North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Where can I find a list of IPs and their regions.

On Tue, 10 Feb 2004, Scott Weeks wrote:

> : exist in.  I know it isn't an exact science but something close would
> : be nice.  I know 210/8 & 211/8 are APNIC, I likes to know stuff like

> This only works for a certain percentage of networks.  Most likely a
> higher percentage post tech bubble collapse.  I used to work for a company
> that had and we announced that globally.  So you couldn't
> say was in the US (or even NA) as it'd appear from ARIN
> or other data sources.

That is quite correct. Simply taking ips as reported by RIR in statistic 
files or as seen in whois as allocated/assigned by RIRs does not provide
a real view of how ips are used and in what country and I do not believe 
such list is sufficient - that is the reason why the current list of ips 
I mentioned  that is available at completewhois is considered to be an 
alpha stage project - it is not alpha stage in the way that I have not 
developed system for producing such list from RIR data (I do have necessary
tools and scripts and it works just fine), its just that its not sufficiently
exact for real life use as identification of ip to country. 

I'm however pursuing this issue futher and see it as that rather then 
developing this into one-one relationship between ip and country, it might 
be better provide several countries where there is good possibility that 
this ip is being used. For example if some ip block is allocated by 
ARIN to ISP in US and there is futher subdeligation (SWIP) from there to 
another entity in Canada - then there are two possibilities:
 1. ISP is providing direct dedicated connectivity to that company's 
    office in Canada 
 2. ISP is providing colo space or dedicated server to company from Canada
    but this actual server is still in US
Just by looking at whois data I can not reliably tell which of the above 
is true. 

Other ways to determine where ip blocks are used are based on real-time 
routing data either on BGP or traceroutes. Neither one is sufficiently 
good however as traceroutes can be faked and in reality many methods 
with traceroutes depend too much on reverse dns name of the router (so
any ISP can "claim" to have the router anywhere else in the world just by 
changing reverse???), neither do ASNs have exact country correspondence as 
in many cases same AS numbers are used by ISPs for providing connectivity 
both for their customers in one country and in another. 

Yet another way to use network connectivity data and not rely on what ISPs 
tells you, might be something like GPS where test servers try to get to 
the same ip from different locations and measure TTL of the packet 
(response latency) - this way may help locate exact region where 
server is based. This method would work very well if only we were all
on the same homogeneous network. But real structure of the net has many 
many networks and that ISPs don't always exchange traffic in the same 
city or region even if traffic originates and ends there and that even for 
the same network within same ISP, packet may not necesserily take 
"geographically shortest" path and ISP may want to reroute it more.

However if several sources are matched and they are all exact, there is 
pretty good guess ip block is being used in that country (minor issues like 
VPN aside - if somebody is using VPN, they are in effect putting themselve 
in different location and should be treated as somebody from that location).
However when things don't match and there are several possibilities, I 
would prefer to put such ip block in multiple country lists. However I'm
afraid that if such lists I are then made publicly available then they 
will be used by people who want to block entire countries and they will 
not care if there is only 50% chance ip is actually used in that country.
The only choice left is to report only some ip blocks and leave the rest 
in certain large data file listing all possibilities and this file (may 
not be one file, but anyway) is sufficiently different to parse that people
will not easily use it, while applications (like providing statistics on 
visitors to your website) could still use it and treat those blocks 
specifically unique in a way as not to emphasise any one country.

William Leibzon
Elan Networks
[email protected]