most accurate geo-IP source to build country-based access lists

Martin T m4rtntns at gmail.com
Tue Jun 9 09:11:25 UTC 2015


John,

> At a brute force country level it is possible to use the Delegated
> ranges lists but that runs into the problem where IP ranges are
> subnetted and allocated to other countries.

Yeah.

In addition, to illustrate the point in my initial post, sometimes
inetnum objects contain more than one "country" attribute and only the
first country code is inserted into RIR delegated list. For example:

$ for deleg in $(wget -qO -
ftp://ftp.ripe.net/ripe/stats/delegated-ripencc-latest | grep ipv4 |
cut -d '|' -f 4 | tail -10000); do
>   [[ $(whois -rh whois.ripe.net -T inetnum "$deleg") = *country:*country:* ]] && echo "$deleg"
> done
193.104.217.0
193.110.48.0
193.111.228.0
193.218.114.0
194.33.109.0
194.34.64.0
194.42.56.0
194.150.168.0
194.153.74.0
195.14.23.0
195.39.208.0
195.85.254.0
195.95.150.0
195.158.230.0
$


Blake,

> Have you thought about application layer tests - e.g. is the client's
> character set/language set to Swedish? Has the user identified
> himself/herself/henself as living in or being from Sweeden?

Unfortunately I need this on network layer, i.e. it should work for
other traffic besides HTTP/HTTPS.


Anyway, thanks for all the replies!


Martin



More information about the NANOG mailing list