It may have been the theory that IP ranges were geographically organized, but that's long since gone the way of all things. We considered blocking all of .kr, since for a time they were the leading source of portscans of our network, and got the following abridged results. I think you'll find that there are chunks per continent, delegated to RIPE, APNIC, or some South American registries, but that IP range<->nation mappings simply don't exist in a viable or useful way. ================================================================ .kr is krnic@apnic + hananet@apnic + "korea"@arin: (flankedby) (range) (maskable blocks) .au -> 61.95.63.255 inetnum: 61.96.0.0 - 61.111.255.255 1 .jp 61.112.0.0 -> unallocated APNIC -> 61.247.255.255 inetnum: 61.248.0.0 - 61.255.255.255 1 .il -> 62.0.0.0 af.mil -> 128.133.0.0/16 128.134.0.0 - 128.134.255.255 1 uchicago.edu -> 128.135.0.0/16 inetnum: 202.6.95.0 - 202.6.95.255 1 inetnum: 202.14.103.0 - 202.14.103.255 1 inetnum: 202.14.165.0 - 202.14.165.255 1 inetnum: 202.20.82.0 - 202.20.82.255 3 inetnum: 202.20.83.0 - 202.20.86.255 inetnum: 202.20.99.0 - 202.20.99.255 1 inetnum: 202.20.119.0 - 202.20.119.255 1 inetnum: 202.20.128.0 - 202.20.255.255 2 inetnum: 202.21.0.0 - 202.21.7.255 inetnum: 202.30.0.0 - 202.31.255.255 1 inetnum: 203.224.0.0 - 203.224.255.255 1 inetnum: 203.225.0.0 - 203.225.255.255 inetnum: 203.226.0.0 - 203.231.255.255 inetnum: 203.232.0.0 - 203.239.255.255 inetnum: 203.240.0.0 - 203.243.255.255 inetnum: 203.244.0.0 - 203.247.255.255 inetnum: 203.248.0.0 - 203.255.255.255 : : : On Tue, 26 Feb 2002, Brian Nichols wrote: > Date: Tue, 26 Feb 2002 10:16:00 -0500 > From: Brian Nichols <Brian_Nicholsat_private> > To: incidentsat_private > Subject: Determining the country of orgin for IP address(es) > > Hello, > I am looking for a list or a tool that will allow us to determine and > possibly block IPs from other countries. I am aware of Geo-IP, are > there any others? > I initially understood, please correct me if I am wrong, that when IPS > were originally given out there was a number scheme in regards to > countries. If so, is there a huge check/cross listing? > > Thank you, > Brian Nichols Glenn Forbes Fleming Larratt Rice University Network Management glrattat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 12:46:33 PST