Re: Determining the country of orgin for IP address(es)

[Mally Mclane <mally () ripe net>]

hi,

On 26/2/02 22:24, "Russell Fulton" <R.FULTON () auckland ac nz> wrote:

> On Wed, 2002-02-27 at 08:36, Glenn Forbes Fleming Larratt wrote:
> > It may have been the theory that IP ranges were geographically organized,
> > but that's long since gone the way of all things.
> >
> > We considered blocking all of .kr, since for a time they were the leading
> > source of portscans of our network, and got the following abridged results.
> >
> > I think you'll find that there are chunks per continent, delegated to
> > RIPE, APNIC, or some South American registries, but that IP range<->nation
> > mappings simply don't exist in a viable or useful way.
>
> I agree, when the "Korean problem" was at it's worst I was seriously
> worried that some people were going to naively block all of 210/7
> because of the number of attacks coming from those two class /8s.
> Several major (by our standards ;-) NZ ISPs have address ranges in these
> blocks...
>
> Last time I looked there were several hundred address blocks allocated
> to NZ (pop 3.5 million) and I know there are chuncks of address space in
> use here that are allocated to global Telcos and no where is is recorded
> that the addresses aer in use in New Zealand.

People need to be really care and specific about what IP ranges they are
going to block. Furthering the NZ example, our /8s are so geographically
diverse, that blocking one /8 because it, for instance, contains a lot of
russian spam, could also block of most of Europe.....


Cheers,


Mally Mclane
RIPE NCC Operations

Sent using the Entourage X Test Drive.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com