Re: IPv4 country of origin
On Thu, 3 Oct 2002 [EMAIL PROTECTED] wrote: cruniching the data that says Of 10 sites that I saw this IP address access and provide a clearing for the credit card transaction, 9 ended up being within 3 miles radius of . Lets put a tag on that I would be REALLY interested to know how you measure mileage with IP. I tried 6 IPs with one of these locator services and one was off by over 2,000 miles, one by 150 miles and 2 by 10 miles. Again, majority of companies that have that data will not provide it to you for free. In a case of someone like Amazon, they probably wont measure mileage. Rather whey would flag transactions that make no geographic sense and pull them for separate processing. ALex
Re: IPv4 country of origin
Thus spake [EMAIL PROTECTED] Say I have about 10 /16's reachable through firewalls in SJC, RDU, SYD, and AMS. No traceroutes or pings can make it past these firewalls, nor do the hostnames indicate any particular location. How exactly do you plan on mapping these to a zip code, when I can tell you those addresses are fairly randomly spread, in /24 increments, to sites all over the world? It is very easy. Anyone would care about it only when users from those addreses interact with whatever the software that ends up creating those databases. If those users never buy stuff from Amazon.com, Amazon.com does not care where they are. But eh moment they do, somewhere someone is cruniching the data that says Of 10 sites that I saw this IP address access and provide a clearing for the credit card transaction, 9 ended up being within 3 miles radius of . Lets put a tag on that But Amazon already knows where I live, so why do they need an IP-to-address database? My physical location is irrelevant for load-balancing purposes -- topological location is what matters. If they want to sell me local products, they can do that by looking at the zip code on file for my shipping address. The neat thing about selling databases like that is nobody can ever prove how incredibly inaccurate they are. Just come up with a reasonable-sounding collection methodology and claim any counterexamples are just flukes, then collect money from the saps who believe you... The really neat things about talking to computer geeks is that they all operate with the lots of absolutes. They will explain to you why in a specific case it does not work and forget that those specific cases are usually exceptions. That's because we've dealt with too many business types who hype how well the general case works but ignore the exception cases that crash or corrupt your systems. P.S. So, ever bought stuff from Amazon from one of those IP addresses and sent it to some non-related location *just* to confuse the mapping systems? Not intentionally, but I work from a dozen different IPs, including ones from a pool located in a different state that is shared by 30k VPN users worldwide. I've also ordered stuff from IPs all over the world and shipped to various locations inside the US. I wonder where Amazon thinks I actually live, if they care. S
Re: IPv4 country of origin
databases. If those users never buy stuff from Amazon.com, Amazon.com does not care where they are. But eh moment they do, somewhere someone is cruniching the data that says Of 10 sites that I saw this IP address access and provide a clearing for the credit card transaction, 9 ended up being within 3 miles radius of . Lets put a tag on that But Amazon already knows where I live, so why do they need an IP-to-address database? My physical location is irrelevant for load-balancing purposes -- topological location is what matters. If they want to sell me local products, they can do that by looking at the zip code on file for my shipping address. Right, that's the point! Amazon, Double-Click and others that care about where the *user* is have ability to correlate the IP addresses to the location of the user rather closely, even if at *that* point the user is not interacting with the system where he or she is forced to give up his/hers address, *however* if over the period of 3 years Amazon determined that majority of the people whose orders were placed from IP 207.106.66.0/24 got those orders shipped somewhere in Philadelphia, and no one shipped anything to San Francisco, it can deduce that *geographically* 207.106.66.0/24 is likely to be in Philadelphia and not in San Francisco even if the hop before it resolves into .sfo. Does it mean that such database would be useful for the load-balancing purposes? I personally think it would not, since the geographical location is not linked to the location IP-wise, since IP does not really really on geography. The neat thing about selling databases like that is nobody can ever prove how incredibly inaccurate they are. Just come up with a reasonable-sounding collection methodology and claim any