nanog mailing list archives

Re: Increasing problems with geolocation/IPv4 access

From: Jared Mauch <jared () puck nether net>
Date: Sat, 21 Jan 2023 07:36:43 -0500

On Jan 20, 2023, at 11:29 PM, Crist Clark <cjc+nanog () pumpky net> wrote:

Are you sure it’s really geolocation blocks? Or is it anonymizer and VPN service detection? The geoIP vendors 
typically sell both since one of anonymizers’ top applications is to evade geolocation. Have customers using 
peer-to-peer anonymizers wittingly or unwittingly? Customers with malware or other PUPs hosting anonymizer services?

I know in the case of one provider it was a geolocation related issue. I don’t know if they fixed it, as I said the
customers left that provider so the complaint went away.

There seem to be a few issues happening. If I’m not getting the bot/threat feeds for those places, I’m happy to
follow-up with that customer, but some is just flat out things like “This isn’t IP space in US” or the feedback from
the customer says the provider places them in Mexico.

As I said, looking for any place that has 23.138.114.0/24 in a feed to be blocked as some of the ISD (intermediate
school district) that aggregates tech for several around the area started blocking over the winter break anyone in that
/24, can ping from other subnets but not that one *smh*.

I’m a bit grasping at straws, but also looking for any ideas or information that people may have around it. I get some
people may update monthly, or take time to get the changes through their systems, but parts of this have been going on
now since mid-late September. If it’s going to take 1.5-2 quarters to have the IP space be viable, this is something
I’ll be taking up eventually with folks at ARIN - similar to issues with other things that may not be easily fixed,
there’s a level of effort that I’m willing to undertake here, but at some point there is a question about if it’s fit
for any purpose.

The reality is I expect if I can find where the feed is that has the space flagged, that will likely address this part
of the long tail. I would hate to end up doing more NAT-PT/44 due to one or a few vendors with bad data sources.

- Jared

Current thread:

Increasing problems with geolocation/IPv4 access Jared Mauch (Jan 20)
- Re: Increasing problems with geolocation/IPv4 access Mike Lyon (Jan 20)
  - Re: Increasing problems with geolocation/IPv4 access Owen DeLong via NANOG (Jan 20)
    - Re: Increasing problems with geolocation/IPv4 access Jared Mauch (Jan 20)
    - Re: Increasing problems with geolocation/IPv4 access Owen DeLong via NANOG (Jan 20)
    - Re: Increasing problems with geolocation/IPv4 access Crist Clark (Jan 20)
    - Re: Increasing problems with geolocation/IPv4 access Jared Mauch (Jan 21)
  - Re: Increasing problems with geolocation/IPv4 access Daniel Marks via NANOG (Jan 20)
- Re: Increasing problems with geolocation/IPv4 access Jim Troutman (Jan 20)
- Re: Increasing problems with geolocation/IPv4 access Josh Luthman (Jan 23)