MaxMind GeoIp DB retired
-
Hi
https://blog.maxmind.com/2020/06/retirement-of-geoip-legacy-downloadable-databases-in-may-2022/
Any impact on pfsense users regarding IDS/IPS??
-
@cool_corona While I am not sure what db the ips packages download, pretty sure for example the pfblocker is not using the legacy since you had to add your maxmind api key, etc..
This shows what db you have access to if you log into your maxmind account you set up when pfblocker switched to that..
I would assume any current packages for ips would be using the newer maxmind dbs
But seems like a very legit question, maybe @bmeeks could chime in.. Since he maintains those packages.
-
@johnpoz You beat me to it :)
-
how Ironic, wrong side of the UK:-
Dear MaxMind Customer,
A new device was used to log into your MaxMind account.
Date and Time : 2022-07-13 15:25 UTC
IP Address : 2a02:xxxx:xxxx:xxxxx::14
IP Geolocation : Felixstowe, Suffolk, England, United KingdomIf you recognize this login, you can safely ignore this notification.
If you don't recognize this login, please reset your password through the Reset Password form. More tips for securing your MaxMind account can be found on our knowledge base.
If you are unable to reset your password, please contact us at support@maxmind.com for assistance.
Sincerely
The Team at MaxMindNot even the GeoIP where my ISP is based.
-
@nogbadthebad said in MaxMind GeoIp DB retired:
how Ironic, wrong side of the UK:-
Yeah nothing saying their DBs are correct heheh
I gave up trying to get something updated, we owned a large amount of space /16, and for some strange reason it was showing an IP that was one of our proxies out of FL, was from vietnam - and this was causing users issues with their bank websites, etc.
I tried forever trying to get maxmind to update their shit, sending them all the info that we clearly owned that IP space, and it sure and the hell was not out of vietnam, etc. etc.. You could do a simple lookup of the ASN and tell it wasn't routing through or coming out of that part of the world.
Their update/correction process is horrible.. I finally just gave up, and we shut down that DC anyway, and the IP range is no longer owned by us..
edit: I just looked at the email I got from them when I logged in - and at least that is correct, down to the correct city even..
-
Should be no impact to Suricata users. I switched the package over a long time ago to use the GeoLite2-Country database (same as pfBlockerNG, I believe).
It said the old database would be retired in May of 2022. It is now July of 2022 and the database download/update is working fine in one of my newly minted test virtual machines running Suricata.