[SR-Users] Using GeoIP2 AS Lookup?

Mark Boyce mark at darkorigins.com
Mon Jul 27 10:45:47 CEST 2020


Hi

I only have ubuntu to hand.  The latest v20.04 still seems to include a country db version, although it’s from Dec 2019.

Completely agree on security, and still wondering how much admin overhead maintaining it is.

At the moment I’m thinking of layering it like this;

- Fixed IP
- Dynamic IP but Fixed ISP (AS)
- Mobile but Fixed/Limited Country
- Mobile no restrictions

Also playing with matching User-Agent from headers against a list of RegEx’s to verify that the endpoint is the make/model expected.  


GeoIP Module - Great.  I’ll have a look at module source and try to document what’s involved.


Cheers
Mark

> On 27 Jul 2020, at 09:14, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> 
> Hello,
> 
> indeed, I noticed a while ago MaxMind requires registration to fetch the
> latest database, from that point I was still using a local copy of an
> older version for testing. Are the major Linux distros still shipping it?
> 
> I can add lookup of AS to the module -- it would be appreciated and
> speed up things if you can give some references/links to the API/library
> docs for it.
> 
> As for how much security it can bring, as always, it depends. If you
> have only fixed lines customers, then it can be an extra check. But if
> the people can use mobile apps, they can go in parks, or public places
> and use mobile carriers or public wifi networks. Also, I encountered
> situations when people do vpn from their mobile and show up as coming
> from another country, a matter where the vpn server is located.
> 
> In general, the more restrictions you can set for end point locations,
> the better. Still, they can be compromised even if they are inside a
> known isp network...
> 
> Cheers,
> Daniel
> 
> On 23.07.20 12:18, Mark Boyce wrote:
>> Hi all
>> 
>> Just looking at the latest GeoIP2 MaxMind databases (now requires registration, but still free) and noticed that they also include the AS (ISP) lookup one in the free offering.
>> 
>> Wondering if this is another way to facilitate better security for users on dynamic IP. Typically working from home these days.
>> 
>> So, rather than just limiting an end device to a country we could limit it to a particular ISP within that country.
>> 
>> Has anyone tried this? Have I missed a reason why this wouldn’t help?  Admin overhead not worth it?
>> 
>> Thoughts?
>> 
>> Best regards
>> Mark
>> -- 
>> Mark Boyce
>> Dark Origins Ltd
>> 
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
> 


-- 
Mark Boyce
Dark Origins Ltd
e: mark at darkorigins.com <mailto:mark at darkorigins.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200727/c806b0b9/attachment.htm>


More information about the sr-users mailing list