Security Basics mailing list archives
Re: Country based IPs
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 03 Oct 2003 12:56:13 -0400
Correct again - they "merely" (!) report the information. They do nothing to assign it. There is a field within the naming structure for location, but since that is not a required entry that will probably not help him. Jim "Matthew F. Caldwell" wrote:
Jim, Domain name servers have nothing to do with who owns the IP address blocks and DNS generally has a set of problems (spoofing etc). Generally ISP's, Corporations and Government Organizations own blocks of IP addresses. The IP addresses are assigned for organizations use only, which helps people track back the origin of attacks. For example: Your mail server IP address is 156.80.3.61 A DNS lookup would revel that it's dns name is: 61.3.80.156.in-addr.arpa name = mclean-vscan1.bah.com. HOWEVER a WHOIS look would give you the following information: <ip_address> 156.80.3.61</ip_address> <asname>BAH-NET</asname> <domain></domain> <block_range> <block_start>156.80.0.0</block_start> <block_end>156.80.255.255</block_end> </block_range> <location> <city>MC LEAN</city> <state>VA</state> <country>US</country><coordinates> <granular>City</granular> <latitude>38.953033</latitude> <longitude>-77.229</longitude> </coordinates> </location> <whois> Query: 156.80.82.5 Registry: whois.arin.net OrgName: Booz, Allen, and Hamilton OrgID: BAH-2 Address: 8283 Greensboro Dr City: McLean StateProv: VA PostalCode: 22102 Country: US NetRange: 156.80.0.0 - 156.80.255.255 CIDR: 156.80.0.0/16 NetName: BAH-NET NetHandle: NET-156-80-0-0-1 Parent: NET-156-0-0-0-0 NetType: Direct Assignment NameServer: EXTSER-1.BAH.COM NameServer: EXTSER-2.BAH.COM Comment: RegDate: 1992-12-10 Updated: 2000-12-15 TechHandle: AHB1-ARIN TechName: Booz, Allen & Hamilton TechPhone: +1-703-377-0887 TechEmail: internet () bah com # ARIN WHOIS database, last updated 2003-04-16 20:10 # Enter ? for additional hints on searching ARIN\'s WHOIS database. </whois> </netblock>focus.com Large Difference.Subject: Re: Country based IPs We did it that way in the "good old days" to generate out hosts files, but that rapidly became unworkable due to the number of IPs and that lead to the introduction of name servers... I would recommend against taking a great step backwards if at all possible... Jim "Matthew F. Caldwell" wrote:Dale and Jbod, If you want a database download you can request it from ARIN, it's a difficult to parse format (to prevent spammers). HERE is theformhave fun! http://www.arin.net/library/agreements/bulkwhois.pdf As part of our product neuSECURE, we maintain a database of all known netblocks from the sources ARIN, APNIC, RIPE, etc. The data isrefreshedon a regular basis. We use this data to allow better macro correlation in our product. You can create rules that specify if you seesomethingfrom a particular country,block,and ranges it can perform actions including block it at the firewall, email me, create a ticket etc. Matt Matthew F. Caldwell, CISSP Founder and Chief Security Officer GuardedNet, Inc. -----Original Message----- From: Dale Fay [mailto:dalef () merit edu] Sent: Thursday, October 02, 2003 12:26 PM To: jbod Cc: security-basics () securityfocus com Subject: Re: Country based IPs Such a list would be difficult to create and impossible to maintain. Netblocks are allocated from one of the four regional sources, ARIN, RIPE, APNIC and a new one in Latin America, based on the location of the requester, but could be used anywhere in theworld.On Wed, Oct 01, 2003 at 05:56:01PM -0700, jbod wrote:Does anyone have a list or know where to obtain one that shows IPs allocated based upon country - for the purpose of blocking ALL access from all non-US locations unless implicitly allowed. __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com------------------------------------------------------------------------------------------------------------------------------------------------------- -- Dale Fay Merit Systeam/RADB www.merit.edu www.radb.net------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------- ---- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Country based IPs, (continued)
- RE: Country based IPs Burton M. Strauss III (Oct 08)
- RE: Country based IPs Thomas H. Roemer (Oct 02)
- Re: Country based IPs Fábio Alves (Oct 02)
- RE: Country based IPs Seyberth Allan R Contr AFRL/VSIO (Oct 02)
- Re: Country based IPs salgak (Oct 02)
- RE: Country based IPs Matthew F. Caldwell (Oct 02)
- Re: Country based IPs Meritt James (Oct 03)
- RE: Country based IPs James McKiernan (Oct 03)
- RE: Country based IPs Matthew F. Caldwell (Oct 03)
- Re: Country based IPs Meritt James (Oct 03)
- Re: Country based IPs Meritt James (Oct 03)
- Weird TCP 1755 port on freebsd box Rick Zhong (Oct 06)
- Re: Weird TCP 1755 port on freebsd box Ranjeet Shetye (Oct 06)
- Re: Weird TCP 1755 port on freebsd box Rick Zhong (Oct 06)
- Re: Weird TCP 1755 port on freebsd box Jackson Alley (Oct 08)