[180648] in North American Network Operators' Group
Re: most accurate geo-IP source to build country-based access lists
daemon@ATHENA.MIT.EDU (Martin T)
Tue Jun 9 05:11:29 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <5575D436.60501@ispn.net>
Date: Tue, 9 Jun 2015 12:11:25 +0300
From: Martin T <m4rtntns@gmail.com>
To: blake@ispn.net, jmcc@hackwatch.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
John,
> At a brute force country level it is possible to use the Delegated
> ranges lists but that runs into the problem where IP ranges are
> subnetted and allocated to other countries.
Yeah.
In addition, to illustrate the point in my initial post, sometimes
inetnum objects contain more than one "country" attribute and only the
first country code is inserted into RIR delegated list. For example:
$ for deleg in $(wget -qO -
ftp://ftp.ripe.net/ripe/stats/delegated-ripencc-latest | grep ipv4 |
cut -d '|' -f 4 | tail -10000); do
> [[ $(whois -rh whois.ripe.net -T inetnum "$deleg") = *country:*country:* ]] && echo "$deleg"
> done
193.104.217.0
193.110.48.0
193.111.228.0
193.218.114.0
194.33.109.0
194.34.64.0
194.42.56.0
194.150.168.0
194.153.74.0
195.14.23.0
195.39.208.0
195.85.254.0
195.95.150.0
195.158.230.0
$
Blake,
> Have you thought about application layer tests - e.g. is the client's
> character set/language set to Swedish? Has the user identified
> himself/herself/henself as living in or being from Sweeden?
Unfortunately I need this on network layer, i.e. it should work for
other traffic besides HTTP/HTTPS.
Anyway, thanks for all the replies!
Martin
