On 16.11.23 16:56, Paul Kudla wrote:
the ip that triggered all this says it is allocated from NL (Neatherlands) but physicaly exists in Hawii ?
As someone working for a LIR, let me clarify a couple things:
IPs get assigned to organizations. The registered contacts may well be that organization's main offices on one continent while the hardware actually using those addresses is located someplace different - and the users whose traffic gets its public IP from that hardware could well be in a third.
If we were also an upstream provider operating in several nations, we would not be obliged to use separate IP ranges for (the customers in) different nations, or to register such information with the RIR, much less making it public.
One of our customers uses the services of ZScaler to access the Internet, and thus a service where we maintain a whitelist of client IPs that may connect. Every now and then, "their" IPs will change from, e.g., a range assigned to "ZScaler Düsseldorf", to one designated "ZScaler Zürich", to "ZScaler Frankfurt", etc., while our actual customer doesn't move more than whatever amount the keycaps on his keyboard need to travel.
Having that said, there are people trying to *second guess* the actual location behind an IP address, from Google (ever wondered why, when you open Google Maps, it usually *happens* to show the place you're in?) to https://www.maxmind.com/en/solutions/ip-geolocation-databases-api-services to hobbyists, and there are software frameworks to make services geofenced or location aware (e.g., there are packages "GeoIP" and "plasma-workspace-geolocation" installed on my laptop apparently right off the bat). And yes, there might easily be no info for an IP you look up, or some that's plain wrong.
And *then* there are things like Anycast or BGP hijacking or VPN services to obscure one's origin or ...
Kind regards,
Jochen Bern Systemingenieur
Binect GmbH