11 Oct
2022
11 Oct
'22
11:30 a.m.
Hi Swinogers
Does anyone know who operates geoiplookup.net and how to contact them?
They repeatedly put parts of our IP ranges into Germany creating vast
service disruptions for our affected customers by Swiss service
providers that use their API for GeoBlocking.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
13 Oct
13 Oct
8:46 a.m.
Short update on that issue...
Does anyone know who operates geoiplookup.net and how
to contact them?
It looks like they source their Data from MaxMind but are solver
implementing corrections and therefore lacking behind corrections
published there.
The issue we have is not with content, but with services.
There is one SIP telephone service provider which fences his customers
to Swiss IP addresses only and provides services to businesses.
So if the static routed IP addresses of the business customer is locate
outside Switzerland, this is an effective denial of service to the
telephony of that customer.
This happens for the 3rd time within only a couple of weeks to the
same customer of us now.
The TSP in question blames us for assigning foreign ip addresses to the
customer in question and recommends the customer should get a new
Swiss ip range from us. This of course is not feasible, as this would
require lots of changes on the customer side.
Customer in question has an own transparent RIPE entry with country: ch
since 2016!
The range in question was never (since 2003, ripe does not provide
prior data) assigned to an ISP or customer outside Switzerland.
What I am trying to do now, is set up an ISP bulk location feed to
MaxMind and trying to persuade them to put a lock on our ip ranges
so only we can provide locations for those and noone else. (Has anyone
done this successfully?)
I am also pressing them to disclose how the same ip ranges now
repeatedly got put back to Germany shortly after we successfully
submitted corrections.
But all I get now is:
* Please use the online correction form.
* Thank you for submitting the correction, which we will push in our
next update.
Still waiting for a human reaction related to that specific issue.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
9:03 a.m.
Benoit,
I have to say it's a frightening story to see. Essentially a third party
company (the SIP provider) locked themselves into another third party
provider (Maxmind/geoiplookup) and now it's your job to fix the latter's
mistake?
Besides being a tricky situation to cleanup for two third parties, it
shows how critically centralised the Internet has become.
If a single private party can render your services unusable, the
distribution of weights in the Internet is completely out of balance.
Best regards,
Nico
--
Sustainable and modern Infrastructures by ungleich.ch
9:14 a.m.
Hi Benoit
On 13/10/2022 08:46, Benoit Panizzon wrote:
What I am trying to do now, is set up an ISP bulk
location feed to
MaxMind and trying to persuade them to put a lock on our ip ranges
so only we can provide locations for those and noone else. (Has anyone
done this successfully?)
I am also pressing them to disclose how the same ip ranges now
repeatedly got put back to Germany shortly after we successfully
submitted corrections.
But all I get now is:
* Please use the online correction form.
* Thank you for submitting the correction, which we will push in our
next update.
Still waiting for a human reaction related to that specific issue.
In short, we had exactly the same issues with Maxmind. Not related to
Telefony services but TV.
Maxmind randomly puts /29 into Germany or such and it is a bit pain to
notice and to correct and to notice when it is corrected.
We never got any feedback from Maxmind besides what you describe.
Probably they start talking to you if you send them Money.
What we think caused Maxmind to thing the range is no longer in
Switzerland are customers doing Homeoffice in eg Germany and using a VPN
tunnel to that IP. So That they see tracking information on sites from
the same PC From the German and the Swiss IP and then think the Swiss IP
also must be in Germany. But this is only a theory and not proven at all.
Regards
Matthias
--
Matthias Cramer / mc322-ripe Senior Network & Security Engineer
iway AG Phone +41 43 500 1111
Badenerstrasse 569 Fax +41 44 271 3535
CH-8048 Zurichhttp://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
9:27 a.m.
Am 2022-10-13 08:46, schrieb Benoit Panizzon:
Short update on that issue...
We also had a case like this, except it was gambling (and Zattoo, IIRC).
A single IP in our AS was assigned to Germany, for whatever reason.
I think we contacted the gambling-company's geo-fence provider (it was
some other outfit than Maxmind, specializing in gambling and stuff like
that) via Twitter who seemed to have a better connection to Maxmind (the
original source of the data) and it got fixed, eventually.
It was very stressful....
But it could be worse:
https://www.theguardian.com/technology/2016/aug/09/maxmind-mapping-lawsuit-…
Rainer
Does anyone know who operates geoiplookup.net and
how to contact them?
It looks like they source their Data from MaxMind but are solver
implementing corrections and therefore lacking behind corrections
published there.
The issue we have is not with content, but with services.
There is one SIP telephone service provider which fences his customers
to Swiss IP addresses only and provides services to businesses.
So if the static routed IP addresses of the business customer is locate
outside Switzerland, this is an effective denial of service to the
telephony of that customer.
This happens for the 3rd time within only a couple of weeks to the
same customer of us now.
The TSP in question blames us for assigning foreign ip addresses to the
customer in question and recommends the customer should get a new
Swiss ip range from us. This of course is not feasible, as this would
require lots of changes on the customer side.
Customer in question has an own transparent RIPE entry with country: ch
since 2016!
The range in question was never (since 2003, ripe does not provide
prior data) assigned to an ISP or customer outside Switzerland.
What I am trying to do now, is set up an ISP bulk location feed to
MaxMind and trying to persuade them to put a lock on our ip ranges
so only we can provide locations for those and noone else. (Has anyone
done this successfully?)
I am also pressing them to disclose how the same ip ranges now
repeatedly got put back to Germany shortly after we successfully
submitted corrections.
But all I get now is:
* Please use the online correction form.
* Thank you for submitting the correction, which we will push in our
next update. 
9:37 a.m.
Frankly, while I appreciate that MaxMind might behave a little more
customer friendly, I'd say the problem here is that people don't
understand what GeoIP is: A best guess. You should not send the police
to a property because the IP appears in MaxMinds DB.
This is akin to blocking an e-mail because it contains the three letters
"sex", and thus obviously is spam.
While I can see a Sheriff in rural Kansas lacking tech skills, I would
expect a SIP provider to do better.
On 13.10.22 09:27, rainer(a)ultra-secure.de wrote:
But it could be worse:
https://www.theguardian.com/technology/2016/aug/09/maxmind-mapping-lawsuit-…
Best
Serge
--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org
15 Oct
15 Oct
11:27 a.m.
Frankly, while I appreciate that MaxMind might behave
a little more
customer friendly, I'd say the problem here is that people don't
understand what GeoIP is: A best guess. You should not send the police
to a property because the IP appears in MaxMinds DB.
That is true, but in many cases, it's the only alternative that is both
cheap and somewhat privacy-friendly.
If you want reliable point-of-residence control, you need to ask people
about their identity and verify it. That is undesirable to both service
providers and end users. Sure, in some cases, people have to reveal
their identity anyway (for example when making online purchases), but
not in many others. And there is still lots of potential for faking it.
I'm pretty sure RIR's would allow MaxMind to
query the original source
of data, either for the IP or for the AS announcing the prefix to bgp.
But RIR's will charge a service fee for that - what is legit from my
perspective. If MaxMind spares this fee and delivers a shitty service
then, the TSP should consider to switch to a more reliable source of
data - it's them who is violating SLAs with their customers.
I don't see that too much of a problem, as long as the geolocation
providers don't have to shell out big $$$ to every little owner of a /28
for their location data. They're making money off that data, after all.
But, it probably wouldn't work without legislation or legal precedent.
Blocked access to an online casino would probably not be enough to
convince a court, but maybe there are other cases, such as news outlets.
Or maybe it would work the other way? Someone with a residence in
Switzerland gains access to a casino that is barred from doing business
here, because the geolocation data is incorrect? You'd be opening a can
of worms there, though...
13 Oct
13 Oct
10:43 p.m.
Hi Benoit,
just my 5 cents ...
It's not the customer's responsibility to cover issues of their TSP using an
unreliable source of geoIP information.
The TSP would be able to whitelist exceptions to cover the gap between their unreliable
data source and reality until their geoIP source has corrected their data.
If it's a business customer, they will have a SLA with the TSP and since it's the
fault of the TSP there is no question who is violating SLAs.
I'm pretty sure RIR's would allow MaxMind to query the original source of data,
either for the IP or for the AS announcing the prefix to bgp.
But RIR's will charge a service fee for that - what is legit from my perspective. If
MaxMind spares this fee and delivers a shitty service then, the TSP should consider to
switch to a more reliable source of data - it's them who is violating SLAs with their
customers.
;-)
cheers
Ralph
----- Am 13. Okt 2022 um 8:46 schrieb Benoit Panizzon benoit.panizzon(a)imp.ch:
Short update on that issue...
Does anyone know who operates geoiplookup.net and
how to contact them?
