Incorrect GeoIP entry in pfB_Top_v4

pfBlockerNG
Log in to reply
  • D

    Hi all,

    I'm new to this forum and may be posting in the wrong place, but I've discovered an incorrect IP address in the GeoIP country blocks for pfBlockerNG. Specifically, the IPv4 entries for "India (1269750) IN_rep (343)" contains 34.225.144.0/24, which is actually located in the United States. Unless I'm missing something very rudimentary, this IP range should NOT be listed under India. I've spent the better part of the evening attempting to locate and identify this error and I've temporarily whitelisted the IP range on my own router in order to continue blocking India from our mail server. What is the proper procedure to report something like this, and to whom? Any help in pointing me to the right source would be greatly appreciated.

    On a side note, the more I learn the intricacies of pfSense and it's wonderful packages, the more impressed I become with its functionality. Keep up the great work!!

    David

    0
  • BBcan177
    Moderator

    @djanakes said in Incorrect GeoIP entry in pfB_Top_v4:

    34.225.144.0

    Thanks for the feedback.

    Please review the MaxMind website which will provide some more information on what "Represented Country" means:
    https://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/

    Country, Registered Country, and Represented Country
    We now distinguish between several types of country data. The country is the country where the IP address is located. The registered_country is the country in which the IP is registered. These two may differ in some cases.

    Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses.

    head -1 /usr/local/share/GeoIP/GeoLite2-Country-Blocks-IPv4.csv
network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider```java
code

    grep "34.225.144.0/24" /usr/local/share/GeoIP/*

    /usr/local/share/GeoIP/GeoLite2-Country-Blocks-IPv4.csv:34.225.144.0/24,6252001,1269750,,0,0
    0
  • D

    Thank you very much for the quick reply. I hadn't considered the consequences of blocking India vs India_Rep.

    It turns out that entire subnet is controlled by Cisco and several of our Texas state counties are assigned IPs in that range. Since this "problem" only began after July 2nd (the last time they were able to connect to our mail server using that same IP), we assumed it was entered by mistake.

    I've informed our customer and they will get with Cisco to determine a resolution, as it seems they're also now being blocked by other mail servers as well as their hosted helpdesk app is failing. All of these problems began sometime after July 2nd, which is when I assume the IP was entered into the India_Rep database.

    Thanks again for your assistance!

    David

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy