Increasing problems with geolocation/IPv4 access

Sat Jan 21 01:07:13 UTC 2023

Even worse, some don’t even bother taking you off a list or correcting their records. In these cases I’ve had great luck once our lawyers get involved, but that really only works for US-based companies.

Pretty sure the last company who used our IP space was just wrecking the internet for fun, took a while to get off of some large blocklists. At least it was an easy business justification to rapidly deploy IPv6…

Sent from my iPhone

> On Jan 20, 2023, at 19:50, Mike Lyon <mike.lyon at gmail.com> wrote:
> 
> I’ve come to the conclusion that the geo-ip feed companies don’t give a damn about the legitimacy of their information and don’t research any of it. They just wait for the end user to complain to make the change.
> 
> Had one today, in fact.
> 
> They’re lame.
> 
> -Mike
> 
> 
> 
>> On Jan 20, 2023, at 16:33, Jared Mauch <jared at puck.nether.net> wrote:
>> 
>> I’ve been seeing an increasing problem with IP space not having the ability to be used due to the behaviors of either geolocation or worse, people blocking IP space after it’s been in-use for a period of time.
>> 
>> Before I go back to someone at ARIN and say “your shiny unused 4.10 IP space” is non-functional and am at a place where I need to start/restart/respawn the timer, I have a few questions for people:
>> 
>> 1) Do you see 23.138.114.0/24 in any feeds from a security provider that say it can/should be blocked?  If so, I’d love to hear from you to track this down.  Over the new year we had some local schools start to block this IP space.
>> 
>> 2) many companies have geolocation feeds and services that exist and pull in data.  The reputable people are easy to find, there are those that are problematic from time-to-time (I had a few customers leave Sling due to the issues with that service).
>> 
>> 3) Have you had similar issues?  How are you chasing all the issues?  We’ve seen things from everything works except uploading check images to banks, to other financial service companies block the space our customers are in.  If we move them to another range this solves the problem.
>> 
>> 4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.
>> 
>> 5) IRR+geofeed are published of course.  I’m thinking that it might be worthwhile that IP space have published placeholders when it’s well understood, eg: ARIN 4.9 space, I can predict what our next allocation would be, it would be great to have it be pre-warmed. 
>> 
>> I’ve only seen a few complaints against all our IP space over time, so I don’t think there’s anything malicious coming from the IP space to justify it, but it’s also possible they didn’t make it through.
>> 
>> If you’re with the FKA Savvis side, can you also ping me, I’d like to see if you can reach out to our most recent complaint source to see if we can find who is publishing this.  Same if you’re with Merit or the Michigan Statewide Educational Network - your teachers stopped being able to post to powerschool for their students over the new year break.  They’ve fed it up to their tech people towards the ISD.  Details available off-list.
>> 
>> Any insights are welcome, and as I said, I’d like to understand where the source list is as it starts out working then gradually breaks, so someone is publishing things and they are going out further.
>> 
>> - Jared
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2329 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230120/b59544f8/attachment.bin>