At 03:56 PM 5/15/2006, Alexander Harrowell wrote:
This is a frequent source of silly news stories - viz. the recent one, based on Google Trends, that Birmingham (UK) is the "top city" for porn searches and Brentford (UK) in the top five despite being a small suburb of London. Reason: both are the location of big isp NOCs.
Since you completely ignored the security aspect, I'll address your reference to Google Trends. This is what you are probably talking about: http://www.google.com/trends?q=porn If what you are saying is true, that's some pretty bad geo-location and YMMV, but what source are you using to discount Googles numbers? Are you saying that everyone on all 3 shifts in those "two large NOC's" are searching for Porn on Google? Or are you saying that all their netblocks are in whois and have roles that state their blocks are located at those NOC's? If it's the latter, that would support either you being innacurtae in your assumption about the Trend, or google being wrong. I'd need more proof that Google is that far off and that it would "appear" as though they are simply using whois registrations for geo locating in their Trends product. I'd tend to doubt it. Anything is possible, I suppose. -M<
On 5/15/06, Martin Hannigan <<mailto:hannigan@renesys.com>hannigan@renesys.com> wrote:
At 01:56 PM 5/15/2006, <mailto:Valdis.Kletnieks@vt.edu>Valdis.Kletnieks@vt.edu wrote:
On Mon, 15 May 2006 13:14:41 EDT, Bill Nash said:
It works for spammers.
Certainly explains all the Turkish spam I get, what with me being just outside Ankara and all.
That's likely because they are attempting to do some sort of location analysis themselves and have limited data to work with. Spammers are generally not stupid. They are cheap since their ability o generate revenue is randomized based on the exploit of the day, so to speak. Targeting you with Turkish ads is probably a combination of being cheap and someone possibly stupid. Anyhow...before this thread turns into the debacle of incorrect information that the NTP one did --
Typically, an ip address is analyzed by using multiple sources of data. An attempt is made at a "triangulation" of sorts with both good and bad bits compared. As the good bits build the confidence factor in the triangulation rises. So you could have 2 pieces of info that do correlate, bring in the whois record, no correlation with that, and then toss it and bring something else in. Whois accuracy is not a factor here.
Geo location isn't perfect, but it's not "bad". I've heard of accuracy levels as high as 90% and I don't think that's too far fetched. With HostIP reporting 50% on the user survey and them being what I can demonstrate as "bad", 90% isn't a stretch at all.
Look at a geo use case. If there were a cyber threat level, a defcon so to speak, and the highest level is 5 and we reach this level someday, it could be prudent to build filter lists based on geo located routing table data and begin to block and log certain sources based on the threat level alone. Good geo data makes this entirely feasible.
Applying this type of thinking to Internet doomsday scenarios will be key in survivability, IMHO. If you want every solution to be 100%, we're likely to be down for some factor longer than we need to be.
Anyhow, back to your regularly scheduled show. :-)
-M<
-- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations
<mailto:hannigan@renesys.com>hannigan@renesys.com
-- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com