Please find my comments below.
It is possible that this address is used by North Korea, they don't have a massive IP allocation and I would expect that perhaps there are some tunnels, but I can't figure out where MaxMind have got this idea from.
We aware of a small number of IP ranges tunneling to North Korea through some specific ISP. However, this IP address is registered by a VPN provider which also registered ranges in many other countries. We have no evidence that this VPN provider has a server located in those countries reported for their VPN service.
I think GeoIP is actually a far more difficult problem when it's not typical residential customers. Satellite customers, for instance, may use IP blocks that are spread across multiple countries.
I would expect that cloud providers and larger datacenter providers are using tunnels of sorts between their datacenters. Tunnels kill any visibility into the real routing path.
The large cloud providers such as AWS and Azure publishes their data center and IP addresses range to public. Data centers usually avoiding tunnels due to performance and cost-effectiveness. We do see rare cases required tunnels such as DDoS protection.
When it comes to measuring the accuracy of databases for datacenters, I wonder if there could be some means for relay operators to self-report a location and then we can compare this with different databases.
If this is possible, then it is a good way to perform benchmarking. However, we need to make sure the relay operator is giving the right information.
- Kim
On Thu, Aug 24, 2017 at 3:50 AM, Iain R. Learmonth irl@torproject.org wrote:
Hi,
On 23/08/17 03:45, KL Liew wrote:
How is your accuracy for data centres?
I don't aware of any research papers targeting data center only. IP2Location should be highly accurate because we are using network routing information to determine physical location instead of registrant address.
For example, IP2Location is reporting 185.56.163.144 as in France after reviewing the network routing information as below. However, if you search the same IP address in other geolocation providers, you might see it as reported as North Korea, a country with limited Internet access.
It is possible that this address is used by North Korea, they don't have a massive IP allocation and I would expect that perhaps there are some tunnels, but I can't figure out where MaxMind have got this idea from.
I think GeoIP is actually a far more difficult problem when it's not typical residential customers. Satellite customers, for instance, may use IP blocks that are spread across multiple countries.
I would expect that cloud providers and larger datacenter providers are using tunnels of sorts between their datacenters. Tunnels kill any visibility into the real routing path.
When attempting to perform GeoIP for routers, the problem is compounded as you don't know who really owns the router based on IP addresses alone, routers having multiple IP addresses, etc.
With the influx of new TLDs and TLDs being chosen for vanity purposes, they are also not a useful indicator.
I fear its the smaller providers, the more Tor-friendly providers, that are missing or inaccurately represented in the databases.
When it comes to measuring the accuracy of databases for datacenters, I wonder if there could be some means for relay operators to self-report a location and then we can compare this with different databases.
Is there a safe way for relay operators to prove that they control a relay and self-report the location of the relay without us having to have an extra field in relay descriptors or overload the contact field? Some sort of out-of-band means?
Thanks, Iain.
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev