ip2location as alternative for MaxMind databases

Sergei_Shablovsky

Let's to note that another one great DB exist - from ip2location company. Like in MaxMind for end user there are free "Lite" DB to download.

Due GDPR and CCPA really not make security in IT better (because some companies and bad guys starting to using this legal ability (so called “Do Not Sell” requests) to makes security tasks for admins more complicated) and largest DB start to degrade in quality.
Some kind of digital madness IMHO, because this GDPR / CCPA not really against the problem of users private data. The source of problems are in another place, not in MaxMind / other maintainers DB.

So, at this moment DB maintainer that not stretched by US/EU laws able to keep DB as full as possible. ip2location is one of the well-known and reputable companies.

What is bad to make ability to choose in pfSense in what DB to work MaxMind / ip2location ?

P.S. Of course I know, that this is additional work for programmers, etc, etc... But anyway, sooner or later that problem come popup again.

UPDATE: There are another one great geo-service DB-IP

Sergei_Shablovsky

Forgot to write about another great aggregator FireHOL.org.

Also free from stupid GDPR / CCPA, and less popularity rather MaxMind keep them out from the political spot and political populistic hits.

pftdm007

A few quick (simple) questions:

• Since I have nothing open on WAN (incoming), and that I am still using IPV4+DNSBL can I conclude that by not using GeoIP (Maxmind) I am only losing the possibility of blocking OUTGOING traffic to certain Countries? (I am refering to LAN).

• How can I disable the annoying notification that Maxmind now requires a license key? pfsense issues notifications and sends me an email as well twice per hour....

  pfBlockerNG MaxMind - MaxMind now requires a License Key! Review the General tab: MaxMind settings for more information. @ 2020-01-04 14:02:44
  pfBlockerNG MaxMind - MaxMind now requires a License Key! Review the General tab: MaxMind settings for more information. @ 2020-01-04 14:57:59
  pfBlockerNG MaxMind - MaxMind now requires a License Key! Review the General tab: MaxMind settings for more information. @ 2020-01-04 15:02:53

RonpfS

There is a setting to disable MaxMind Update.
You might as well update pfblockerNG to re-enable GeoIP2.

pftdm007

I take that the checkbox "Disable MaxMind CSV database Updates" is not the setting you are refering to since its tooltip says "This will disable the MaxMind monthly CSV GeoIP database Cron update. This does not affect the MaxMind binary cron task that is used for other GeoIP functionality in the package."

Clearly it does not disable the CRON update.

In the GeoIP tab, the action is set to "DISABLED" for the lists.

And after that, was I right in assuming disabling GeoIP wont affect network security other than lose the ability to block LAN clients from accessing selected countries? I am just trying to understand the implication of this since I have been using this feature so far (since it was implemented in pfblockerng) and today I just realized that I may have been using this for nothing since there are no open ports or other stuff on WAN (default pfsense rules).

Thanks!

provels

@pftdm007 Yes, it would just prevent outbound connections, not a bad thing. I think you can install the cron package, then disable/delete the Maxmind update task, but if the PFB package is set to just check for the presence of a license key, this might not help. Maybe you can make up a dummy key? It's a 16 character mixed case alphanumeric. And disable the cron task so it doesn't throw authentication errors. Maybe.

pftdm007

@provels

Thanks for the suggestions, but I cannot be the only one using pfblockerNG and not wanting to enroll in Maxmind's commercial scheme?

Additionally, I understand the GeoIP updates are probably managed via CRON, and I do have the package installed, but I generally try to avoid modifying core system settings like that in case I mess up. One would think that setting the "List Action" to disabled in GeoIP's tab would disable GeoIP but I imagine its not the case.

Is GeoIP built-in to pfblockerng??

