Re: IP Geolocation
> On Oct 14, 2019, at 9:14 AM, Travis Garrison wrote: > > Anyone else have issues where their IP block gets randomly set to China? We > have been trying to track down this issue for months and our customers are > starting to get upset. We get a /29 from our upstream provider that we CGNAT > (yeah I know, working on implementing IPV6) to all of our customers at 1 > particular site. No other sites have any issues. We had our upstream provider > allocate us a new IP block from a different subnet which fixed the issue for > a while but now it's back. The state and town are correct but the country > states China. This is having issues with Speedtests, NetFlix and others. The > upstream is claiming that we are purposely using a proxy or VPN to china > which causes this. We have checked all our configurations and even replaced > all hardware in case something was hacked. Any ideas? I’ve seen some people do their geolocation on a /24 boundary, so if someone else in that same /24 is located there, it might be an issue. I know in a prior life I had that issue with some CDNs and we eventually worked with them to resolve the issue. - Jared
Re: IP Geolocation
http://thebrotherswisp.com/index.php/geo-and-vpn/ Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Oct 14, 2019 at 11:38 AM Jared Mauch wrote: > > > > On Oct 14, 2019, at 9:14 AM, Travis Garrison > wrote: > > > > Anyone else have issues where their IP block gets randomly set to China? > We have been trying to track down this issue for months and our customers > are starting to get upset. We get a /29 from our upstream provider that we > CGNAT (yeah I know, working on implementing IPV6) to all of our customers > at 1 particular site. No other sites have any issues. We had our upstream > provider allocate us a new IP block from a different subnet which fixed the > issue for a while but now it's back. The state and town are correct but the > country states China. This is having issues with Speedtests, NetFlix and > others. The upstream is claiming that we are purposely using a proxy or VPN > to china which causes this. We have checked all our configurations and even > replaced all hardware in case something was hacked. Any ideas? > > I’ve seen some people do their geolocation on a /24 boundary, so if > someone else in that same /24 is located there, it might be an issue. I > know in a prior life I had that issue with some CDNs and we eventually > worked with them to resolve the issue. > > - Jared
Re: IP Geolocation
Agreed, I’ve seen this before across wider boundaries. Even /22s. -Ben > On Oct 14, 2019, at 8:38 AM, Jared Mauch wrote: > > > >> On Oct 14, 2019, at 9:14 AM, Travis Garrison wrote: >> >> Anyone else have issues where their IP block gets randomly set to China? We >> have been trying to track down this issue for months and our customers are >> starting to get upset. We get a /29 from our upstream provider that we CGNAT >> (yeah I know, working on implementing IPV6) to all of our customers at 1 >> particular site. No other sites have any issues. We had our upstream >> provider allocate us a new IP block from a different subnet which fixed the >> issue for a while but now it's back. The state and town are correct but the >> country states China. This is having issues with Speedtests, NetFlix and >> others. The upstream is claiming that we are purposely using a proxy or VPN >> to china which causes this. We have checked all our configurations and even >> replaced all hardware in case something was hacked. Any ideas? > > I’ve seen some people do their geolocation on a /24 boundary, so if someone > else in that same /24 is located there, it might be an issue. I know in a > prior life I had that issue with some CDNs and we eventually worked with them > to resolve the issue. > > - Jared
Re: IP Geolocation
Is this an indication of a prefix that was highjacked? Sent from my iPhone > On Oct 14, 2019, at 9:19 AM, Ben Cannon wrote: >
RE: IP Geolocation
I believe we have found 1 customer that is infected with a botnet or malware. His public ip address during speedtest or similar actually shows a Chinese ip address. We are contacting him to try to get that resolved and then put in a request to all the geolocation databases to update their information. It's still weird to me that a single customer out of around 120 can cause this many issues and change the geolocation databases. Thanks Travis-Original Message- >Is this an indication of a prefix that was highjacked? > >Sent from my iPhone > >> On Oct 14, 2019, at 9:19 AM, Ben Cannon wrote: >>
RE: IP Geolocation
>I believe we have found 1 customer that is infected with a botnet or malware. I've dealt with plenty of botnets working as a repair technician in the past but never had one change the public IP address of the user. Not entirely sure what this would accomplish aside from making it much easier to detect.
