Hi Swinogers
Does anyone know who operates geoiplookup.net and how to contact them?
They repeatedly put parts of our IP ranges into Germany creating vast service disruptions for our affected customers by Swiss service providers that use their API for GeoBlocking.
Mit freundlichen Grüssen
-Benoît Panizzon-
Short update on that issue...
Does anyone know who operates geoiplookup.net and how to contact them?
It looks like they source their Data from MaxMind but are solver implementing corrections and therefore lacking behind corrections published there.
The issue we have is not with content, but with services.
There is one SIP telephone service provider which fences his customers to Swiss IP addresses only and provides services to businesses.
So if the static routed IP addresses of the business customer is locate outside Switzerland, this is an effective denial of service to the telephony of that customer.
This happens for the 3rd time within only a couple of weeks to the same customer of us now.
The TSP in question blames us for assigning foreign ip addresses to the customer in question and recommends the customer should get a new Swiss ip range from us. This of course is not feasible, as this would require lots of changes on the customer side.
Customer in question has an own transparent RIPE entry with country: ch since 2016! The range in question was never (since 2003, ripe does not provide prior data) assigned to an ISP or customer outside Switzerland.
What I am trying to do now, is set up an ISP bulk location feed to MaxMind and trying to persuade them to put a lock on our ip ranges so only we can provide locations for those and noone else. (Has anyone done this successfully?)
I am also pressing them to disclose how the same ip ranges now repeatedly got put back to Germany shortly after we successfully submitted corrections.
But all I get now is:
* Please use the online correction form.
* Thank you for submitting the correction, which we will push in our next update.
Still waiting for a human reaction related to that specific issue.
Mit freundlichen Grüssen
-Benoît Panizzon-
Benoit,
I have to say it's a frightening story to see. Essentially a third party company (the SIP provider) locked themselves into another third party provider (Maxmind/geoiplookup) and now it's your job to fix the latter's mistake?
Besides being a tricky situation to cleanup for two third parties, it shows how critically centralised the Internet has become.
If a single private party can render your services unusable, the distribution of weights in the Internet is completely out of balance.
Best regards,
Nico
-- Sustainable and modern Infrastructures by ungleich.ch
Hi Benoit
On 13/10/2022 08:46, Benoit Panizzon wrote:
What I am trying to do now, is set up an ISP bulk location feed to MaxMind and trying to persuade them to put a lock on our ip ranges so only we can provide locations for those and noone else. (Has anyone done this successfully?)
I am also pressing them to disclose how the same ip ranges now repeatedly got put back to Germany shortly after we successfully submitted corrections.
But all I get now is:
Please use the online correction form.
Thank you for submitting the correction, which we will push in our next update.
Still waiting for a human reaction related to that specific issue.
In short, we had exactly the same issues with Maxmind. Not related to Telefony services but TV.
Maxmind randomly puts /29 into Germany or such and it is a bit pain to notice and to correct and to notice when it is corrected.
We never got any feedback from Maxmind besides what you describe. Probably they start talking to you if you send them Money.
What we think caused Maxmind to thing the range is no longer in Switzerland are customers doing Homeoffice in eg Germany and using a VPN tunnel to that IP. So That they see tracking information on sites from the same PC From the German and the Swiss IP and then think the Swiss IP also must be in Germany. But this is only a theory and not proven at all.
Regards
Matthias
Am 2022-10-13 08:46, schrieb Benoit Panizzon:
Short update on that issue...
Does anyone know who operates geoiplookup.net and how to contact them?
It looks like they source their Data from MaxMind but are solver implementing corrections and therefore lacking behind corrections published there.
The issue we have is not with content, but with services.
There is one SIP telephone service provider which fences his customers to Swiss IP addresses only and provides services to businesses.
So if the static routed IP addresses of the business customer is locate outside Switzerland, this is an effective denial of service to the telephony of that customer.
This happens for the 3rd time within only a couple of weeks to the same customer of us now.
