Re: Geoip lookup

[shawn wilson <ag4ve.us () gmail com>]

I knew this would come up. Actually I'm surprised and glad it waited until
I got a solution first.

I'll address a few points:
- this is mainly to stop stupid things from sending packets from countries
we will probably never want to do business with (I'm looking mainly at that
big country under APNIC).
- I'd prefer a solution that blocks all traffic that is routed through
those countries so that they could never see data from us (and when
Jin-rong has a configuration mess up and rerouts ~10% of traffic through
them for a half hour, I don't see any of that traffic). Since I have no
idea how one would go about doing this, just blocking traffic from IP
addresses registered in certain countries is good enough.
- it is well known (I think everyone on this list at least) that you can
evade geographic placement of your origin by tunneling. Given this, I fail
to see the point in bringing up that "GeoIP" doesn't work. Also, if it
doesn't work, why do content providers, CDNs, google, and streaming
services rely on it as part of their business model? The sad truth of the
mater is it does work and surprisingly well. We just don't like it because
it's brittle and a user can fool us (I know Akami and the like look at trip
time and the like because they know there are issues). Given all of this,
how often is looking at the country an IP address originates from via what
is listed for the particular ASN actually fiction?

Again, the input was invaluable for getting me where I wanted to be so
thanks again.
On May 24, 2013 2:59 AM, "Owen DeLong" <owen () delong com> wrote:

> On May 23, 2013, at 23:49 , bmanning () vacation karoshi com wrote:
>
> > On Thu, May 23, 2013 at 11:39:12PM -0700, Owen DeLong wrote:
> > > On May 23, 2013, at 23:17 , David Conrad <drc () virtualized org> wrote:
> > >
> > > > On May 23, 2013, at 10:53 PM, Andreas Larsen <
> andreas.larsen () ip-only se> wrote:
> > > > > The whole idea of Geoip is flawed.
> > > >
> > > > Sure, but pragmatically, it's an 80% solution.
> > > >
> > > > > IP dosen't reside in countries,
> > > >
> > > > True, according to (at least some of) the RIRs they reside in
> regions...
> > > >
> > >
> > > Really? Which ones? I thought they were only issued to organizations
> that had operations in regions.
> > > Owen
> >
> >       Just because I have operations in one region does not preclude me
> from having operations
> >       in other regions.  YMMV of course.
> >
> > /bill
>
> That was exactly my point, Bill... If you have operations in RIPE and ARIN
> regions, it is entirely possible for you to obtain addresses from RIPE or
> ARIN and use them in both locations, or, obtain addresses from both RIPE
> and ARIN and use them in their respective regions, or mix and match in just
> about any imaginable way. Thus, IP addresses don't reside in regions,
> either. They are merely issued somewhat regionally.
>
> Owen