counterexamples are just flukes, then collect money from the saps who believe you... The really neat things about talking to computer geeks is that they all operate with the lots of absolutes. They will explain to you why in a specific case it does not work and forget that those specific cases are usually exceptions. That's because we've dealt with too many business types who hype how well the general case works but ignore the exception cases that crash or corrupt your systems. I totally agree with you. However, it seems that for the majority of the businesses that could be interested in such data right now would not really have a business care for the need the guarantee of data accuracy. P.S. So, ever bought stuff from Amazon from one of those IP addresses and sent it to some non-related location *just* to confuse the mapping systems? Not intentionally, but I work from a dozen different IPs, including ones from a pool located in a different state that is shared by 30k VPN users worldwide. I've also ordered stuff from IPs all over the world and shipped to various locations inside the US. I wonder where Amazon thinks I actually live, if they care. Actually, they do. They get charged less to clear a credit card transaction that looks squeaky clean compared to the one which is somewhat clean. Thanks, Alex
RE: IPv4 country of origin
Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Physical geography and DNS do not match. Some of the most popular web sites in Indian under the .in domain are physically in the US and owned by US companies. Having a web site under the .in domain is a means to reach a market. Physical geography and IP addresses do not match. Once the RIR allocates to the LIR, the LIR can sub-allocate anywhere. So a LIR (ISP) in Singapore with a regional business could allocate their address block to customers in Singapore, Hong Kong, China, India, and any other place where they offer services. DNS LOC Recorded might be helpful. But, as noted in one CAIDA paper ... Both the whois-based and hostname-based mapping rely on the assumption that educated guesses are required in the absence of explicit location information. While RFC 1876 [RFC1876] did define a DNS extension to provide a LOC resource record type that allows administrators to associate latitude and longitude information with entries, it turns out to be sub-optimally useful. First, the RFC specifies only the format and interpretation of the new field, without establishing where or at what granularity to use it. Because of this, finding the appropriate LOC resource record may require multiple DNS queries. More importantly, people just do not use it. NetGeo currently does not use DNS LOC queries by default because their low success rate does not justify the expense of the three or more DNS lookups typically needed to rule out the existence of a valid DNS LOC record. --- http://www.caida.org/outreach/papers/2000/inet_netgeo/inet_netgeo.html#dnslo c There are tools that CAIDA has worked on like NetGeo (now something sold by Ixia) http://www.caida.org/tools/utilities/netgeo/. Might be something to check out along with all the other Internet mapping projects.
RE: IPv4 country of origin
Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. Alex
RE: IPv4 country of origin
On Thu, 3 Oct 2002, [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. So far I've been referred to 3 commercial services, and all (including NetGeo/Ixia) fail on the example I gave (194.196.100.86). -Ralph
RE: IPv4 country of origin
On Thu, 3 Oct 2002, [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. So far I've been referred to 3 commercial services, and all (including NetGeo/Ixia) fail on the example I gave (194.196.100.86). Maybe I missed those posts, sorry. I am not aware of any commercial service tht has a /32s in its databases. Neither am I aware of any of the companies that have the data providing the service of 'lookup the location'. It is incorporated into the other services that they provide and are used for internal purposes.
Re: IPv4 country of origin
On Thu, Oct 03, 2002 at 11:10:45AM -0400, [EMAIL PROTECTED] wrote: On Thu, 3 Oct 2002, [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. So far I've been referred to 3 commercial services, and all (including NetGeo/Ixia) fail on the example I gave (194.196.100.86). The Akamai EdgeScape service is correct for 194.196.100.86. Maybe I missed those posts, sorry. I am not aware of any commercial service tht has a /32s in its databases. Neither am I aware of any of the companies that have the data providing the service of 'lookup the location'. It is incorporated into the other services that they provide and are used for internal purposes. I'm not sure how far Akamai goes in its database. I do know for a fact that there are entries more specific than /24s in its database.
