Re: Reliable GeoIP database

[joel () joelesler net]

100%.  We have certain things we do here at ThreatSTOP that isolate some locations based on the upstream provider 
because all of the GeoIP databases are wrong.

If we collectively understand that GeoIP is “best guess” or “best attempt” and not gospel, we’d all be better off.

— 
Joel Esler
Vice President, Security, Research, and Intelligence
ThreatSTOP

> On Feb 3, 2025, at 12:34, Dan Snyder <sliplever () gmail com> wrote:
>
> I don't feel like there is any reliable GeoIP database. The protocol wasn't designed for this and thus there is a lot 
> of false information presented about where IP addresses are located. 
>
> On Mon, Feb 3, 2025 at 10:28 AM Dmitriy A. <dak () prospectone io <mailto:dak () prospectone io>> wrote:
> > We've been dealing with geoip issues for quite a while and this is what we came up with, maybe it would be useful 
> > for you https://github.com/jsdelivr/globalping/blob/master/docs/geoip.md
> >
> > But we're also in progress of updating the logic to include latency as an additional parameter.
> >
> > On Mon, Feb 3, 2025, 12:20 Scott Q. <qmail () top-consulting net <mailto:qmail () top-consulting net>> wrote:
> > > What are you guys using as a reliable GeoIP database ? I've tried Maxmind and a few others, also checking against 
> > > ARIN but there's tons of differences.
> > >
> > > For example: 1.2.9.0/24 <http://1.2.9.0/24> . ARIN says it belongs to China Telecom but others say it's part of 
> > > Russia: https://ipregistry.co/1.2.9.0 
> > >
> > > How to handle such cases ?
> > >
> > > Thanks!
> > > Scott​​