[tor-bugs] #6438 [Tor Client]: Evaluate software77's geoip database

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Sep 6 01:06:49 UTC 2012 

#6438: Evaluate software77's geoip database
------------------------+---------------------------------------------------
 Reporter:  nickm       |          Owner:                    
     Type:  task        |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:  geoip       |         Parent:  #6266             
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by karsten):

 Replying to [comment:4 karsten]:
 > Regarding the question how much Software77/the registries agree with
 Maxmind, I'd like to run another comparison when Maxmind publishes their
 September database.  Then we can traceroute relay addresses that they
 disagree about.  I'll keep an eye on Maxmind's website in the next days to
 see when there September database is available.

 Of course they published the database a few hours after I posted this
 comment.

 Here are the results of Nick's script (with some trivial modifications)
 when running it on Maxmind's September 5 database, a Software77-like
 database built on September 5 from the five registry databases, and the
 consensus from September 5, 22:00 UTC:

 {{{
 testing the consensus
 109.163.238.48 de => ro
 138.199.68.230 nl => eu
 149.154.158.225 us => at
 173.245.79.54 cn => us
 176.31.132.137 gb => fr
 176.31.15.236 gb => fr
 176.31.48.135 gb => fr
 178.18.254.11 us => de
 178.32.246.74 gb => fr
 178.32.65.82 cz => fr
 178.33.32.123 de => fr
 188.165.73.221 ie => fr
 192.71.245.137 it => se
 192.71.245.72 it => se
 192.71.245.89 it => se
 194.150.168.79 eu => de
 195.5.121.253 nl => de
 199.36.123.113 ca => us
 205.185.117.40 us => ca
 208.111.45.245 in => us
 209.141.61.9 us => ca
 209.141.61.98 us => ca
 216.12.198.82 sg => us
 216.12.198.83 sg => us
 216.12.198.84 sg => us
 216.12.214.106 sg => us
 216.231.135.28 es => us
 37.205.9.131 cz => sk
 37.235.48.132 pl => at
 37.235.49.157 is => at
 37.235.49.37 is => at
 37.59.237.163 gb => fr
 46.105.174.75 nl => fr
 46.166.143.131 lu => gb
 46.166.159.35 de => gb
 46.166.159.51 de => gb
 46.166.159.52 de => gb
 46.166.159.53 de => gb
 46.166.159.54 de => gb
 46.166.159.55 de => gb
 46.166.159.56 de => gb
 46.166.159.57 de => gb
 46.166.159.58 de => gb
 46.166.159.59 de => gb
 46.166.159.90 de => gb
 46.166.159.91 de => gb
 46.166.159.92 de => gb
 46.21.151.71 us => nl
 50.7.194.122 cz => us
 50.7.240.10 cz => us
 50.7.241.218 cz => us
 50.7.246.50 cz => us
 50.7.246.51 cz => us
 50.7.246.52 cz => us
 50.7.246.53 cz => us
 50.7.246.54 cz => us
 50.7.248.234 cz => us
 50.7.248.235 cz => us
 50.7.248.236 cz => us
 50.7.248.237 cz => us
 50.7.248.238 cz => us
 50.7.253.194 cz => us
 50.7.253.195 cz => us
 50.7.253.196 cz => us
 50.7.253.197 cz => us
 50.7.253.198 cz => us
 50.7.253.234 cz => us
 50.7.253.235 cz => us
 50.7.253.236 cz => us
 50.7.253.237 cz => us
 50.7.253.238 cz => us
 54.247.9.57 ie => us
 69.147.252.41 in => us
 69.195.211.198 co => us
 69.195.211.203 co => us
 69.90.151.229 ca => us
 74.116.249.71 se => us
 74.120.12.135 de => us
 74.120.12.140 de => us
 74.120.15.150 de => us
 77.244.254.227 de => at
 77.244.254.228 de => at
 77.244.254.229 de => at
 77.244.254.230 de => at
 82.146.49.65 us => ru
 83.125.20.240 de => eu
 83.133.106.73 de => eu
 83.133.224.61 de => eu
 84.19.175.182 it => de
 84.200.76.196 us => de
 84.233.197.147 it => gb
 87.98.250.244 gb => fr
 91.121.245.171 it => fr
 94.23.117.228 de => fr
 94.23.117.229 de => fr
 94.23.120.170 gb => fr
 94.23.147.149 nl => fr
 94.23.147.164 nl => fr
 94.23.148.23 nl => fr
 94.23.150.191 nl => fr
 94.23.153.225 gb => fr
 94.23.164.42 de => fr
 94.23.168.39 cz => fr
 94.23.68.252 it => fr
 94.23.70.173 it => fr
 94.23.73.182 it => fr
 0.964725457571
 Testing 10000 random IPs
 0.9833
 }}}

 I looked up a few of the addresses from that list (traceroute, whois,
 relay nicknames, contacts).  It seems that Maxmind is correct in most of
 the cases and that the registry files are wrong.

 Interestingly, whois requests agree with Maxmind in most (if not all)
 cases.  It seems that the Maxmind database uses
 [https://www.arin.net/resources/request/bulkwhois.html bulk whois data]
 rather than the publicly available files.

 How much do we care about the 3.6% of wrongly identified relay addresses
 and 1.7% wrongly identified random/client addresses?  We could contact the
 registries and ask for access to their bulk data.  This might require some
 more parsing code on our end though.  This is the as-good-as-Maxmind
 variant.

 If we don't care as much, I'll rewrite the script that puts together the
 five registry files for Tor's contrib/ directory, and we can call it done.
 We could easily make a new geoip file whenever we put out a new Tor
 release.  This is the as-good-as-Software77-variant.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6438#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list