Finally, I dont understand what's going on with this GeoIP stuff. I never added a license key, yet after several pfblockerng updates and even a firewall reboot, traffic is still blocked by GeoIP rules (I see the alerts in the alerts tab). For example:

Additionally, on the main firewall page, I still see the lists:

Is it because pfblockerng is still using old aliases from the last successful GeoIP update?

provels

1. The Maxmind key is free, so I don't get what the problem is. Use fake info and a throwaway email address.
2. You can disable the cron task by simply editing the command, adding a leading "# " and saving.
3. Yes, it's built into pfB.
4. The GeoIP data only updates the first Tuesday of the month and pfB only updates once the following Thursday, at least that's how I understand it. Your December data is still in place.

dotdash

@provels said in ip2location as alternative for MaxMind databases:

1. The Maxmind key is free, so I don't get what the problem is. Use fake info and a throwaway email address.

Aside from the fact that using fake info violates their TOS, I think the concern the OP brings up is- what is to prevent bad actors from removing themselves from the list due to 'privacy reasons' and thereby rendering the list basically useless?
My understanding is that the alternative lists he mentioned will not be removing addresses due to user requests.

johnpoz

I think the whole thing stinks of company taking a privacy law and trying to monetize it to be honest.

I could see a concern when the IP pointed to your specific address or something. But the vast majority of IPs are just IPs handed to a user from their ISP.. That the geoip for the IP says its from country X, or state Y or even city Z... is some violation of your privacy is just freaking nuts..

What happens when isp having say range 1.2.3/24 located in US hands user A 1.2.3.100, and user B 1.2.3.101

And user B says hey - don't list my .101 address.. But user A doesn't care and maybe even wants his IP listed..

How do you remove .101 and not all of 1.2.3/24 for starters? Are you going to have specific entries for every single IP? even if you remove .101, pretty clear that 1.2.3/24 is used in the US.. Do you have to remove the whole freaking 1/8??

And what happens when the next day user B gets .100, or .102?

The whole thing is just not viable!!

Seems more like they just want an excuse to get info from the people that are using their so called "free" list..

pftdm007

This is becoming an interesting conversation, I didnt expect that!

@dotdash said in ip2location as alternative for MaxMind databases:

Aside from the fact that using fake info violates their TOS

Exactly my point. I am tired of entering my personal info all over the web just to get "free stuff". Once you enter your info, good luck removing it from their services. Most of them dont even allow deleting or closing an account and they retain your data pretty much forever just to be the victim of the next data breach, and sell it to the highest bidder. Over the years I have had to enter personal info (email, phone number, etc) just to be able to register to forums, services, etc, only to later find out that ther are NO possibility of deleting your account or information. Basically a spider web. Once caught, its too late. They are asking for real info (not throwaway email or etc) proving my point.

Maxmind is no different IMO. Countless "free" services I have seen moving from totally free (here's the data, grab it as you wish) to "oh now you have to create an account and enter your personal info", to "sorry this is now commercial and you will have to pay to continue using it". I may be wrong, but I am 99% sure Maxmind is headed this way and soon enough, pfblocker's devs will have to recode it to accept other sources or provide the posibility to disable it entirely. I believe this should have been like that since the beginning.

@dotdash said in ip2location as alternative for MaxMind databases:

I think the concern the OP brings up is- what is to prevent bad actors from removing themselves from the list due to 'privacy reasons' and thereby rendering the list basically useless?

This is another very good point, and I didnt think about that until now!

@johnpoz said in ip2location as alternative for MaxMind databases:

I think the whole thing stinks of company taking a privacy law and trying to monetize it to be honest.

Agreed 10,000%

@johnpoz said in ip2location as alternative for MaxMind databases:

Seems more like they just want an excuse to get info from the people that are using their so called "free" list..

They're all doing this now. Hell even Imgur requires an account now with a freaking phone number!!! What's next?

For now I'm just gonna "disable" the cron job until this situation ghets cleaned up (possibility or entirely disabling GeoIP from pfblocker, or another GeoIP supplier is available and reliable (like OP of this thread suggested)).

EDIT: A quick look at Maxmind's terms of services for their GeoLite2 service and Privacy Policy

FEES.
The Services are made available to you free of charge. MaxMind reserves the right to stop offering the Services free of charge at any time, and charge for future updates to the Services.

Vendors and Other Parties
We may share your information with vendors and other parties for purposes of providing you with tailored advertisements, measuring and improving our Service and advertising effectiveness, and enabling other enhancements. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information.

jdeloach

@dotdash said in ip2location as alternative for MaxMind databases:

@provels said in ip2location as alternative for MaxMind databases:

1. The Maxmind key is free, so I don't get what the problem is. Use fake info and a throwaway email address.

@BBcan177 has already stated that Maxmind will not accept throwaway email addresses as a valid email address. He also stated that one probably cannot get a license if they are going through a VPN. I myself found out that I could not get a license when my ipv6 he.net account was enabled because it was hiding my real IP address. I had to disable my ipv6 account with he.net to signup for a license and then re-enable it after they issued me a license. It now works fine with ipv6 he.net enabled with the license they issued.

