Re: Determining the country of orgin for IP address(es)

From: Glenn Forbes Fleming Larratt (glratt@rice.edu)
Date: 02/26/02 

Date: Tue, 26 Feb 2002 13:36:14 -0600 (CST)
From: Glenn Forbes Fleming Larratt <glratt@rice.edu>
To: <incidents@securityfocus.com>

It may have been the theory that IP ranges were geographically organized,
but that's long since gone the way of all things.

We considered blocking all of .kr, since for a time they were the leading
source of portscans of our network, and got the following abridged results.

I think you'll find that there are chunks per continent, delegated to
RIPE, APNIC, or some South American registries, but that IP range<->nation
mappings simply don't exist in a viable or useful way.

================================================================
.kr is krnic@apnic + hananet@apnic + "korea"@arin:

(flankedby) (range) (maskable blocks)

.au -> 61.95.63.255
inetnum: 61.96.0.0 - 61.111.255.255 1
.jp 61.112.0.0 ->

unallocated APNIC -> 61.247.255.255
inetnum: 61.248.0.0 - 61.255.255.255 1
.il -> 62.0.0.0

af.mil -> 128.133.0.0/16
        128.134.0.0 - 128.134.255.255 1
uchicago.edu -> 128.135.0.0/16

inetnum: 202.6.95.0 - 202.6.95.255 1

inetnum: 202.14.103.0 - 202.14.103.255 1

inetnum: 202.14.165.0 - 202.14.165.255 1

inetnum: 202.20.82.0 - 202.20.82.255 3
inetnum: 202.20.83.0 - 202.20.86.255

inetnum: 202.20.99.0 - 202.20.99.255 1

inetnum: 202.20.119.0 - 202.20.119.255 1

inetnum: 202.20.128.0 - 202.20.255.255 2
inetnum: 202.21.0.0 - 202.21.7.255

inetnum: 202.30.0.0 - 202.31.255.255 1

inetnum: 203.224.0.0 - 203.224.255.255 1
inetnum: 203.225.0.0 - 203.225.255.255
inetnum: 203.226.0.0 - 203.231.255.255
inetnum: 203.232.0.0 - 203.239.255.255
inetnum: 203.240.0.0 - 203.243.255.255
inetnum: 203.244.0.0 - 203.247.255.255
inetnum: 203.248.0.0 - 203.255.255.255

        :
        :
        :

On Tue, 26 Feb 2002, Brian Nichols wrote:

> Date: Tue, 26 Feb 2002 10:16:00 -0500
> From: Brian Nichols <Brian_Nichols@dcecu.org>
> To: incidents@securityfocus.com
> Subject: Determining the country of orgin for IP address(es)
>
> Hello,
> I am looking for a list or a tool that will allow us to determine and
> possibly block IPs from other countries. I am aware of Geo-IP, are
> there any others?
> I initially understood, please correct me if I am wrong, that when IPS
> were originally given out there was a number scheme in regards to
> countries. If so, is there a huge check/cross listing?
>
> Thank you,
> Brian Nichols

                                Glenn Forbes Fleming Larratt
                                Rice University Network Management
                                glratt@rice.edu

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Quantcast