Re: IP Geolocation
On Wed, 16 Oct 2019 12:50:17 -, Ryland Kremeier said: > >I believe we have found 1 customer that is infected with a botnet or malware. > I've dealt with plenty of botnets working as a repair technician in the past > but never had one change the public IP address of the user. Not entirely sure > what this would accomplish aside from making it much easier to detect. To detect that somebody isn't doing BCP38 filtering of their customers, you mean? :) pgpUmsKQcLcHE.pgp Description: PGP signature
RE: IP Geolocation Issue
I would suggest starting with this form: https://www.maxmind.com/en/correction More here: http://nanog.peeringdb.com/index.php/GeoIP Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jose Damian Cantu Davila Sent: Wednesday, September 17, 2014 5:18 PM To: nanog@nanog.org Subject: IP Geolocation Issue Hi, Im new here, so any advice would be very appreciated. Is someone from Maxmind IP Geolocation available, that I can talk to offline? Its regarding to a block we assigned to a client. The client and its customers are located in Mexico but the IP Geolocation services says they are located in Brazil. Thanks for your help. [damian cantu]
Re: IP Geolocation Issue
You can submit corrections to maxmind here: https://www.maxmind.com/en/correction On Wed, Sep 17, 2014 at 6:17 PM, Jose Damian Cantu Davila wrote: > Hi, Im new here, so any advice would be very appreciated. > > Is someone from Maxmind IP Geolocation available, that I can talk to offline? > > Its regarding to a block we assigned to a client. The client and its > customers are located in Mexico but the IP Geolocation services says they are > located in Brazil. > > Thanks for your help. > > [damian cantu] >
Re: IP Geolocation Issue
Good luck with that. My past experience with them (while not as bad as dealing with certain fast-n-loose RBLs) has been less than encouraging. -r Alex Wacker writes: > You can submit corrections to maxmind here: > https://www.maxmind.com/en/correction > > On Wed, Sep 17, 2014 at 6:17 PM, Jose Damian Cantu Davila > wrote: >> Hi, Im new here, so any advice would be very appreciated. >> >> Is someone from Maxmind IP Geolocation available, that I can talk to offline? >> >> Its regarding to a block we assigned to a client. The client and its >> customers are located in Mexico but the IP Geolocation services says they >> are located in Brazil. >> >> Thanks for your help. >> >> [damian cantu] >>
RE: IP Geolocation Issue
Thanks to everyone for the advise and the information. Already got in touch with someone of Maxmind. Damian. IAR. -Original Message- From: Rob Seastrom [mailto:r...@seastrom.com] Sent: domingo, 21 de septiembre de 2014 10:22 a.m. To: Alex Wacker Cc: Jose Damian Cantu Davila; nanog@nanog.org Subject: Re: IP Geolocation Issue Good luck with that. My past experience with them (while not as bad as dealing with certain fast-n-loose RBLs) has been less than encouraging. -r Alex Wacker writes: > You can submit corrections to maxmind here: > https://www.maxmind.com/en/correction > > On Wed, Sep 17, 2014 at 6:17 PM, Jose Damian Cantu Davila > wrote: >> Hi, Im new here, so any advice would be very appreciated. >> >> Is someone from Maxmind IP Geolocation available, that I can talk to offline? >> >> Its regarding to a block we assigned to a client. The client and its >> customers are located in Mexico but the IP Geolocation services says they >> are located in Brazil. >> >> Thanks for your help. >> >> [damian cantu] >> -- Este mensaje contiene informacion confidencial y se entiende dirigido y para uso exclusivo del destinatario. Si recibes este mensaje y no eres el destinatario por favor eliminalo, ya que difundir, revelar, copiar o tomar cualquier accion basada en el contenido esta estrictamente prohibido. Network Information Center Mexico, S.C., ubicado en Ave. Eugenio Garza Sada 427 L4-6 Col. Altavista, Monterrey, Mexico, C.P. 64840 recaba tus datos personales necesarios para: la prestacion, estudio, analisis y mejora del servicio, la realizacion de comunicaciones y notificaciones; la transferencia y publicacion en los casos aplicables; el cumplimiento de la relacion existente; asi como para la prevencion o denuncia en la comision de ilicitos. Si eres colaborador o candidato a colaborador de NIC Mexico, tus datos seran utilizados para: la creacion y administracion de tu perfil como profesionista; el otorgamiento de herramientas de trabajo; la realizacion de estudios; el otorgamiento de programas y beneficios para mejorar tu desarrollo profesional; la gestion y administracion de servicios de pago y/o nomina; asi como para contacto y/o notificaciones. Si participas en promociones o en estudios podras dejar de participar. Para mayor informacion revisa el Aviso de Privacidad [http://www.nicmexico.mx/static/docs/Aviso_de_Privacidad.pdf] This message contains confidential information and is intended only for the individual named. If you are not the named addressee please delete it, since the dissemination, distribuition, copy or taking any action in reliance on the contents is strictly prohibited. Network Information Center Mexico, S.C., located on Av. Eugenio Garza Sada 427 Col. Altavista L4-6, Monterrey, Mexico, CP 64840 collects your personal data which is necessary to: provide, research, analyze and improve the service; send communications and notices; transfer and publish your personal data when applicable; fulfill the existing relationship; prevent or inform in the commission of unlawful acts or events. If the data is processed in your quality of candidate or collaborator of NIC Mexico, the purpose of treatment is to: create and manage your profile as a professional; provide you with working tools; conduct studies; grant benefits and programs to enhance your professional development; manage and administrate payment services and/or payroll; as well as to contact you. If you participate in promotions or surveys you may stop or quit your participation at any time. For more information read the Privacy Note [http://www.nicmexico.mx/static/docs/Aviso_de_Privacidad.pdf]