It looks like they source their Data from MaxMind but are solver
implementing corrections and therefore lacking behind corrections
published there.
The issue we have is not with content, but with services.
There is one SIP telephone service provider which fences his customers
to Swiss IP addresses only and provides services to businesses.
So if the static routed IP addresses of the business customer is locate
outside Switzerland, this is an effective denial of service to the
telephony of that customer.
This happens for the 3rd time within only a couple of weeks to the
same customer of us now.
The TSP in question blames us for assigning foreign ip addresses to the
customer in question and recommends the customer should get a new
Swiss ip range from us. This of course is not feasible, as this would
require lots of changes on the customer side.
Customer in question has an own transparent RIPE entry with country: ch
since 2016!
The range in question was never (since 2003, ripe does not provide
prior data) assigned to an ISP or customer outside Switzerland.
What I am trying to do now, is set up an ISP bulk location feed to
MaxMind and trying to persuade them to put a lock on our ip ranges
so only we can provide locations for those and noone else. (Has anyone
done this successfully?)
I am also pressing them to disclose how the same ip ranges now
repeatedly got put back to Germany shortly after we successfully
submitted corrections.
But all I get now is:
* Please use the online correction form.
* Thank you for submitting the correction, which we will push in our
next update.
Still waiting for a human reaction related to that specific issue.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
_______________________________________________
swinog mailing list -- swinog(a)lists.swinog.ch
To unsubscribe send an email to swinog-leave(a)lists.swinog.ch
17 Oct
17 Oct
9:24 a.m.
New subject: MaxMind location determination (was: Contact: geoiplookup.net)
Hi
One more update after managing to get in contact with a Human @ MaxMind.
What I am piecing together from my exchanges with MaxMind.
They get location information, from some service providers who use GPS
data from their apps to connect an IP to a location. So they trust
those locations to be absolutely correct.
=> So I assume they get this data from some mobile apps. Probably not
Google, I guess they would get better and more data points if using
Google.
As mostly ranges are affected where we have business customers. I have
to assume, that some of their employees live in Germany (usually the
location reported are near the border of Switzerland) and use a
permanent VPN from their mobiles to their employer in Switzerland.
MaxMind does NOT at all care nor verify what ranges are registered with
RIPE. They just seem to use /25 ranges.
So it is just bad luck, if one IP in a /25 reports a location in
Germany because an affected mobile app reports this to MaxMind and they
have no data for the other ip addresses. Then the whole /25 is put into
the wrong country, because the 'majority of the locations reports from
IP addresses in this range indicate it is being used in Germany'.
Still trying to find out if there is a way to lock such ranges to
Switzerland to prevent such updates.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
11:02 a.m.
New subject: MaxMind location determination (was: Contact: geoiplookup.net)
Hello,
More than a year ago, RIPE per its policy "cleaned up" the country
information in their database of prefix allocations/assignments. Which
had all kind of side effects, e.g. the IPv4 and IPv6 prefixes we
announced via IP Transit and Peering using BGP from Switzerland were
not geo-located in Switzerland anymore, but in Sweden because the
company at the time of its RIPE membership registration had deposited
a legal documents from its administrative headquarters in Sweden.
In an attempt to limit those effects, I started to publish LOC
resource records in our DNS, and to set up Self-Published IP
Geolocation Feeds [1] as well.
However, effects on geo-location providers were limited, also one or
two months after I had published them. Although some of them queried
our RFC8805 already within hours only, and modified their geo-location
data within a few days accordingly thereafter.
Since then, I have not had an opportunity/necessity to look into
RFC8805 et al. anymore. But maybe the situation has evolved/improved
since, and it might be worth a try, as effort to setup is marginal
("If It Does Not Help It Does Not Do Any Harm." ;-)
Regards,
Rolf
[1] RFC8805: A Format for Self-Published IP Geolocation Feeds
https://tools.ietf.org/html/rfc8805
20 Oct
20 Oct
9:28 a.m.
New subject: MaxMind location determination (was: Contact: geoiplookup.net)
Last update
Kudos to Andrew from MaxMind.
He 'locked' all ImproWare Ranges to country: CH so no other sources
should be able to change them as we observed repeatedly over the last
months.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
222
days inactive
231
days old
10 comments
8 participants
participants (8)
-
Benoit Panizzon -
Gregor Riepl -
Matthias Cramer -
Nico Schottelius -
rainer@ultra-secure.de -
Ralph Krämer -
Rolf Sommerhalder -
Serge Droz