Re: Determining the country of orgin for IP address(es)

["Matthew Leeds" <mleeds () theleeds net>]

If you're willing to spend money take a look at:

http://www.digitalenvoy.net/

You might also look at:

http://cello.cs.uiuc.edu/cgi-bin/slamm/ip2ll

---Matthew

*********** REPLY SEPARATOR  ***********

On 2/26/2002 at 1:36 PM Glenn Forbes Fleming Larratt wrote:

> It may have been the theory that IP ranges were geographically organized,
> but that's long since gone the way of all things.
>
> We considered blocking all of .kr, since for a time they were the leading
> source of portscans of our network, and got the following abridged results.
>
> I think you'll find that there are chunks per continent, delegated to
> RIPE, APNIC, or some South American registries, but that IP range<->nation
> mappings simply don't exist in a viable or useful way.
>
> ================================================================
> .kr is krnic@apnic + hananet@apnic + "korea"@arin:
>
> (flankedby)          (range)                (maskable blocks)
>
> .au -> 61.95.63.255
> inetnum:     61.96.0.0 - 61.111.255.255         1
> .jp 61.112.0.0 ->
>
> unallocated APNIC -> 61.247.255.255
> inetnum:     61.248.0.0 - 61.255.255.255        1
> .il -> 62.0.0.0
>
> af.mil -> 128.133.0.0/16
>       128.134.0.0 - 128.134.255.255           1
> uchicago.edu -> 128.135.0.0/16
>
>
> inetnum:     202.6.95.0 - 202.6.95.255          1
>
> inetnum:     202.14.103.0 - 202.14.103.255      1
>
> inetnum:     202.14.165.0 - 202.14.165.255      1
>
> inetnum:     202.20.82.0 - 202.20.82.255        3
> inetnum:     202.20.83.0 - 202.20.86.255
>
> inetnum:     202.20.99.0 - 202.20.99.255        1
>
> inetnum:     202.20.119.0 - 202.20.119.255      1
>
> inetnum:     202.20.128.0 - 202.20.255.255      2
> inetnum:     202.21.0.0 - 202.21.7.255
>
> inetnum:     202.30.0.0 - 202.31.255.255        1
>
> inetnum:     203.224.0.0 - 203.224.255.255      1
> inetnum:     203.225.0.0 - 203.225.255.255
> inetnum:     203.226.0.0 - 203.231.255.255
> inetnum:     203.232.0.0 - 203.239.255.255
> inetnum:     203.240.0.0 - 203.243.255.255
> inetnum:     203.244.0.0 - 203.247.255.255
> inetnum:     203.248.0.0 - 203.255.255.255
>
>       :
>       :
>       :
>
>
> On Tue, 26 Feb 2002, Brian Nichols wrote:
>
> > Date: Tue, 26 Feb 2002 10:16:00 -0500
> > From: Brian Nichols <Brian_Nichols () dcecu org>
> > To: incidents () securityfocus com
> > Subject: Determining the country of orgin for IP address(es)
> >
> > Hello,
> > I am looking for a list or a tool that will allow us to determine and
> > possibly block IPs from other countries.  I am aware of Geo-IP, are
> > there any others?
> > I initially understood, please correct me if I am wrong, that when IPS
> > were originally given out there was a number scheme in regards to
> > countries. If so, is there a huge check/cross listing?
> >
> > Thank you,
> > Brian Nichols
>
>                               Glenn Forbes Fleming Larratt
>                               Rice University Network Management
>                               glratt () rice edu
>
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com