The TSP in question blames us for assigning foreign ip addresses to the customer in question and recommends the customer should get a new Swiss ip range from us. This of course is not feasible, as this would require lots of changes on the customer side.
Customer in question has an own transparent RIPE entry with country: ch since 2016! The range in question was never (since 2003, ripe does not provide prior data) assigned to an ISP or customer outside Switzerland.
What I am trying to do now, is set up an ISP bulk location feed to MaxMind and trying to persuade them to put a lock on our ip ranges so only we can provide locations for those and noone else. (Has anyone done this successfully?)
I am also pressing them to disclose how the same ip ranges now repeatedly got put back to Germany shortly after we successfully submitted corrections.
But all I get now is:
Please use the online correction form.
Thank you for submitting the correction, which we will push in our next update.
We also had a case like this, except it was gambling (and Zattoo, IIRC).
A single IP in our AS was assigned to Germany, for whatever reason.
I think we contacted the gambling-company's geo-fence provider (it was some other outfit than Maxmind, specializing in gambling and stuff like that) via Twitter who seemed to have a better connection to Maxmind (the original source of the data) and it got fixed, eventually.
It was very stressful....
But it could be worse: https://www.theguardian.com/technology/2016/aug/09/maxmind-mapping-lawsuit-k...
Rainer
Frankly, while I appreciate that MaxMind might behave a little more customer friendly, I'd say the problem here is that people don't understand what GeoIP is: A best guess. You should not send the police to a property because the IP appears in MaxMinds DB.
This is akin to blocking an e-mail because it contains the three letters "sex", and thus obviously is spam.
While I can see a Sheriff in rural Kansas lacking tech skills, I would expect a SIP provider to do better.
On 13.10.22 09:27, rainer@ultra-secure.de wrote:
But it could be worse: https://www.theguardian.com/technology/2016/aug/09/maxmind-mapping-lawsuit-k...
Best Serge
Frankly, while I appreciate that MaxMind might behave a little more customer friendly, I'd say the problem here is that people don't understand what GeoIP is: A best guess. You should not send the police to a property because the IP appears in MaxMinds DB.
That is true, but in many cases, it's the only alternative that is both cheap and somewhat privacy-friendly.
If you want reliable point-of-residence control, you need to ask people about their identity and verify it. That is undesirable to both service providers and end users. Sure, in some cases, people have to reveal their identity anyway (for example when making online purchases), but not in many others. And there is still lots of potential for faking it.
I'm pretty sure RIR's would allow MaxMind to query the original source of data, either for the IP or for the AS announcing the prefix to bgp. But RIR's will charge a service fee for that - what is legit from my perspective. If MaxMind spares this fee and delivers a shitty service then, the TSP should consider to switch to a more reliable source of data - it's them who is violating SLAs with their customers.
I don't see that too much of a problem, as long as the geolocation providers don't have to shell out big $$$ to every little owner of a /28 for their location data. They're making money off that data, after all.
But, it probably wouldn't work without legislation or legal precedent. Blocked access to an online casino would probably not be enough to convince a court, but maybe there are other cases, such as news outlets.
Or maybe it would work the other way? Someone with a residence in Switzerland gains access to a casino that is barred from doing business here, because the geolocation data is incorrect? You'd be opening a can of worms there, though...
Hi Benoit,
just my 5 cents ...
It's not the customer's responsibility to cover issues of their TSP using an unreliable source of geoIP information. The TSP would be able to whitelist exceptions to cover the gap between their unreliable data source and reality until their geoIP source has corrected their data. If it's a business customer, they will have a SLA with the TSP and since it's the fault of the TSP there is no question who is violating SLAs.
I'm pretty sure RIR's would allow MaxMind to query the original source of data, either for the IP or for the AS announcing the prefix to bgp. But RIR's will charge a service fee for that - what is legit from my perspective. If MaxMind spares this fee and delivers a shitty service then, the TSP should consider to switch to a more reliable source of data - it's them who is violating SLAs with their customers.
