.g., CN's *.ol.epicgames.com, *.ak.epicgames.com, *.epicgames.com). SNI is included in cleartext at the start of most TLS encryption exchanges. In 2019, SNI is a very effective technique. There is talk about encrypting SNI, but that is many years away from reality.
3. all firewalls can also block by IP address, but this is impractical since IP addresses are hard to pin down, often change, and apps like Fortnite use thousands of them. If only there were a way to dynamically track IPs...

This approach

I want to block by IP address. This is partly because I have a bad firewall. But it's mostly because I'm concerned with the firewall industry's reliance on DNS and the resulting rush to enable DNS encryption. I believe the future of network-layer security lies with IP address reputation lists, and I want to see if filtering by IP is practical.

So, as my kid plays fortnite, I retroactively poll the TLS certificate information from every IP address he visits. These certificates often identify the web site:

centos:/usr/local/webview/plugins# curl --silent --insecure --connect-timeout 3 --max-time 5 -vI https://52.73.217.39
* About to connect() to 52.73.217.39 port 443 (#0)
*   Trying 52.73.217.39... connected
* Connected to 52.73.217.39 (52.73.217.39) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-SHA
* Server certificate:
*        subject: CN=*.ol.epicgames.com
*        start date: 2019-02-27 00:00:00 GMT
*        expire date: 2020-03-27 12:00:00 GMT
*        common name: *.ol.epicgames.com (does not match '52.73.217.39')
*        issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*        SSL certificate verify ok.

The more he plays, the more IP address reputation info I have! And that's the data you can get from the links at top.

Effectiveness?

The accuracy of such lists depends on the app. E.g., this Fortnite list is never 100% complete, but the game is so chatty and widespread that it's impossible to play without hitting at least some of the IPs I'm tracking, and that's enough to thwart most usage.

There's no need to keep your copy of this list super-fresh. I download a new copy into my router about every ~6 months and it's been working well. Of course, if you can automate that process, more power to you!

Also, rather than block the traffic outright, I find that policing or shaping it down to a suitably low amount of bandwidth is more effective. By restricting its bandwidth, the game is allowed to start but is sluggish and unplayable. When a game is outright blocked, it may fall back on trying a different server or port number to connect.