Reliable GeoIP database
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences. For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0 How to handle such cases ? Thanks! Scott
From my experience, ipinfo.io is one of the most reliable GeoIP databases
As for 1.2.9.0, it is not present in the DFZ, so I doubt you will find any correct GeoIP data for it anywhere. On Mon, 2025-02-03 at 06:17 -0500, Scott Q. wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
Thanks! Scott
IPInfo would be a solid choice, but MaxMind is also reliable in most cases. However, some IP databases often provide inaccurate results, and I would recommend avoiding IPStack. ARIN WHOIS is updated by the IP owner or user and can often be outdated or inaccurate, as many operators do not update it frequently. On Mon, Feb 3, 2025 at 12:19 PM Scott Q. <qmail@top-consulting.net> wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
Thanks! Scott
* qmail@top-consulting.net (Scott Q.) [Mon 03 Feb 2025, 12:18 CET]:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
That IP space presently isn't getting announced: https://irrexplorer.nlnog.net/prefix/1.2.8.0/21 so it's anyone's guess as to where it's in use, if at all. -- Niels.
We've been dealing with geoip issues for quite a while and this is what we came up with, maybe it would be useful for you https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md But we're also in progress of updating the logic to include latency as an additional parameter. On Mon, Feb 3, 2025, 12:20 Scott Q. <qmail@top-consulting.net> wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
Thanks! Scott
I don't feel like there is any reliable GeoIP database. The protocol wasn't designed for this and thus there is a lot of false information presented about where IP addresses are located. On Mon, Feb 3, 2025 at 10:28 AM Dmitriy A. <dak@prospectone.io> wrote:
We've been dealing with geoip issues for quite a while and this is what we came up with, maybe it would be useful for you https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md
But we're also in progress of updating the logic to include latency as an additional parameter.
On Mon, Feb 3, 2025, 12:20 Scott Q. <qmail@top-consulting.net> wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
Thanks! Scott
This is factual. I spend a significant amount of effort ensuring geoip is accurate for our customers and the proliferation of vendors makes this very annoying and time consuming when we are onboarding a new block. RFC9632 at least makes this easier - I definitely recommend doing so if you are not. On Mon, Feb 3, 2025 at 12:35 PM Dan Snyder <sliplever@gmail.com> wrote:
I don't feel like there is any reliable GeoIP database. The protocol wasn't designed for this and thus there is a lot of false information presented about where IP addresses are located.
On Mon, Feb 3, 2025 at 10:28 AM Dmitriy A. <dak@prospectone.io> wrote:
We've been dealing with geoip issues for quite a while and this is what we came up with, maybe it would be useful for you https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md
But we're also in progress of updating the logic to include latency as an additional parameter.
On Mon, Feb 3, 2025, 12:20 Scott Q. <qmail@top-consulting.net> wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
Thanks! Scott
100%. We have certain things we do here at ThreatSTOP that isolate some locations based on the upstream provider because all of the GeoIP databases are wrong. If we collectively understand that GeoIP is “best guess” or “best attempt” and not gospel, we’d all be better off. — Joel Esler Vice President, Security, Research, and Intelligence ThreatSTOP
On Feb 3, 2025, at 12:34, Dan Snyder <sliplever@gmail.com> wrote:
I don't feel like there is any reliable GeoIP database. The protocol wasn't designed for this and thus there is a lot of false information presented about where IP addresses are located.
On Mon, Feb 3, 2025 at 10:28 AM Dmitriy A. <dak@prospectone.io <mailto:dak@prospectone.io>> wrote:
We've been dealing with geoip issues for quite a while and this is what we came up with, maybe it would be useful for you https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md
But we're also in progress of updating the logic to include latency as an additional parameter.
On Mon, Feb 3, 2025, 12:20 Scott Q. <qmail@top-consulting.net <mailto:qmail@top-consulting.net>> wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 <http://1.2.9.0/24> . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
Thanks! Scott
On Mon, 3 Feb 2025, Scott Q. wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
The trouble with all the IP Geo providers is they're selling data based on: 1) Assumptions 2) Unmaintained data 3) Stale data RIR records are notorious for being unmaintained (by the member...I'm not blaming ARIN/RIPE/etc.). Same goes for rDNS...again, because the owner of the space doesn't care enough to keep it up to date...because it's not generally of operational importance to them. Some networks will publish geofeeds, but getting all the IP Geo providers to consume those is like herding invisible cats. And don't get me started on end-users who consume data from an IP Geo provider and "set and forget" it...ending up with years old data, based on which they deny network or website access. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Sometimes it just because they have to announce to another region without changing IRR. They are a lot of geolocation database, but only ipip and ipinfo can correct the geolocation based on BGP routing information. I'm assuming ipinfo is doing some scan, if the subnet have too many open 22 or 443 they would category as hosting. And maybe they have a node in different regions, and they use icmp to detect the location. But I think it is based on the BGP route mostly. *Brandon Z.* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus. On Mon, 3 Feb 2025 at 21:42, Jon Lewis <jlewis@lewis.org> wrote:
On Mon, 3 Feb 2025, Scott Q. wrote:
What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against ARIN but there's tons of differences.
For example: 1.2.9.0/24 . ARIN says it belongs to China Telecom but others say it's part of Russia: https://ipregistry.co/1.2.9.0
How to handle such cases ?
The trouble with all the IP Geo providers is they're selling data based on:
1) Assumptions 2) Unmaintained data 3) Stale data
RIR records are notorious for being unmaintained (by the member...I'm not blaming ARIN/RIPE/etc.). Same goes for rDNS...again, because the owner of the space doesn't care enough to keep it up to date...because it's not generally of operational importance to them.
Some networks will publish geofeeds, but getting all the IP Geo providers to consume those is like herding invisible cats.
And don't get me started on end-users who consume data from an IP Geo provider and "set and forget" it...ending up with years old data, based on which they deny network or website access.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (10)
-
Alex Buie -
Brandon Z. -
Dan Snyder -
Dmitriy A. -
joel@joelesler.net -
Jon Lewis -
Niels Bakker -
Scott Q. -
Serhii -
Siyuan Miao