IP 2 Country query

New Member Joined: Nov 21, 2004 Posts: 6

Hi there

I've recently installed Sentinel, in fact caught my first sucker this morning.

I have a question regarding the IP 2 Country thing. I recently downloaded a utility called xPress IP Locator. With that you can enter a country and it will display the ip ranges assigned to that country.

Now my question is, why are the results that gives TOTALLY different to the ranges listed in Sentinel IP 2 County.

Posted: Sun Nov 21, 2004 8:25 am

BostonGreen wrote:

Hi there

I've recently installed Sentinel, in fact caught my first sucker this morning.

I have a question regarding the IP 2 Country thing. I recently downloaded a utility called xPress IP Locator. With that you can enter a country and it will display the ip ranges assigned to that country.

Now my question is, why are the results that gives TOTALLY different to the ranges listed in Sentinel IP 2 County.

FYI, I registered to the "xPress IP Locator" site - I did however NOT receive the necessary login information via email, as promised during the registration process. So, therefore I cannot state any "point of view" based on facts - the undeneath is more or less "speculative annoyance"...

First of all, it'd be definately very nice to receive more details about the true statistical "characteristics" per your observations at introductory level - i.e. "how much is TOTALLY different", what are the used reference IP Range DBs? If IP Range DB's are "the same", the what are the version differencies between those DB's, if any?...

So, what is IP Range source for the "xPress IP Locator"?

If it is different than "ip-to-country.csv", then I'd say "the case is closed" as far as there's anything to be done to merge different views between two or more independent "IP Range DB Vendors". Otherwise (if the reference DB's are the same), the reasons may originate from any of the following "speculative deviations sources";

* using different "ip-to-country.csv" releases between the Apps
* existing differencies regarding the source "IP Ranges" in one or both of the Apps

Furthermore, just for the sake of curiosity...talking about "ip-2-country.csv"...

It should be noted that "ip-2-country.csv" is updated upon once (1) per month basis at the "*ip-2-country.csv* vendor end" - one should acknowledge this as a fact. There are differencies between the monthly released DB's (actually that's whole point of keeping it "up-to-date" Smile

)

So, when it comes to "ip-2-country.csv" utilization, the DB that is currently associated with the released "Sentinel IP 2 County" archive does not necessarily match with the latest "ip-2-country.csv", as it's definately up to end-user to take care of that DB being up-to-date per one's install.

Finally... it was interesting indeed to observe for some time ago, that (3) countries were DROPPPED in transistion to Nov-1st-2004 released "ip-2-country.csv" (currently the latest) - each of the DROPPED countries had one (1) IP Range ONLY associated with the DROPPED COUNTRY in the previous DB release... so there are currently (218) pcs of countries instead previously associated (221) pcs...

So...there may be several potential reasons for the presentation/utilization differencies between independent "IP Range Tools" - some of those potential ones being listed above...some of those not.

I'd suspect that the most significant general source for deviations in associated country specific IP Ranges, if any, is caused by existing differencies in used IP Range DB's between the independent Apps.

When it comes to stating "an absolute truth" about the CASE SPECIFIC reasons characterizing the made observations, there's simply not enough information being provided/associated to speculate any further.

Just stating the obvious (as usual).

BR,

-beetraham

Posted: Sun Nov 21, 2004 8:55 am

I wasn't picking holes, I was only asking so that I don't start, say, banning South Korea, when i'm actually banning France.

The latest IP to Country database is from Nov 6, 2004
country.ip4 - 252kb. (xPress Ip Locator)

A quick example of what each db throws back is:-

Afghanistan
xPress Ip=
202.56.176.0 - 202.56.191.255
202.86.16.0 - 202.86.31.255

IP 2 Country=
62.142.210.32 - 62.142.210.63
80.247.139.0 80.247.139.255
81.23.199.56 81.23.199.63
202.56.176.0 202.56.191.255
212.116.232.208 212.116.232.239
217.21.148.96 217.21.148.111

So as you can see, apart from one range, different results. Some don't even have a single matching range.

The link in my top post is the installer and the latest db for xPress IP, so feel free to grab it and check out the database.

Posted: Sun Nov 21, 2004 9:10 am

I might add, I'm really only concerned with banning South Korea, China, Vietnam and Indonesia, so am looking for definative ranges for those countries.

Posted: Sun Nov 21, 2004 9:17 am

BostonGreen wrote:

I wasn't picking holes, I was only asking so that I don't start, say, banning South Korea, when i'm actually banning France.

The latest IP to Country database is from Nov 6, 2004
country.ip4 - 252kb. (xPress Ip Locator)

A quick example of what each db throws back is:-

Afghanistan
xPress Ip=
202.56.176.0 - 202.56.191.255
202.86.16.0 - 202.86.31.255

IP 2 Country=
62.142.210.32 - 62.142.210.63
80.247.139.0 80.247.139.255
81.23.199.56 81.23.199.63
202.56.176.0 202.56.191.255
212.116.232.208 212.116.232.239
217.21.148.96 217.21.148.111

So as you can see, apart from one range, different results. Some don't even have a single matching range.

The link in my top post is the installer and the latest db for xPress IP, so feel free to grab it and check out the database.

This observation of YOURS is definately WORTHY and certainly appreciated amongst the users, congrats!! I'd suggest you to contact the Author of "xPress IP" to investigate these findings at the his/her end.

I'd suggest/recommend you to rely on the widely used "ip-to-country.csv" - at least until there's further resolution received from the Author of "xPress IP"

So, how to QuickReference in the meantime/interim?

You may want to use the ONLINE "IP Range Reference" Tool of mine in the meantime - I'll update it today to the "latest ip-to-country.csv" in an hour or two...

FRONTPAGE :
[ Only registered users can see links on this board! Get registered or login! ]

COUNTRIES MENU PAGE :
[ Only registered users can see links on this board! Get registered or login! ]

BR,

-beetraham

Posted: Sun Nov 21, 2004 9:25 am

BostonGreen wrote:

I might add, I'm really only concerned with banning South Korea, China, Vietnam and Indonesia, so am looking for definative ranges for those countries.

If you are using NukeSentinel 2.1.0 or 2.1.1, then why don't you use the "Banned Countries IP Ranges" MySQL Dumps that have been generated for banning entire countries? Just a suggestion - it'll save you from manually writing those IP Ranges into the NukeSentinel...

You'll find ALL the necessary MySQL dumps in the package being set downloadable at;
[ Only registered users can see links on this board! Get registered or login! ]

BR,

-beetraham

Posted: Sun Nov 21, 2004 9:39 am

Top man, thanks alot.

I'll visit the xpress site and either email em or if they got forum a i'll post in there, get them on the case as well.

In the meantime i'll check your dumps

Posted: Sun Nov 21, 2004 9:43 am

got it

Posted: Tue Nov 23, 2004 1:24 pm

Emailed xPress Ip Locator, Got this response:-

Quote:

Hello Underground,

eXpress IP Locator use information only directly from ARIN, APNIC
LACNIC and RIPE databases and because of this it's not so precision.

The country level NICs can suballocate subnetworks independently.
For example, in case of provided IP ranges:

62.142.0.0-62.142.255.255 is allocated for EUnet Finland and its
subnetwork 62.142.210.32 - 62.142.210.63 suballocated for Afghanistan.
The RIPE database don't contain information about this suballocation.