In July 2025, the Akira ransomware gang hit organizations running SonicWall firewalls. Within hours of breaching SSL VPN, attackers pivoted to domain controllers, disabled security tools, and deployed ransomware. The average ransom demand jumped 104% to $958,000.
SonicWall’s remediation advice? “Enable Botnet Protection and Geo-IP Filtering.” But geo-blocking only works if the underlying IP data is accurate. When a Russian threat actor routes through a VPN exit node or submits malicious geofeed data that your geolocation database incorrectly places in Germany, your country block does nothing.
At IPinfo, we built IPinfo Lite because firewall software deserves better data.
When Geo-Blocking Fails: Stories from the Trenches
SonicWall: Correct config, wrong data. A TZ370 administrator confirmed an IP was from a sanctioned country via ARIN WHOIS. The firewall agreed. Traffic still got through. The community response: “I see that too. My guess is there are some IP-ranges tied to the wrong country in the firewall.”
OPNsense: Mail server wide open. A user filed a GitHub issue: “I am constantly seeing mail server connections from RU/CN and other countries I have set to be blocked still reaching my internal network.” Their solution? Request support for an alternative geolocation provider.
Firewalla: The vendor admits it. Firewalla’s official docs warn: “IP addresses may not always be accurate so we advise you to block as few countries as possible.” The firewall vendor is telling users their own geo-blocking feature has accuracy limitations.
Check Point: Attackers just switch countries. An administrator watched an attacker try Russian IPs, cycle through several countries, then land on one that was not on the block list. Sophisticated attackers do not just use VPNs. They exploit geolocation database inaccuracies. If your database thinks a Russian hosting provider’s IP block is in Germany, attackers use that infrastructure without any VPN at all.
The Hidden Risk in Firewall Data
The IP geolocation industry relies on self-reported, unverifiable data from ASNs and network operators. An adversary blocked from a sanctioned country can simply request their data reassigned to an allowed region, which IP geolocation data companies will pick up. Firewall rules become ineffective.
Most firewall vendors use free geolocation databases with intentional accuracy gaps, designed to push users toward paid tiers. Enterprise vendors pay up to $5,000+/year just for redistribution rights for “free” data.
MaxMind themselves acknowledge they cannot guarantee accuracy. One Cloudflare community user waited over six months for a correction. Another waited nearly two years. For firewall administrators, that is unacceptable.
IPinfo maintains a dedicated corrections process to address accuracy issues promptly.
How IPinfo Lite Is Different
| Challenge | Problem | IPinfo Lite |
|---|---|---|
| Data Quality | Self-reported data, easily manipulated. Free databases have intentional gaps. | Evidence-based data from 1,300+ active measurement servers. Daily updates. |
| Licensing | MaxMind charges $5,000+/year for redistribution. BYOL complexity. | CC-BY-SA 4.0, no EULA. Free commercial use. Unlimited redistribution. Attribution only. |
| Integration | Rate-limited APIs. Limited batch processing. | Unlimited API. Batch enrichment of 1,000 IPs at a time. |
| Support | No direct data provider contact. | Active in forums. Direct response to accuracy issues. |
Accuracy. Traditional IP geolocation is trust-based. IPinfo Lite is evidence-based. We operate 1,300+ active measurement servers across 500+ cities and process 70 streams of location hints. Our IP to Country data is built on extensive active measurement methodology. Our ASN information is based on BGP announcements – direct evidence, not registry claims.
Most geolocation companies offer a free, accuracy-compromised database while selling a premium version. We do not. IPinfo Lite is our premium data that happens to be free. Our “free” IP to Country and ASN data is superior to any paid alternative available in the market.
Licensing. MaxMind’s free product restricts redistribution. Commercial or open-source firewalls using it trigger BYOL requirements. Their redistribution license costs $5,000+/year for the free database, $20,000-$40,000 for premium.
IPinfo Lite is CC-BY-SA 4.0 with no EULA. Redistribute freely. Embed in your product. Share tokens. The only requirement is attribution. We require it for accountability – if our data causes a geo-blocking failure, we want impacted users to contact us directly.
Integration. We provide data in MMDB, CSV, JSON, and Parquet. Available in Snowflake and GCP. You do not even have to distribute the data; end users can download the database from our URI endpoint using your platform-specific token. The IPinfo Lite API handles billions of requests with no rate limiting. Choose a database or an API. Both are production-ready.
Support. We are active on every forum where firewall data is discussed: SonicWall, OPNsense, Fortinet, and security communities. We respond to accuracy issues before other users or platforms even weigh in.
We believe Developer Relations means being the “Account Manager for all Developers and Users.” When a platform adopts our data, we introduce ourselves in their forums and make it transparent that we are accountable for the data.
Geo-blocking and ASN-based security controls only work when the underlying data is accurate. IPinfo Lite delivers evidence-based accuracy that outperforms paid alternatives, zero licensing friction, unlimited redistribution, and direct accountability. Your customers get security controls that actually work. Contact our team to explore integration and partnership opportunities.