Solved

Geolocation accuracy for Microsoft O365  IP addresses

Posted on 2014-11-01
3
165 Views
Last Modified: 2015-05-08
HI All,

Question:

How accurate are Geolocation tools, I don't need them to be accurate to the last millimeter, I just need to make sure they are in the right continent at the very least.  I ask this because I understand that sometimes the owner of the block of IP's may be in (as an example) Microsoft USA but the IP's may be physically in the UK. Will this confuse the Geolocation tool into thinking they are in fact physically located and being used in the US ??

Some background of why I'm asking this question

I have the most laborious task of classifying and sorting out our "what's up gold" monitoring system in relation to our O365 traffic. The netflow module allows you to classify traffic (it has to be the worst implementation of this feature I have seen on any monitoring system).

You can only put one port per subnet which means multiple instances of the same port pointing to multiple subnets which is a really backward way of doing things. Now you can imagine how many O365 addresses there are which makes this an excruciating task especially when I have to show which Region the IP's are which just triples the work...

thanks
T4K
0
Comment
Question by:Thirst4Knowledge
3 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
all geolocation services use the address block of the ip, determine its owner's ARIN record and use that for the location that is about the limit using the limited information available.
0
 

Author Comment

by:Thirst4Knowledge
Comment Utility
when we request IP's address spaces in EMEA (RIPE)we have to put down where they will be used (Country & City with postal code) or the application will not be accepted is this not the same for ARIN?
0
 
LVL 23

Accepted Solution

by:
Dr. Klahn earned 500 total points
Comment Utility
... sometimes the owner of the block of IP's may be in (as an example) Microsoft USA but the IP's may be physically in the UK.

It's an uncommon case but does happen.  I have a few such address blocks locked out on my site.  I discovered it by accident when chasing down some problem site scrapers.  They were registered in the US but traceroute proved them to be Asia.  Going back and looking at the whois location today for those addresses, I see that they are now correctly shown to be in China.

In general I've found geolocation as implemented in the linux iptables geoip module to be over 99% accurate.  A bigger problem IMO, if you are enforcing a "to the nearest continent" policy, is the huge number of proxies and VPN servers that can make anyone appear to be coming from anywhere.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Trying to make SNMP connection work 7 39
Printer Settings 3 58
Firewall port opening 2 17
mini spy rotating camera 3 8
Resolve DNS query failed errors for Exchange
I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now