Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

Geolocation accuracy for Microsoft O365 IP addresses

HI All,

Question:

How accurate are Geolocation tools, I don't need them to be accurate to the last millimeter, I just need to make sure they are in the right continent at the very least.  I ask this because I understand that sometimes the owner of the block of IP's may be in (as an example) Microsoft USA but the IP's may be physically in the UK. Will this confuse the Geolocation tool into thinking they are in fact physically located and being used in the US ??

Some background of why I'm asking this question

I have the most laborious task of classifying and sorting out our "what's up gold" monitoring system in relation to our O365 traffic. The netflow module allows you to classify traffic (it has to be the worst implementation of this feature I have seen on any monitoring system).

You can only put one port per subnet which means multiple instances of the same port pointing to multiple subnets which is a really backward way of doing things. Now you can imagine how many O365 addresses there are which makes this an excruciating task especially when I have to show which Region the IP's are which just triples the work...

thanks
T4K
0
Thirst4Knowledge
Asked:
Thirst4Knowledge
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
all geolocation services use the address block of the ip, determine its owner's ARIN record and use that for the location that is about the limit using the limited information available.
0
 
Thirst4KnowledgeAuthor Commented:
when we request IP's address spaces in EMEA (RIPE)we have to put down where they will be used (Country & City with postal code) or the application will not be accepted is this not the same for ARIN?
0
 
Dr. KlahnPrincipal Software EngineerCommented:
... sometimes the owner of the block of IP's may be in (as an example) Microsoft USA but the IP's may be physically in the UK.

It's an uncommon case but does happen.  I have a few such address blocks locked out on my site.  I discovered it by accident when chasing down some problem site scrapers.  They were registered in the US but traceroute proved them to be Asia.  Going back and looking at the whois location today for those addresses, I see that they are now correctly shown to be in China.

In general I've found geolocation as implemented in the linux iptables geoip module to be over 99% accurate.  A bigger problem IMO, if you are enforcing a "to the nearest continent" policy, is the huge number of proxies and VPN servers that can make anyone appear to be coming from anywhere.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now