Re: IPv4 country of origin
Thus spake Ralph Doncaster [EMAIL PROTECTED] That's basically all Netscape Microsoft were doing when they had to restrict 128-bit SSL. They threw in the requirement to enter your address phone number, but they had no way of telling if you were entering your address, or the one you got from doing a four11.com lookup of John Smith in Plano, Tx. The new crypto regulations allow shrink-wrapped software to be exported if the receiver claims to be authorized; there is no legal requirement on the exporter to actually verify this status... I really wonder if there's any point in regulating at all, if they're going to be so blatantly stupid about it. S
Re: IPv4 country of origin
On Thu, 3 Oct 2002, Stephen Sprunk wrote: Thus spake Ralph Doncaster [EMAIL PROTECTED] That's basically all Netscape Microsoft were doing when they had to restrict 128-bit SSL. They threw in the requirement to enter your address phone number, but they had no way of telling if you were entering your address, or the one you got from doing a four11.com lookup of John Smith in Plano, Tx. The new crypto regulations allow shrink-wrapped software to be exported if the receiver claims to be authorized; there is no legal requirement on the exporter to actually verify this status... One of my clients is a large computer security software company. According to them, it's not just crypto export rules that are the concern, but also the ITAR countries (N. Korea, Lybia, Cuba, ...). As well they are concerned about liabilities in countries like France where it is illegal to import crypto so they want to restrict people from France too. -Ralph
RE: IPv4 country of origin
I believe Akamai offers an IP address to location database for sale. I'm unsure of the accuracy, but Akamai folks claim it to be quite high. YMMV. - Daniel Golding On Thu, 3 Oct 2002, Barry Raveendran Greene wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Physical geography and DNS do not match. Some of the most popular web sites in Indian under the .in domain are physically in the US and owned by US companies. Having a web site under the .in domain is a means to reach a market. Physical geography and IP addresses do not match. Once the RIR allocates to the LIR, the LIR can sub-allocate anywhere. So a LIR (ISP) in Singapore with a regional business could allocate their address block to customers in Singapore, Hong Kong, China, India, and any other place where they offer services. DNS LOC Recorded might be helpful. But, as noted in one CAIDA paper ... Both the whois-based and hostname-based mapping rely on the assumption that educated guesses are required in the absence of explicit location information. While RFC 1876 [RFC1876] did define a DNS extension to provide a LOC resource record type that allows administrators to associate latitude and longitude information with entries, it turns out to be sub-optimally useful. First, the RFC specifies only the format and interpretation of the new field, without establishing where or at what granularity to use it. Because of this, finding the appropriate LOC resource record may require multiple DNS queries. More importantly, people just do not use it. NetGeo currently does not use DNS LOC queries by default because their low success rate does not justify the expense of the three or more DNS lookups typically needed to rule out the existence of a valid DNS LOC record. --- http://www.caida.org/outreach/papers/2000/inet_netgeo/inet_netgeo.html#dnslo c There are tools that CAIDA has worked on like NetGeo (now something sold by Ixia) http://www.caida.org/tools/utilities/netgeo/. Might be something to check out along with all the other Internet mapping projects.
RE: IPv4 country of origin
Ralph, You and alex exchanged: On Thu, 3 Oct 2002, [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. So far I've been referred to 3 commercial services, and all (including NetGeo/Ixia) fail on the example I gave (194.196.100.86). - -Ralph As near as we can tell, 194.196.100.86 is near Eisenhuettenstadt, Brandenburg, Deustschland. Is this good enough? Peter --- Peter H. Salus Chief Knowledge Officer, Matrix NetSystems Ste. 3005001 Plaza on the LakeAustin, TX 78746 +1 512 697-0613 ---
Re: IPv4 country of origin
One of my clients is a large computer security software company. According to them, it's not just crypto export rules that are the concern, but also the ITAR countries (N. Korea, Lybia, Cuba, ...). As well they are concerned about liabilities in countries like France where it is illegal to import crypto so they want to restrict people from France too. You're trying to solve the wrong problem. Since you have a legal requirement that would be violated by sending stuff to a bad place, you should only send it to a known good place. Therefore, instead of trying to identify the bad places to block them, you should be trying to identify the good places that should be allowed access. If someone from a good place can't get in, then give them a web page to register a complaint and check it out manually if you think it is worth your while. Michael Dillon
RE: IPv4 country of origin
Yo Alex! On Thu, 3 Oct 2002 [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. These DBs are a joke. I have /19's that are SWIPed to the billing office but used in remote POPs. No-one is ever gonna figure out where they really are. Except for the IPs I set RFC1712 LOC records on. I see load-balancing by geo-code do way more harm than good. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
RE: IPv4 country of origin
On Thu, 3 Oct 2002 [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. These DBs are a joke. I have /19's that are SWIPed to the billing office but used in remote POPs. No-one is ever gonna figure out where they really are. Wrong answer. Just because free public dbs dont have that info does not mean that it does not exist. Alex
Re: IPv4 country of origin
Wrong answer. Just because free public dbs dont have that info does not mean that it does not exist. Say I have about 10 /16's reachable through firewalls in SJC, RDU, SYD, and AMS. No traceroutes or pings can make it past these firewalls, nor do the hostnames indicate any particular location. How exactly do you plan on mapping these to a zip code, when I can tell you those addresses are fairly randomly spread, in /24 increments, to sites all over the world? It is very easy. Anyone would care about it only when users from those addreses interact with whatever the software that ends up creating those databases. If those users never buy stuff from Amazon.com, Amazon.com does not care where they are. But eh moment they do, somewhere someone is cruniching the data that says Of 10 sites that I saw this IP address access and provide a clearing for the credit card transaction, 9 ended up being within 3 miles radius of . Lets put a tag on that The neat thing about selling databases like that is nobody can ever prove how incredibly inaccurate they are. Just come up with a reasonable-sounding collection methodology and claim any counterexamples are just flukes, then collect money from the saps who believe you... The really neat things about talking to computer geeks is that they all operate with the lots of absolutes. They will explain to you why in a specific case it does not work and forget that those specific cases are usually exceptions. ALex P.S.So, ever bought stuff from Amazon from one of those IP addresses and sent it to some non-related location *just* to confuse the mapping systems?
