Re: Determining the country of orgin for IP address(es)

[Russell Fulton <R.FULTON () auckland ac nz>]

On Wed, 2002-02-27 at 08:36, Glenn Forbes Fleming Larratt wrote:
> It may have been the theory that IP ranges were geographically organized,
> but that's long since gone the way of all things.
>
> We considered blocking all of .kr, since for a time they were the leading
> source of portscans of our network, and got the following abridged results.
>
> I think you'll find that there are chunks per continent, delegated to
> RIPE, APNIC, or some South American registries, but that IP range<->nation
> mappings simply don't exist in a viable or useful way.

I agree, when the "Korean problem" was at it's worst I was seriously
worried that some people were going to naively block all of 210/7
because of the number of attacks coming from those two class /8s.
Several major (by our standards ;-) NZ ISPs have address ranges in these
blocks...

Last time I looked there were several hundred address blocks allocated
to NZ (pop 3.5 million) and I know there are chuncks of address space in
use here that are allocated to global Telcos and no where is is recorded
that the addresses aer in use in New Zealand.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com