> On Jan 20, 2023, at 11:29 PM, Crist Clark <cjc+na...@pumpky.net> wrote:
>
> Are you sure it’s really geolocation blocks? Or is it anonymizer and VPN
> service detection? The geoIP vendors typically sell both since one of
> anonymizers’ top applications is to evade geolocation. Have customers using
> peer-to-peer anonymizers wittingly or unwittingly? Customers with malware or
> other PUPs hosting anonymizer services?
I know in the case of one provider it was a geolocation related issue. I don’t
know if they fixed it, as I said the customers left that provider so the
complaint went away.
There seem to be a few issues happening. If I’m not getting the bot/threat
feeds for those places, I’m happy to follow-up with that customer, but some is
just flat out things like “This isn’t IP space in US” or the feedback from the
customer says the provider places them in Mexico.
As I said, looking for any place that has 23.138.114.0/24 in a feed to be
blocked as some of the ISD (intermediate school district) that aggregates tech
for several around the area started blocking over the winter break anyone in
that /24, can ping from other subnets but not that one *smh*.
I’m a bit grasping at straws, but also looking for any ideas or information
that people may have around it. I get some people may update monthly, or take
time to get the changes through their systems, but parts of this have been
going on now since mid-late September. If it’s going to take 1.5-2 quarters to
have the IP space be viable, this is something I’ll be taking up eventually
with folks at ARIN - similar to issues with other things that may not be easily
fixed, there’s a level of effort that I’m willing to undertake here, but at
some point there is a question about if it’s fit for any purpose.
The reality is I expect if I can find where the feed is that has the space
flagged, that will likely address this part of the long tail. I would hate to
end up doing more NAT-PT/44 due to one or a few vendors with bad data sources.
- Jared
