Re: Determining the country of orgin for IP address(es)

From: Glenn Forbes Fleming Larratt (glrattat_private)
Date: Tue Feb 26 2002 - 11:36:14 PST

  • Next message: Yotam Rubin: "Re: hack that changes root to Root" 

    It may have been the theory that IP ranges were geographically organized,
but that's long since gone the way of all things.

We considered blocking all of .kr, since for a time they were the leading
source of portscans of our network, and got the following abridged results.

I think you'll find that there are chunks per continent, delegated to
RIPE, APNIC, or some South American registries, but that IP range<->nation
mappings simply don't exist in a viable or useful way.

================================================================
.kr is krnic@apnic + hananet@apnic + "korea"@arin:

(flankedby)          (range)                (maskable blocks)

.au -> 61.95.63.255
inetnum:     61.96.0.0 - 61.111.255.255         1
.jp 61.112.0.0 ->

unallocated APNIC -> 61.247.255.255
inetnum:     61.248.0.0 - 61.255.255.255        1
.il -> 62.0.0.0

af.mil -> 128.133.0.0/16
	128.134.0.0 - 128.134.255.255		1
uchicago.edu -> 128.135.0.0/16


inetnum:     202.6.95.0 - 202.6.95.255          1

inetnum:     202.14.103.0 - 202.14.103.255      1

inetnum:     202.14.165.0 - 202.14.165.255      1

inetnum:     202.20.82.0 - 202.20.82.255        3
inetnum:     202.20.83.0 - 202.20.86.255

inetnum:     202.20.99.0 - 202.20.99.255        1

inetnum:     202.20.119.0 - 202.20.119.255      1

inetnum:     202.20.128.0 - 202.20.255.255      2
inetnum:     202.21.0.0 - 202.21.7.255

inetnum:     202.30.0.0 - 202.31.255.255        1

inetnum:     203.224.0.0 - 203.224.255.255      1
inetnum:     203.225.0.0 - 203.225.255.255
inetnum:     203.226.0.0 - 203.231.255.255
inetnum:     203.232.0.0 - 203.239.255.255
inetnum:     203.240.0.0 - 203.243.255.255
inetnum:     203.244.0.0 - 203.247.255.255
inetnum:     203.248.0.0 - 203.255.255.255

	:
	:
	:


On Tue, 26 Feb 2002, Brian Nichols wrote:

> Date: Tue, 26 Feb 2002 10:16:00 -0500
> From: Brian Nichols <Brian_Nicholsat_private>
> To: incidentsat_private
> Subject: Determining the country of orgin for IP address(es)
>
> Hello,
> I am looking for a list or a tool that will allow us to determine and
> possibly block IPs from other countries.  I am aware of Geo-IP, are
> there any others?
> I initially understood, please correct me if I am wrong, that when IPS
> were originally given out there was a number scheme in regards to
> countries. If so, is there a huge check/cross listing?
>
> Thank you,
> Brian Nichols

				Glenn Forbes Fleming Larratt
				Rice University Network Management
				glrattat_private




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 12:46:33 PST