Security Basics mailing list archives
Re: Country based IPs
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 03 Oct 2003 10:27:37 -0400
Not by nationality, nor by blocks - in that you are correct. And that the software has problems is also correct - in that way it is not unlike almost every OTHER piece of software. My recommendation stands - it is a way of looking at a database that is WAY too large. To complicate the issue, the geopolitical location of systems does not correspond to the block assignment. For example, while a block may be assigned to a Company, that company may be distributed internationally. And I assume that he meant more than the basic country extensions in a qualified domain name. Jim "Matthew F. Caldwell" wrote:
Jim, Domain name servers have nothing to do with who owns the IP address blocks and DNS generally has a set of problems (spoofing etc). Generally ISP's, Corporations and Government Organizations own blocks of IP addresses. The IP addresses are assigned for organizations use only, which helps people track back the origin of attacks. For example: Your mail server IP address is 156.80.3.61 A DNS lookup would revel that it's dns name is: 61.3.80.156.in-addr.arpa name = mclean-vscan1.bah.com. HOWEVER a WHOIS look would give you the following information: <ip_address> 156.80.3.61</ip_address> <asname>BAH-NET</asname> <domain></domain> <block_range> <block_start>156.80.0.0</block_start> <block_end>156.80.255.255</block_end> </block_range> <location> <city>MC LEAN</city> <state>VA</state> <country>US</country><coordinates> <granular>City</granular> <latitude>38.953033</latitude> <longitude>-77.229</longitude> </coordinates> </location> <whois> Query: 156.80.82.5 Registry: whois.arin.net OrgName: Booz, Allen, and Hamilton OrgID: BAH-2 Address: 8283 Greensboro Dr City: McLean StateProv: VA PostalCode: 22102 Country: US NetRange: 156.80.0.0 - 156.80.255.255 CIDR: 156.80.0.0/16 NetName: BAH-NET NetHandle: NET-156-80-0-0-1 Parent: NET-156-0-0-0-0 NetType: Direct Assignment NameServer: EXTSER-1.BAH.COM NameServer: EXTSER-2.BAH.COM Comment: RegDate: 1992-12-10 Updated: 2000-12-15 TechHandle: AHB1-ARIN TechName: Booz, Allen & Hamilton TechPhone: +1-703-377-0887 TechEmail: internet () bah com # ARIN WHOIS database, last updated 2003-04-16 20:10 # Enter ? for additional hints on searching ARIN\'s WHOIS database. </whois> </netblock>focus.com Large Difference.Subject: Re: Country based IPs We did it that way in the "good old days" to generate out hosts files, but that rapidly became unworkable due to the number of IPs and that lead to the introduction of name servers... I would recommend against taking a great step backwards if at all possible... Jim "Matthew F. Caldwell" wrote:Dale and Jbod, If you want a database download you can request it from ARIN, it's a difficult to parse format (to prevent spammers). HERE is theformhave fun! http://www.arin.net/library/agreements/bulkwhois.pdf As part of our product neuSECURE, we maintain a database of all known netblocks from the sources ARIN, APNIC, RIPE, etc. The data isrefreshedon a regular basis. We use this data to allow better macro correlation in our product. You can create rules that specify if you seesomethingfrom a particular country,block,and ranges it can perform actions including block it at the firewall, email me, create a ticket etc. Matt Matthew F. Caldwell, CISSP Founder and Chief Security Officer GuardedNet, Inc. -----Original Message----- From: Dale Fay [mailto:dalef () merit edu] Sent: Thursday, October 02, 2003 12:26 PM To: jbod Cc: security-basics () securityfocus com Subject: Re: Country based IPs Such a list would be difficult to create and impossible to maintain. Netblocks are allocated from one of the four regional sources, ARIN, RIPE, APNIC and a new one in Latin America, based on the location of the requester, but could be used anywhere in theworld.On Wed, Oct 01, 2003 at 05:56:01PM -0700, jbod wrote:Does anyone have a list or know where to obtain one that shows IPs allocated based upon country - for the purpose of blocking ALL access from all non-US locations unless implicitly allowed. __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com------------------------------------------------------------------------------------------------------------------------------------------------------- -- Dale Fay Merit Systeam/RADB www.merit.edu www.radb.net------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------- ---- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Country based IPs, (continued)
- Re: Country based IPs ScoutMirim (Oct 02)
- RE: Country based IPs Burton M. Strauss III (Oct 08)
- RE: Country based IPs Thomas H. Roemer (Oct 02)
- Re: Country based IPs Fábio Alves (Oct 02)
- RE: Country based IPs Seyberth Allan R Contr AFRL/VSIO (Oct 02)
- Re: Country based IPs salgak (Oct 02)
- RE: Country based IPs Matthew F. Caldwell (Oct 02)
- Re: Country based IPs Meritt James (Oct 03)
- RE: Country based IPs James McKiernan (Oct 03)
- RE: Country based IPs Matthew F. Caldwell (Oct 03)
- Re: Country based IPs Meritt James (Oct 03)
- Re: Country based IPs Meritt James (Oct 03)
- Weird TCP 1755 port on freebsd box Rick Zhong (Oct 06)
- Re: Weird TCP 1755 port on freebsd box Ranjeet Shetye (Oct 06)
- Re: Weird TCP 1755 port on freebsd box Rick Zhong (Oct 06)
- Re: Weird TCP 1755 port on freebsd box Jackson Alley (Oct 08)