Re: Country based IPs

["Meritt James" <meritt_james () bah com>]

Correct again - they "merely" (!) report the information.  They do
nothing to assign it.

There is a field within the naming structure for location, but since
that is not a required entry that will probably not help him.

Jim

"Matthew F. Caldwell" wrote:
> Jim,
>
>         Domain name servers have nothing to do with who owns the IP
> address blocks and DNS generally has a set of problems (spoofing etc).
> Generally ISP's, Corporations and Government Organizations own blocks of
> IP addresses. The IP addresses are assigned for organizations use only,
> which helps people track back the origin of attacks.
>
> For example:
>
> Your mail server IP address is 156.80.3.61
>
> A DNS lookup would revel that it's dns name is:
> 61.3.80.156.in-addr.arpa        name = mclean-vscan1.bah.com.
>
> HOWEVER a WHOIS look would give you the following information:
>
> <ip_address>
> 156.80.3.61</ip_address>
> <asname>BAH-NET</asname>
> <domain></domain>
> <block_range>
> <block_start>156.80.0.0</block_start>
> <block_end>156.80.255.255</block_end>
> </block_range>
> <location>
> <city>MC LEAN</city>
> <state>VA</state>
> <country>US</country><coordinates>
> <granular>City</granular>
> <latitude>38.953033</latitude>
> <longitude>-77.229</longitude>
> </coordinates>
> </location>
> <whois>
> Query:     156.80.82.5
> Registry:  whois.arin.net
>
> OrgName:    Booz, Allen, and Hamilton
> OrgID:      BAH-2
> Address:    8283 Greensboro Dr
> City:       McLean
> StateProv:  VA
> PostalCode: 22102
> Country:    US
>
> NetRange:   156.80.0.0 - 156.80.255.255
> CIDR:       156.80.0.0/16
> NetName:    BAH-NET
> NetHandle:  NET-156-80-0-0-1
> Parent:     NET-156-0-0-0-0
> NetType:    Direct Assignment
> NameServer: EXTSER-1.BAH.COM
> NameServer: EXTSER-2.BAH.COM
> Comment:
> RegDate:    1992-12-10
> Updated:    2000-12-15
>
> TechHandle: AHB1-ARIN
> TechName:   Booz, Allen & Hamilton
> TechPhone:  +1-703-377-0887
> TechEmail:  internet () bah com
>
> # ARIN WHOIS database, last updated 2003-04-16 20:10
> # Enter ? for additional hints on searching ARIN\'s WHOIS database.
>
> </whois>
> </netblock>focus.com
>
> Large Difference.
>
> > >
> Subject: Re: Country based IPs
>
> We did it that way in the "good old days" to generate out hosts files,
> but that rapidly became unworkable due to the number of IPs and that
> lead to the introduction of name servers...
>
> I would recommend against taking a great step backwards if at all
> possible...
>
> Jim
>
> "Matthew F. Caldwell" wrote:
> > Dale and Jbod,
> >
> >         If you want a database download you can request it from ARIN,
> > it's a difficult to parse format (to prevent spammers). HERE is the
> form
> > have fun!
> >
> > http://www.arin.net/library/agreements/bulkwhois.pdf
> >
> > As part of our product neuSECURE, we maintain a database of all known
> > netblocks from the sources ARIN, APNIC, RIPE, etc. The data is
> refreshed
> > on a regular basis. We use this data to allow better macro correlation
> > in our product.  You can create rules that specify if you see
> something
> > from a particular country,block,and ranges it can perform actions
> > including block it at the firewall, email me, create a ticket etc.
> >
> > Matt
> >
> > Matthew F. Caldwell, CISSP
> > Founder and Chief Security Officer
> > GuardedNet, Inc.
> >
> > -----Original Message-----
> > From: Dale Fay [mailto:dalef () merit edu]
> > Sent: Thursday, October 02, 2003 12:26 PM
> > To: jbod
> > Cc: security-basics () securityfocus com
> > Subject: Re: Country based IPs
> >
> >   Such a list would be difficult to create and impossible to
> > maintain. Netblocks are allocated from one of the four regional
> > sources, ARIN, RIPE, APNIC and a new one in Latin America, based on
> > the location of the requester, but could be used anywhere in the
> world.
> > On Wed, Oct 01, 2003 at 05:56:01PM -0700, jbod wrote:
> > > Does anyone have a list or know where to obtain one
> > > that shows IPs allocated based upon country - for the
> > > purpose of blocking ALL access from all non-US
> > > locations unless implicitly allowed.
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > The New Yahoo! Shopping - with improved product search
> > > http://shopping.yahoo.com
> ------------------------------------------------------------------------
> > ---
> > >
> ------------------------------------------------------------------------
> > ----
> >
> > --
> >
> > Dale Fay
> > Merit Systeam/RADB
> > www.merit.edu
> > www.radb.net
> ------------------------------------------------------------------------
> > ---
> ------------------------------------------------------------------------
> > ----
> ------------------------------------------------------------------------
> ---
> >
> ------------------------------------------------------------------------
> ----
>
> --
> James W. Meritt CISSP, CISA
> Booz | Allen | Hamilton
> phone: (410) 684-6566
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
----------------------------------------------------------------------------