Re: location db mismatch

["Peter Müller" <peter.mueller@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2395 bytes --]

Hello nusenu,

> Maybe something I'll try to understand further: how can I easily determine if some information
> is provided due to a manual override vs. the raw WHOIS information? And if it was a manual override:
> What information did trigger that manual override? 

unfortunately, there is no way of telling from the location database itself, since it does not contain
the source (RIR, ISP geofeed, override, etc.) of a dataset due to space reasons.

However, manual overrides are always handed in as patches on this mailing list. If they are accepted,
you will find them in the location-database Git repository (https://git.ipfire.org/?p=location/location-database.git;a=summary).
Also, Patchwork (https://patchwork.ipfire.org/project/location/list/) tracks them, so it should be at
least transparent which overrides were in place in a given timespan.

Today, I am the only person creating them, but would really love to see other people becoming active
in this topic as well. Triggers for overrides are usually abusive or security-related activities I
observe somewhere else, feedback from the IPFire community, or mentions at other mailing lists. As soon
as I suspect such a network to have inaccurate or deliberately false country information set, I take
a mental note of it.

Should an investigation confirm this, I create an override. Unless it is something urgent, I batch
them on a (more or less) weekly basis, and send them to this mailing list.

> btw: I'm surprised that you read individual provider company websites to determine and manually override the
> location of individual ASNs or prefixes of a given AS, I didn't expect that to be feasible

Indeed, this is probably not feasible at a large scale, and I don't do this preemptively, only if
a network arises my suspicion. To the best of my knowledge, IPFire Location is less inaccurate -
I won't claim we're "more accurate", since defining accuracy is tricky here - than its freely available
competitors. At least that's the decision the Tor project came to.

However, I would love to see other people becoming active in this, especially with knowledge of
parts of the world I lack oversight of. A "best-effort" approach is completely fine to me, and IMHO
better than anything else we've currently got.

Hope to have your question answered.

Thanks, and best regards,
Peter Müller