Brazil and geofencing
Hi all--I've tried to work through this with firewalla support and haven't made any progress. I blocked flows to/from brazil as part of my geofencing. In the last few months, firewalla has started identifying flows as coming from Brazil. Unfortunately, these are legitimate flows that aren't in Brazil. The common theme as far as I can tell is they start with 13.xx.xxx.xxx. Most seem to be related to AWS/content delivery stuff. Here's a benign example but others have included all flows to ESPN, the economist, zillow etc. The example below shows the ip address in firewalla as originating from brazil. IPlocation.net shows it's from the boston area. That sight also shows geolocation data from a bunch of other services which confirm Boston. Interestingly, only one shows it being from Brazil (db-ip.com). Anyone else having any issues like this? I suspect firewalla, in my case, is getting their geolocation data from a crappy service. Thoughts?
-
First, IP geolocation will never be perfectly accurate. The reason is, IP moves around and at times, IP may become something called anycast, which can be anywhere in the world. (as part of the CDN). We do update IP locations as they change, but that frequency may not be perfect align as well.
Please sign in to leave a comment.
Comments
1 comment