Security Incidents mailing list archives
Re: Determining the country of orgin for IP address(es)
From: Glenn Forbes Fleming Larratt <glratt () rice edu>
Date: Tue, 26 Feb 2002 13:36:14 -0600 (CST)
It may have been the theory that IP ranges were geographically organized,
but that's long since gone the way of all things.
We considered blocking all of .kr, since for a time they were the leading
source of portscans of our network, and got the following abridged results.
I think you'll find that there are chunks per continent, delegated to
RIPE, APNIC, or some South American registries, but that IP range<->nation
mappings simply don't exist in a viable or useful way.
================================================================
.kr is krnic@apnic + hananet@apnic + "korea"@arin:
(flankedby) (range) (maskable blocks)
.au -> 61.95.63.255
inetnum: 61.96.0.0 - 61.111.255.255 1
.jp 61.112.0.0 ->
unallocated APNIC -> 61.247.255.255
inetnum: 61.248.0.0 - 61.255.255.255 1
.il -> 62.0.0.0
af.mil -> 128.133.0.0/16
128.134.0.0 - 128.134.255.255 1
uchicago.edu -> 128.135.0.0/16
inetnum: 202.6.95.0 - 202.6.95.255 1
inetnum: 202.14.103.0 - 202.14.103.255 1
inetnum: 202.14.165.0 - 202.14.165.255 1
inetnum: 202.20.82.0 - 202.20.82.255 3
inetnum: 202.20.83.0 - 202.20.86.255
inetnum: 202.20.99.0 - 202.20.99.255 1
inetnum: 202.20.119.0 - 202.20.119.255 1
inetnum: 202.20.128.0 - 202.20.255.255 2
inetnum: 202.21.0.0 - 202.21.7.255
inetnum: 202.30.0.0 - 202.31.255.255 1
inetnum: 203.224.0.0 - 203.224.255.255 1
inetnum: 203.225.0.0 - 203.225.255.255
inetnum: 203.226.0.0 - 203.231.255.255
inetnum: 203.232.0.0 - 203.239.255.255
inetnum: 203.240.0.0 - 203.243.255.255
inetnum: 203.244.0.0 - 203.247.255.255
inetnum: 203.248.0.0 - 203.255.255.255
:
:
:
On Tue, 26 Feb 2002, Brian Nichols wrote:
Date: Tue, 26 Feb 2002 10:16:00 -0500 From: Brian Nichols <Brian_Nichols () dcecu org> To: incidents () securityfocus com Subject: Determining the country of orgin for IP address(es) Hello, I am looking for a list or a tool that will allow us to determine and possibly block IPs from other countries. I am aware of Geo-IP, are there any others? I initially understood, please correct me if I am wrong, that when IPS were originally given out there was a number scheme in regards to countries. If so, is there a huge check/cross listing? Thank you, Brian Nichols
Glenn Forbes Fleming Larratt
Rice University Network Management
glratt () rice edu
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Determining the country of orgin for IP address(es) Brian Nichols (Feb 26)
- Re: Determining the country of orgin for IP address(es) Glenn Forbes Fleming Larratt (Feb 26)
- Re: Determining the country of orgin for IP address(es) Matthew Leeds (Feb 26)
- Re[2]: Determining the country of orgin for IP address(es) Rzac` (Feb 26)
- Re: Re[2]: Determining the country of orgin for IP address(es) Mally Mclane (Feb 27)
- Re: Determining the country of orgin for IP address(es) Russell Fulton (Feb 26)
- Re: Determining the country of orgin for IP address(es) Mally Mclane (Feb 27)
- <Possible follow-ups>
- Re: Determining the country of orgin for IP address(es) Neil Dickey (Feb 26)
- Re: Determining the country of orgin for IP address(es) Mally Mclane (Feb 27)
- RE: Determining the country of orgin for IP address(es) dendler (Feb 27)
- Re: Determining the country of orgin for IP address(es) Glenn Forbes Fleming Larratt (Feb 26)