At 01:56 PM 5/15/2006, Valdis.Kletnieks@vt.edu wrote:
On Mon, 15 May 2006 13:14:41 EDT, Bill Nash said:
It works for spammers.
Certainly explains all the Turkish spam I get, what with me being just outside Ankara and all.
That's likely because they are attempting to do some sort of location analysis themselves and have limited data to work with. Spammers are generally not stupid. They are cheap since their ability o generate revenue is randomized based on the exploit of the day, so to speak. Targeting you with Turkish ads is probably a combination of being cheap and someone possibly stupid. Anyhow...before this thread turns into the debacle of incorrect information that the NTP one did -- Typically, an ip address is analyzed by using multiple sources of data. An attempt is made at a "triangulation" of sorts with both good and bad bits compared. As the good bits build the confidence factor in the triangulation rises. So you could have 2 pieces of info that do correlate, bring in the whois record, no correlation with that, and then toss it and bring something else in. Whois accuracy is not a factor here. Geo location isn't perfect, but it's not "bad". I've heard of accuracy levels as high as 90% and I don't think that's too far fetched. With HostIP reporting 50% on the user survey and them being what I can demonstrate as "bad", 90% isn't a stretch at all. Look at a geo use case. If there were a cyber threat level, a defcon so to speak, and the highest level is 5 and we reach this level someday, it could be prudent to build filter lists based on geo located routing table data and begin to block and log certain sources based on the threat level alone. Good geo data makes this entirely feasible. Applying this type of thinking to Internet doomsday scenarios will be key in survivability, IMHO. If you want every solution to be 100%, we're likely to be down for some factor longer than we need to be. Anyhow, back to your regularly scheduled show. :-) -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com