;-)
cheers
Ralph
----- Am 13. Okt 2022 um 8:46 schrieb Benoit Panizzon benoit.panizzon@imp.ch:
Short update on that issue...
Does anyone know who operates geoiplookup.net and how to contact them?
It looks like they source their Data from MaxMind but are solver implementing corrections and therefore lacking behind corrections published there.
The issue we have is not with content, but with services.
There is one SIP telephone service provider which fences his customers to Swiss IP addresses only and provides services to businesses.
So if the static routed IP addresses of the business customer is locate outside Switzerland, this is an effective denial of service to the telephony of that customer.
This happens for the 3rd time within only a couple of weeks to the same customer of us now.
The TSP in question blames us for assigning foreign ip addresses to the customer in question and recommends the customer should get a new Swiss ip range from us. This of course is not feasible, as this would require lots of changes on the customer side.
Customer in question has an own transparent RIPE entry with country: ch since 2016! The range in question was never (since 2003, ripe does not provide prior data) assigned to an ISP or customer outside Switzerland.
What I am trying to do now, is set up an ISP bulk location feed to MaxMind and trying to persuade them to put a lock on our ip ranges so only we can provide locations for those and noone else. (Has anyone done this successfully?)
I am also pressing them to disclose how the same ip ranges now repeatedly got put back to Germany shortly after we successfully submitted corrections.
But all I get now is:
Please use the online correction form.
Thank you for submitting the correction, which we will push in our
next update.
Still waiting for a human reaction related to that specific issue.
Mit freundlichen Grüssen
-Benoît Panizzon-
I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-leave@lists.swinog.ch
Hi
One more update after managing to get in contact with a Human @ MaxMind.
What I am piecing together from my exchanges with MaxMind.
They get location information, from some service providers who use GPS data from their apps to connect an IP to a location. So they trust those locations to be absolutely correct.
=> So I assume they get this data from some mobile apps. Probably not Google, I guess they would get better and more data points if using Google.
As mostly ranges are affected where we have business customers. I have to assume, that some of their employees live in Germany (usually the location reported are near the border of Switzerland) and use a permanent VPN from their mobiles to their employer in Switzerland.
MaxMind does NOT at all care nor verify what ranges are registered with RIPE. They just seem to use /25 ranges.
So it is just bad luck, if one IP in a /25 reports a location in Germany because an affected mobile app reports this to MaxMind and they have no data for the other ip addresses. Then the whole /25 is put into the wrong country, because the 'majority of the locations reports from IP addresses in this range indicate it is being used in Germany'.
Still trying to find out if there is a way to lock such ranges to Switzerland to prevent such updates.
Mit freundlichen Grüssen
-Benoît Panizzon-
Hello,
More than a year ago, RIPE per its policy "cleaned up" the country information in their database of prefix allocations/assignments. Which had all kind of side effects, e.g. the IPv4 and IPv6 prefixes we announced via IP Transit and Peering using BGP from Switzerland were not geo-located in Switzerland anymore, but in Sweden because the company at the time of its RIPE membership registration had deposited a legal documents from its administrative headquarters in Sweden.
In an attempt to limit those effects, I started to publish LOC resource records in our DNS, and to set up Self-Published IP Geolocation Feeds [1] as well. However, effects on geo-location providers were limited, also one or two months after I had published them. Although some of them queried our RFC8805 already within hours only, and modified their geo-location data within a few days accordingly thereafter.
Since then, I have not had an opportunity/necessity to look into RFC8805 et al. anymore. But maybe the situation has evolved/improved since, and it might be worth a try, as effort to setup is marginal ("If It Does Not Help It Does Not Do Any Harm." ;-)
Regards, Rolf
[1] RFC8805: A Format for Self-Published IP Geolocation Feeds https://tools.ietf.org/html/rfc8805
Last update
Kudos to Andrew from MaxMind.
He 'locked' all ImproWare Ranges to country: CH so no other sources should be able to change them as we observed repeatedly over the last months.
Mit freundlichen Grüssen
-Benoît Panizzon-