Sometimes it just because they have to announce to another region without changing IRR. 

They are a lot of geolocation database, but only ipip and ipinfo can correct the geolocation based on BGP routing information.

I'm assuming ipinfo is doing some scan, if the subnet have too many open 22 or 443 they would category as hosting.

And maybe they have a node in different regions, and they use icmp to detect the location.


But I think it is based on the BGP route mostly.

Brandon Z.
HUIZE LTD
www.huize.asia www.ixp.su | Twitter

This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.


On Mon, 3 Feb 2025 at 21:42, Jon Lewis <jlewis@lewis.org> wrote:
On Mon, 3 Feb 2025, Scott Q. wrote:

> What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of
> differences.
>
> For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0 
>
> How to handle such cases ?

The trouble with all the IP Geo providers is they're selling data based
on:

1) Assumptions
2) Unmaintained data
3) Stale data

RIR records are notorious for being unmaintained (by the member...I'm not
blaming ARIN/RIPE/etc.).  Same goes for rDNS...again, because the owner of
the space doesn't care enough to keep it up to date...because it's not
generally of operational importance to them.

Some networks will publish geofeeds, but getting all the IP Geo providers
to consume those is like herding invisible cats.

And don't get me started on end-users who consume data from an IP Geo
provider and "set and forget" it...ending up with years old data, based on
which they deny network or website access.

----------------------------------------------------------------------
  Jon Lewis, MCP :)              |  I route
  Blue Stream Fiber, Sr. Neteng  |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________