most accurate geo-IP source to build country-based access lists

• Previous message (by thread): most accurate geo-IP source to build country-based access lists
• Next message (by thread): most accurate geo-IP source to build country-based access lists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Years ago when meeting with the lawyers to talk about the need to block
access to a list of websites I was coming from the technical side and
talking about how all of our possible solutions were incomplete and easily
circumvented by our users.  The lawyers' response was to explain the
concept of good faith effort.  The main point was that we needed to "do
something."  We'd be in pretty good shape liability-wise as long as we made
an attempt.   Getting back to the point of the question.  I'd find the
cheapest/easiest way to implement a somewhat effective GeoIP block, and say
that you've done something.

On Tue, Jun 9, 2015 at 11:13 AM, Joe Abley <jabley at hopcount.ca> wrote:

> On 9 Jun 2015, at 5:11, Martin T wrote:
>
>  At a brute force country level it is possible to use the Delegated
>>> ranges lists but that runs into the problem where IP ranges are
>>> subnetted and allocated to other countries.
>>>
>>
>> Yeah.
>>
>
> I would say that a perfectly accurate mapping of address to anything
> geographical (with more accuracy than "it's within the observed universe,
> somewhere") is unlikely ever to exist, except by accident and for short
> periods of time. Accuracy and lack of authoritative sources of data is one
> reason, constant uncoordinated reconfiguration is another. You need to
> decide how accurate your mapping needs to be (and figure out how to measure
> that, if accuracy is important).
>
> Another part of the problem is framing the question in a useful way: a
> universal solution seems intractable when the following questions are
> answered differently (but accurately) by different people who have
> different needs.
>
> Is a device in Uganda connected via satphone to a router in France in
> Uganda, or France?
>
> Is a network in Fiji that can't talk to any other networks in Fiji without
> leaving the island but is one layer-3 hop away from Australia in Fiji, or
> Australia?
>
> Does the source address of a packet always identify the device that sent
> the packet?
>
> If I'm in region A and you're in region A, and you route within region to
> me but my replies leave the region on the way back, are we in the same
> region from my perspective? How about yours?
>
> Even: if I'm in region A but I'm using a DNS resolver in region B, am I in
> region A or region B?
>
>
> Joe
>

• Previous message (by thread): most accurate geo-IP source to build country-based access lists
• Next message (by thread): most accurate geo-IP source to build country-based access lists
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]