North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Where can I find a list of IPs and their regions.
On Tue, 10 Feb 2004, Scott Weeks wrote: > : exist in. I know it isn't an exact science but something close would > : be nice. I know 210/8 & 211/8 are APNIC, I likes to know stuff like > This only works for a certain percentage of networks. Most likely a > higher percentage post tech bubble collapse. I used to work for a company > that had 188.8.131.52/17 and we announced that globally. So you couldn't > say 184.108.40.206/17 was in the US (or even NA) as it'd appear from ARIN > or other data sources. That is quite correct. Simply taking ips as reported by RIR in statistic files or as seen in whois as allocated/assigned by RIRs does not provide a real view of how ips are used and in what country and I do not believe such list is sufficient - that is the reason why the current list of ips I mentioned that is available at completewhois is considered to be an alpha stage project - it is not alpha stage in the way that I have not developed system for producing such list from RIR data (I do have necessary tools and scripts and it works just fine), its just that its not sufficiently exact for real life use as identification of ip to country. I'm however pursuing this issue futher and see it as that rather then developing this into one-one relationship between ip and country, it might be better provide several countries where there is good possibility that this ip is being used. For example if some ip block is allocated by ARIN to ISP in US and there is futher subdeligation (SWIP) from there to another entity in Canada - then there are two possibilities: 1. ISP is providing direct dedicated connectivity to that company's office in Canada 2. ISP is providing colo space or dedicated server to company from Canada but this actual server is still in US Just by looking at whois data I can not reliably tell which of the above is true. Other ways to determine where ip blocks are used are based on real-time routing data either on BGP or traceroutes. Neither one is sufficiently good however as traceroutes can be faked and in reality many methods with traceroutes depend too much on reverse dns name of the router (so any ISP can "claim" to have the router anywhere else in the world just by changing reverse???), neither do ASNs have exact country correspondence as in many cases same AS numbers are used by ISPs for providing connectivity both for their customers in one country and in another. Yet another way to use network connectivity data and not rely on what ISPs tells you, might be something like GPS where test servers try to get to the same ip from different locations and measure TTL of the packet (response latency) - this way may help locate exact region where server is based. This method would work very well if only we were all on the same homogeneous network. But real structure of the net has many many networks and that ISPs don't always exchange traffic in the same city or region even if traffic originates and ends there and that even for the same network within same ISP, packet may not necesserily take "geographically shortest" path and ISP may want to reroute it more. However if several sources are matched and they are all exact, there is pretty good guess ip block is being used in that country (minor issues like VPN aside - if somebody is using VPN, they are in effect putting themselve in different location and should be treated as somebody from that location). However when things don't match and there are several possibilities, I would prefer to put such ip block in multiple country lists. However I'm afraid that if such lists I are then made publicly available then they will be used by people who want to block entire countries and they will not care if there is only 50% chance ip is actually used in that country. The only choice left is to report only some ip blocks and leave the rest in certain large data file listing all possibilities and this file (may not be one file, but anyway) is sufficiently different to parse that people will not easily use it, while applications (like providing statistics on visitors to your website) could still use it and treat those blocks specifically unique in a way as not to emphasise any one country. -- William Leibzon Elan Networks [email protected]