Submitting Fake Geolocation for blocks to Data Brokers and RIRs

William Herrin bill at herrin.us
Wed Apr 21 19:21:26 UTC 2021


On Wed, Apr 21, 2021 at 11:58 AM nanoguser100 via NANOG <nanog at nanog.org> wrote:
> I wanted to get the communities' opinion on this.
>
> Increasingly I have run into 'niche needs' where a client has a few users in a country we don't have a POP, say Estonia.  This is 'mainly' for localization but also in some cases for compliance (some sites REQUIRE an Estonian IP).  With that being said is it common practice to 'fake' Geolocations?  In this case the user legitimately lives in Estonia, they just happen to be using our cloud service in Germany.

If the endpoint (e.g. web server) is physically located in Germany and
you're helping a client misrepresent that it's located in Estonia in
order to evade a legal requirement that it be located in Estonia then
you've made yourself a party to criminal fraud. Do I really need to
explain how bad an idea that is?

If the service is a VPN relay for addresses which are actually being
used in Estonia then what's the problem? You're just a transit for
those IPs. Report the location where the endpoints are, not the
transits.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/


More information about the NANOG mailing list