[Data improvement request] Do not blindly accept geofeed data for datacenter IP ranges

General Requests & Feedback
1

Summary

Because traceroute and whois POC derived data can be inaccurate, geofeeds provided in whois override other sources of information based data sources for location identification.

However, this is abused by datacenter IP range operators to obfuscate the location where they are physically present. Therefore, I request that IPinfo should not blindly accept the geofeed data for datacenter IP ranges and should verify that the traceroute derived data matches the general country unless the IP range is anycasted as well.

Data points

Consider the range 91.212.100.0/24 owned by Rapid seedbox. The whois data takes us to the following geofeed: https://geofeed.rapidseedbox.com/geofeed.csv, which claims said IP range is in Seattle.

However, if I traceroute an IP from this range in Germany, I can reach it in ~7ms, which seems suspiciously low for something that should be located in the west coast:

$ sudo traceroute -Tp 443 91.212.100.92
traceroute to 91.212.100.92 (91.212.100.92), 30 hops max, 60 byte packets
 1  62.113.XX.XX (62.113.XX.XX)  0.689 ms  0.569 ms  0.648 ms
 2  ae2-0.bb01.fra01.net.23m.com (62.113.192.89)  0.898 ms  0.830 ms ae1-0.bb01.fra01.net.23m.com (62.113.192.67)  0.369 ms
 3  ae0-0.er01.fra03.net.23m.com (62.113.192.73)  0.415 ms ae1-0.er01.fra03.net.23m.com (62.113.192.91)  0.365 ms  0.607 ms
 4  et-1-0-0.bb04.ams-01.leaseweb.net (80.249.209.215)  6.702 ms  6.723 ms  6.648 ms
 5  * * *
 6  * * *
 7  brand-other.greatoxen.org (91.212.100.92)  6.645 ms  6.570 ms  6.547 ms

Based on the traceroute data, this is likely to be in France or Amsterdam.

2

Thank you very much for posting the article. I really appreciate it! Great work on investigating the range.

We used a bunch of hints on location, and I can see that your hunch is right. One of the location hints is saying that this IP address is located in Amsterdam but it was overridden by WHOIS and Geofeed data.

I have submitted a correction myself: Incorrect IP Geolocation data update - IPinfo.io

Again really appreciate you looking out for us.

3

Thanks for getting back on this so quickly!

I was a little reluctant to use that form as it doesn’t have the ability to provide comments, and the rapid Rapid Seedbox ASN and other similarly misleading geofeeds need to be fixed up through the process improvement described above.

4

I am very glad that you created a post. There are a lot of these ASNs, and we need to have open discussions about them. This is a critical issue that is plaguing the entire industry.