Re: IPv4 country of origin
On Thu, Oct 03, 2002 at 04:22:30PM -0500, Stephen Sprunk wrote: Say I have about 10 /16's reachable through firewalls in SJC, RDU, SYD, and AMS. No traceroutes or pings can make it past these firewalls, nor do the hostnames indicate any particular location. How exactly do you plan on mapping these to a zip code, when I can tell you those addresses are fairly randomly spread, in /24 increments, to sites all over the world? edge intercept? there are probably a few other ways as well. -dre
Re: IPv4 country of origin
On Wed, Oct 02, 2002 at 11:21:04PM -0400, Ralph Doncaster wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? http://www.nicolas-guillard.com/cybergeography-fr/mapping.html -dre
Re: IPv4 country of origin
Andre, I fail to see where a pointer to the French version of Dodge's UCL-based cybergeography pages responds to Ralph's queries. Peter
Re: IPv4 country of origin
On Thu, 3 Oct 2002, Gary E. Miller wrote: I would be REALLY interested to know how you measure mileage with IP. Latency triangulation. Bradley
Re: IPv4 country of origin
Yo Bradley! On Thu, 3 Oct 2002, Bradley Dunn wrote: I would be REALLY interested to know how you measure mileage with IP. Latency triangulation. Oh really? So you can figure out how plugged the pipe is, how backed up the router is, and then measure the speed of light? Triangulate this: 204.245.220.1 RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
IPv4 country of origin
I would like to restrict access from certain countries to content on my network (for security and legal reasons). So far the best algorithm I've been able to come up with is a combination of reverse DNS and APNIC/ARIN/RIPE whois queries. I've written a perl cgi that checks reverse DNS first, and if there is no gtld country code for the reverse mapping, does a whois query and parses the response for the address. The problem I have is that the country for the company that owns the IP block is sometimes not the country the IP block is used in. For example sungold22.de.ibm.com 194.196.100.86 Whois parsing indicates a country of UK, but from the reverse DNS a person can see that it is Germany. I've built the pattern of cc.ibm.com into my cgi, but I'm sure there are other blocks that I'm incorrectly identifying. I've looked at RADB entries, as well as origin AS for various IP blocks, and neither source looks any better than whois. Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? -Ralph
Re: IPv4 country of origin
On Wed, Oct 02, 2002 at 11:21:04PM -0400, Ralph Doncaster wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Several companies offer such services. I'd be happy to give some pointers offlist.
Re: IPv4 country of origin
On Wednesday, Oct 2, 2002, at 23:21 Canada/Eastern, Ralph Doncaster wrote: I would like to restrict access from certain countries to content on my network (for security and legal reasons). So far the best algorithm I've been able to come up with is a combination of reverse DNS and APNIC/ARIN/RIPE whois queries. I've written a perl cgi that checks reverse DNS first, and if there is no gtld country code for the reverse mapping, does a whois query and parses the response for the address. If you're in the market for a commercial solution, Ixia do one: http://www.ixiacom.com/products/paa/netops/IxMapping.php I don't know where they get their data from, how accurate it is, or what it costs, but I thought I'd mention that there is at least a way to make the problem someone else's by the simple application of money :) Joe
