Increasing problems with geolocation/IPv4 access
Jared Mauch
jared at puck.nether.net
Sat Jan 21 12:36:43 UTC 2023
> On Jan 20, 2023, at 11:29 PM, Crist Clark <cjc+nanog at pumpky.net> wrote:
>
> Are you sure it’s really geolocation blocks? Or is it anonymizer and VPN service detection? The geoIP vendors typically sell both since one of anonymizers’ top applications is to evade geolocation. Have customers using peer-to-peer anonymizers wittingly or unwittingly? Customers with malware or other PUPs hosting anonymizer services?
I know in the case of one provider it was a geolocation related issue. I don’t know if they fixed it, as I said the customers left that provider so the complaint went away.
There seem to be a few issues happening. If I’m not getting the bot/threat feeds for those places, I’m happy to follow-up with that customer, but some is just flat out things like “This isn’t IP space in US” or the feedback from the customer says the provider places them in Mexico.
As I said, looking for any place that has 23.138.114.0/24 in a feed to be blocked as some of the ISD (intermediate school district) that aggregates tech for several around the area started blocking over the winter break anyone in that /24, can ping from other subnets but not that one *smh*.
I’m a bit grasping at straws, but also looking for any ideas or information that people may have around it. I get some people may update monthly, or take time to get the changes through their systems, but parts of this have been going on now since mid-late September. If it’s going to take 1.5-2 quarters to have the IP space be viable, this is something I’ll be taking up eventually with folks at ARIN - similar to issues with other things that may not be easily fixed, there’s a level of effort that I’m willing to undertake here, but at some point there is a question about if it’s fit for any purpose.
The reality is I expect if I can find where the feed is that has the space flagged, that will likely address this part of the long tail. I would hate to end up doing more NAT-PT/44 due to one or a few vendors with bad data sources.
- Jared
More information about the NANOG
mailing list