Aside from the fact that using fake info violates their TOS, I think the concern the OP brings up is- what is to prevent bad actors from removing themselves from the list due to 'privacy reasons' and thereby rendering the list basically useless?
My understanding is that the alternative lists he mentioned will not be removing addresses due to user requests.

I think folks just need to get over it and get the FREE license that they are offering. Who is to say that these other companies that are saying they won't comply with the California law, don't next week, next month, etc. don't start requiring users get a license to use their database. All it takes is some rich, happy go lucky, lawyer sends them a cease and desist letter stating that they have to comply with this new law or shut down.

Then look at the maintainers of these software packages having to make changes for each of the databases. If I remember, @bmeeks85, stated that Suricata will also require users to get license if they use the geoip feature in that software package. It sounded like he was going to leave it up to the users to mod the software themselves instead of him releasing a new package with this added feature for the license.

The bottom line is as I see it, just get the license if you want to use the software package or don't use the software package. The world is changing by the hour and not all for the better, life is too short to let something like this worry you.

pftdm007

A quick look at Maxmind's terms of services for their GeoLite2 service and Privacy Policy

FEES.
The Services are made available to you free of charge. MaxMind reserves the right to stop offering the Services free of charge at any time, and charge for future updates to the Services.

Vendors and Other Parties
We may share your information with vendors and other parties for purposes of providing you with tailored advertisements, measuring and improving our Service and advertising effectiveness, and enabling other enhancements. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information.

(Sorry for entering this info at two places, the forum is acting again with "Error Post content was flagged as spam by Akismet.com") Not sure why this happens but its a MAJOR PITA

jdeloach

@pftdm007 said in ip2location as alternative for MaxMind databases:

A quick look at Maxmind's terms of services for their GeoLite2 service and Privacy Policy

FEES.
The Services are made available to you free of charge. MaxMind reserves the right to stop offering the Services free of charge at any time, and charge for future updates to the Services.

Vendors and Other Parties
We may share your information with vendors and other parties for purposes of providing you with tailored advertisements, measuring and improving our Service and advertising effectiveness, and enabling other enhancements. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information.

This is pretty much standard TOS in all software. Nothing new here.

NogBadTheBad

The data is only Country & ASN anyhow isn't it?

It's not their data they have just collected it from elsewhere.

jdeloach

@NogBadTheBad said in ip2location as alternative for MaxMind databases:

The data is only Country & ASN anyhow isn't it?

It's not their data they have just collected it from elsewhere.

... and as @johnpoz has stated in numerous messages, this database is not that accurate any way. It contains numerous mistakes and will only get worse as the IPv4 address shortage continues.

provels

@jdeloach said in ip2location as alternative for MaxMind databases:

FREE

That's the keyword. Create a Gmail address, get the key, never check the email account again. It's not like pfB is phoning home...

johnpoz

This whole thing is nonsense... And while I am all for privacy - you can not take it to this level and not expect nonsense..

The part where they say they will "remove" it from their database is BS plain and simple... And their use of the IP in saying where in the world it is from from a geographic high level has zero to do with personal privacy...

You can not remove subset of a list, without removing the whole list when used in such a way...

Klingon00

@provels said in ip2location as alternative for MaxMind databases:

That's the keyword. Create a Gmail address, get the key, never check the email account again. It's not like pfB is phoning home...

Well, I did just that a couple of days ago and haven't heard anything back. Also note that they state I must use an e-mail address that includes my domain name. I don't have a domain name nor do I wish to run an e-mail service off it (if I had one) just to sign up for a free account so I can use unrelated features of pfBlocker without being nagged constantly about needing a license key.

There really needs to be a way to turn off this constant nag alert if we choose not to use MaxMind's service or at least an alternative database that we can use.

provels

@Klingon00 FWIW, I used a Hotmail.com (a domain) address, got a confirmation email, and had my key in a few minutes. Did you happen to try what I suggested earlier, to whit: "Maybe you can make up a dummy key? It's a 16 character mixed case alphanumeric. And disable the cron task so it doesn't throw authentication errors."